From 847b661748c68204d9c4e604a37665ad1a0876d5 Mon Sep 17 00:00:00 2001 From: Ionut Ilie Date: Thu, 9 Nov 2023 18:18:30 +0200 Subject: [PATCH 01/10] chore: update to deployment Signed-off-by: Ionut Ilie --- .../filebrowser/{filebrowser-sts.yaml => deployment.yaml} | 3 +-- ak1pro/base/filebrowser/kustomization.yaml | 6 +++--- .../base/filebrowser/{filebrowser-svc.yaml => service.yaml} | 2 +- ak1pro/base/homarr/{homarr-sts.yaml => deployment.yaml} | 3 +-- ak1pro/base/homarr/kustomization.yaml | 6 +++--- ak1pro/base/homarr/{homarr-svc.yaml => service.yaml} | 2 +- 6 files changed, 10 insertions(+), 12 deletions(-) rename ak1pro/base/filebrowser/{filebrowser-sts.yaml => deployment.yaml} (96%) rename ak1pro/base/filebrowser/{filebrowser-svc.yaml => service.yaml} (90%) rename ak1pro/base/homarr/{homarr-sts.yaml => deployment.yaml} (96%) rename ak1pro/base/homarr/{homarr-svc.yaml => service.yaml} (90%) diff --git a/ak1pro/base/filebrowser/filebrowser-sts.yaml b/ak1pro/base/filebrowser/deployment.yaml similarity index 96% rename from ak1pro/base/filebrowser/filebrowser-sts.yaml rename to ak1pro/base/filebrowser/deployment.yaml index e5964a7..b62685a 100644 --- a/ak1pro/base/filebrowser/filebrowser-sts.yaml +++ b/ak1pro/base/filebrowser/deployment.yaml @@ -1,9 +1,8 @@ apiVersion: apps/v1 -kind: StatefulSet +kind: Deployment metadata: name: filebrowser spec: - serviceName: filebrowser replicas: 1 selector: matchLabels: diff --git a/ak1pro/base/filebrowser/kustomization.yaml b/ak1pro/base/filebrowser/kustomization.yaml index f620f12..480c608 100644 --- a/ak1pro/base/filebrowser/kustomization.yaml +++ b/ak1pro/base/filebrowser/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: prod +namespace: staging labels: - includeSelectors: true @@ -8,5 +8,5 @@ labels: app.kubernetes.io/name: filebrowser resources: - - filebrowser-sts.yaml - - filebrowser-svc.yaml + - deployment.yaml + - service.yaml diff --git a/ak1pro/base/filebrowser/filebrowser-svc.yaml b/ak1pro/base/filebrowser/service.yaml similarity index 90% rename from ak1pro/base/filebrowser/filebrowser-svc.yaml rename to ak1pro/base/filebrowser/service.yaml index 906d138..823ac84 100644 --- a/ak1pro/base/filebrowser/filebrowser-svc.yaml +++ b/ak1pro/base/filebrowser/service.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: filebrowser spec: - type: LoadBalancer + type: ClusterIP selector: app.kubernetes.io/name: filebrowser ports: diff --git a/ak1pro/base/homarr/homarr-sts.yaml b/ak1pro/base/homarr/deployment.yaml similarity index 96% rename from ak1pro/base/homarr/homarr-sts.yaml rename to ak1pro/base/homarr/deployment.yaml index c5945f0..96be53c 100644 --- a/ak1pro/base/homarr/homarr-sts.yaml +++ b/ak1pro/base/homarr/deployment.yaml @@ -1,9 +1,8 @@ apiVersion: apps/v1 -kind: StatefulSet +kind: Deployment metadata: name: homarr spec: - serviceName: homarr replicas: 1 selector: matchLabels: diff --git a/ak1pro/base/homarr/kustomization.yaml b/ak1pro/base/homarr/kustomization.yaml index 30822ca..d10b0d4 100644 --- a/ak1pro/base/homarr/kustomization.yaml +++ b/ak1pro/base/homarr/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: prod +namespace: staging labels: - includeSelectors: true @@ -8,5 +8,5 @@ labels: app.kubernetes.io/name: homarr resources: - - homarr-sts.yaml - - homarr-svc.yaml + - deployment.yaml + - service.yaml diff --git a/ak1pro/base/homarr/homarr-svc.yaml b/ak1pro/base/homarr/service.yaml similarity index 90% rename from ak1pro/base/homarr/homarr-svc.yaml rename to ak1pro/base/homarr/service.yaml index 25d60bf..d2c1741 100644 --- a/ak1pro/base/homarr/homarr-svc.yaml +++ b/ak1pro/base/homarr/service.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: homarr spec: - type: LoadBalancer + type: ClusterIP selector: app.kubernetes.io/name: homarr ports: From da2bd3cf83b1e61b8f1ff440ed2a501ab81af3c4 Mon Sep 17 00:00:00 2001 From: Ionut Ilie Date: Thu, 9 Nov 2023 18:22:38 +0200 Subject: [PATCH 02/10] chore: update sts Signed-off-by: Ionut Ilie --- ak1pro/base/jellyfin/kustomization.yaml | 4 +-- .../{jellyfin-svc.yaml => service.yaml} | 3 +- .../{jellyfin-sts.yaml => statefulSet.yaml} | 1 + ak1pro/base/qbittorrent/kustomization.yaml | 6 ++-- .../{qbittorrent-svc.yaml => service.yaml} | 4 +-- ...{qbittorrent-sts.yaml => statefulSet.yaml} | 1 - ak1pro/prod/jellyfin/kustomization.yaml | 28 ++++++++++--------- ak1pro/prod/qbittorrent/kustomization.yaml | 28 ++++++++++--------- ak1pro/staging/jellyfin/kustomization.yaml | 28 ++++++++++--------- ak1pro/staging/qbittorrent/kustomization.yaml | 28 ++++++++++--------- 10 files changed, 68 insertions(+), 63 deletions(-) rename ak1pro/base/jellyfin/{jellyfin-svc.yaml => service.yaml} (87%) rename ak1pro/base/jellyfin/{jellyfin-sts.yaml => statefulSet.yaml} (98%) rename ak1pro/base/qbittorrent/{qbittorrent-svc.yaml => service.yaml} (82%) rename ak1pro/base/qbittorrent/{qbittorrent-sts.yaml => statefulSet.yaml} (98%) diff --git a/ak1pro/base/jellyfin/kustomization.yaml b/ak1pro/base/jellyfin/kustomization.yaml index 1d87e26..6f6d19f 100644 --- a/ak1pro/base/jellyfin/kustomization.yaml +++ b/ak1pro/base/jellyfin/kustomization.yaml @@ -8,5 +8,5 @@ labels: app.kubernetes.io/name: jellyfin resources: - - jellyfin-sts.yaml - - jellyfin-svc.yaml + - statefulSet.yaml + - service.yaml diff --git a/ak1pro/base/jellyfin/jellyfin-svc.yaml b/ak1pro/base/jellyfin/service.yaml similarity index 87% rename from ak1pro/base/jellyfin/jellyfin-svc.yaml rename to ak1pro/base/jellyfin/service.yaml index 69f2358..6a80e8e 100644 --- a/ak1pro/base/jellyfin/jellyfin-svc.yaml +++ b/ak1pro/base/jellyfin/service.yaml @@ -4,8 +4,7 @@ metadata: name: jellyfin namespace: staging spec: - type: LoadBalancer - loadBalancerIP: 192.168.100.146 + type: ClusterIP selector: app.kubernetes.io/name: jellyfin ports: diff --git a/ak1pro/base/jellyfin/jellyfin-sts.yaml b/ak1pro/base/jellyfin/statefulSet.yaml similarity index 98% rename from ak1pro/base/jellyfin/jellyfin-sts.yaml rename to ak1pro/base/jellyfin/statefulSet.yaml index fa059fc..0cfb2a3 100644 --- a/ak1pro/base/jellyfin/jellyfin-sts.yaml +++ b/ak1pro/base/jellyfin/statefulSet.yaml @@ -20,6 +20,7 @@ spec: containers: - name: jellyfin image: jellyfin/jellyfin:latest + imagePullPolicy: Always env: - name: TZ value: "Europe/Bucharest" diff --git a/ak1pro/base/qbittorrent/kustomization.yaml b/ak1pro/base/qbittorrent/kustomization.yaml index 74fdfa3..3c4d29a 100644 --- a/ak1pro/base/qbittorrent/kustomization.yaml +++ b/ak1pro/base/qbittorrent/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: prod +namespace: staging labels: - includeSelectors: true @@ -8,5 +8,5 @@ labels: app.kubernetes.io/name: qbittorrent resources: - - qbittorrent-sts.yaml - - qbittorrent-svc.yaml + - statefulSet.yaml + - service.yaml diff --git a/ak1pro/base/qbittorrent/qbittorrent-svc.yaml b/ak1pro/base/qbittorrent/service.yaml similarity index 82% rename from ak1pro/base/qbittorrent/qbittorrent-svc.yaml rename to ak1pro/base/qbittorrent/service.yaml index 112b4db..e9bcc80 100644 --- a/ak1pro/base/qbittorrent/qbittorrent-svc.yaml +++ b/ak1pro/base/qbittorrent/service.yaml @@ -2,10 +2,8 @@ apiVersion: v1 kind: Service metadata: name: qbittorrent - namespace: staging spec: - type: LoadBalancer - # loadBalancerIP: 192.168.100.145 + type: ClusterIP selector: app.kubernetes.io/name: qbittorrent ports: diff --git a/ak1pro/base/qbittorrent/qbittorrent-sts.yaml b/ak1pro/base/qbittorrent/statefulSet.yaml similarity index 98% rename from ak1pro/base/qbittorrent/qbittorrent-sts.yaml rename to ak1pro/base/qbittorrent/statefulSet.yaml index 8424b24..b1da17c 100644 --- a/ak1pro/base/qbittorrent/qbittorrent-sts.yaml +++ b/ak1pro/base/qbittorrent/statefulSet.yaml @@ -2,7 +2,6 @@ apiVersion: apps/v1 kind: StatefulSet metadata: name: qbittorrent - namespace: staging spec: serviceName: qbittorrent replicas: 1 diff --git a/ak1pro/prod/jellyfin/kustomization.yaml b/ak1pro/prod/jellyfin/kustomization.yaml index 368425c..c283531 100644 --- a/ak1pro/prod/jellyfin/kustomization.yaml +++ b/ak1pro/prod/jellyfin/kustomization.yaml @@ -2,6 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: prod +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/name: jellyfin images: - name: jellyfin/jellyfin @@ -15,16 +19,14 @@ patches: - path: sts-patch.yaml target: kind: StatefulSet - - patch: |- - - op: add - path: /spec/loadBalancerIP - value: 192.168.100.210 - target: - kind: Service - name: jellyfin - version: v1 - -labels: - - includeSelectors: true - pairs: - app.kubernetes.io/name: jellyfin + # - patch: |- + # - op: replace + # path: /spec/type + # value: LoadBalancer + # - op: add + # path: /spec/loadBalancerIP + # value: 192.168.100.210 + # target: + # kind: Service + # name: jellyfin + # version: v1 diff --git a/ak1pro/prod/qbittorrent/kustomization.yaml b/ak1pro/prod/qbittorrent/kustomization.yaml index 3b45f37..7eff93c 100644 --- a/ak1pro/prod/qbittorrent/kustomization.yaml +++ b/ak1pro/prod/qbittorrent/kustomization.yaml @@ -2,6 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: prod +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/name: qbittorrent images: - name: linuxserver/qbittorrent @@ -15,16 +19,14 @@ patches: - path: sts-patch.yaml target: kind: StatefulSet - - patch: |- - - op: add - path: /spec/loadBalancerIP - value: 192.168.100.211 - target: - kind: Service - name: qbittorrent - version: v1 - -labels: - - includeSelectors: true - pairs: - app.kubernetes.io/name: qbittorrent + # - patch: |- + # - op: replace + # path: /spec/type + # value: LoadBalancer + # - op: add + # path: /spec/loadBalancerIP + # value: 192.168.100.211 + # target: + # kind: Service + # name: qbittorrent + # version: v1 diff --git a/ak1pro/staging/jellyfin/kustomization.yaml b/ak1pro/staging/jellyfin/kustomization.yaml index d65c9e6..4827e67 100644 --- a/ak1pro/staging/jellyfin/kustomization.yaml +++ b/ak1pro/staging/jellyfin/kustomization.yaml @@ -2,6 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: staging +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/name: jellyfin images: - name: jellyfin/jellyfin @@ -15,16 +19,14 @@ patches: - path: sts-patch.yaml target: kind: StatefulSet - - patch: |- - - op: add - path: /spec/loadBalancerIP - value: 192.168.100.212 - target: - kind: Service - name: jellyfin - version: v1 - -labels: - - includeSelectors: true - pairs: - app.kubernetes.io/name: jellyfin + # - patch: |- + # - op: replace + # path: /spec/type + # value: LoadBalancer + # - op: add + # path: /spec/loadBalancerIP + # value: 192.168.100.212 + # target: + # kind: Service + # name: jellyfin + # version: v1 diff --git a/ak1pro/staging/qbittorrent/kustomization.yaml b/ak1pro/staging/qbittorrent/kustomization.yaml index 06efd47..c5e41d4 100644 --- a/ak1pro/staging/qbittorrent/kustomization.yaml +++ b/ak1pro/staging/qbittorrent/kustomization.yaml @@ -2,6 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: staging +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/name: qbittorrent images: - name: linuxserver/qbittorrent @@ -15,16 +19,14 @@ patches: - path: sts-patch.yaml target: kind: StatefulSet - - patch: |- - - op: add - path: /spec/loadBalancerIP - value: 192.168.100.213 - target: - kind: Service - name: qbittorrent - version: v1 - -labels: - - includeSelectors: true - pairs: - app.kubernetes.io/name: qbittorrent + # - patch: |- + # - op: add + # path: /spec/loadBalancerIP + # value: 192.168.100.213 + # - op: replace + # path: /spec/type + # value: LoadBalancer + # target: + # kind: Service + # name: qbittorrent + # version: v1 From 7e16593b3bb1baab4cd4a8b876dda68561b998a4 Mon Sep 17 00:00:00 2001 From: Ionut Ilie Date: Thu, 9 Nov 2023 18:25:29 +0200 Subject: [PATCH 03/10] chore: update to gateway.networking.k8s.io/v1 Signed-off-by: Ionut Ilie --- ak1pro/base/envoy-iap/http-routing.yaml | 2 +- ak1pro/kube-public/gateway.yaml | 2 +- ak1pro/kube-public/httproutes.yaml | 2 +- .../kubernetes-dashboard/k8s-dash-httproute.yaml | 16 +--------------- ak1pro/prod/httproutes.yaml | 10 +++++----- ak1pro/staging/httproutes.yaml | 6 +++--- 6 files changed, 12 insertions(+), 26 deletions(-) diff --git a/ak1pro/base/envoy-iap/http-routing.yaml b/ak1pro/base/envoy-iap/http-routing.yaml index 826a7ce..cd32afa 100644 --- a/ak1pro/base/envoy-iap/http-routing.yaml +++ b/ak1pro/base/envoy-iap/http-routing.yaml @@ -13,7 +13,7 @@ spec: port: 80 targetPort: 8080 --- -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: httpbin-staging diff --git a/ak1pro/kube-public/gateway.yaml b/ak1pro/kube-public/gateway.yaml index c9f422f..cbb5230 100644 --- a/ak1pro/kube-public/gateway.yaml +++ b/ak1pro/kube-public/gateway.yaml @@ -6,7 +6,7 @@ metadata: spec: controllerName: gateway.envoyproxy.io/gatewayclass-controller --- -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: envoy-gateway diff --git a/ak1pro/kube-public/httproutes.yaml b/ak1pro/kube-public/httproutes.yaml index 6864885..0d2d4d1 100644 --- a/ak1pro/kube-public/httproutes.yaml +++ b/ak1pro/kube-public/httproutes.yaml @@ -1,7 +1,7 @@ # This route functions correctly when created in either # the production (prod) and staging (staging) namespaces, # but it does not work when created in the kube-public namespace. -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: tls-redirect diff --git a/ak1pro/microk8s-config/kubernetes-dashboard/k8s-dash-httproute.yaml b/ak1pro/microk8s-config/kubernetes-dashboard/k8s-dash-httproute.yaml index d297555..fe3e336 100644 --- a/ak1pro/microk8s-config/kubernetes-dashboard/k8s-dash-httproute.yaml +++ b/ak1pro/microk8s-config/kubernetes-dashboard/k8s-dash-httproute.yaml @@ -1,4 +1,4 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: kubernetes-dashboard @@ -19,17 +19,3 @@ spec: backendRefs: - name: kubernetes-dashboard port: 80 -# --- -# apiVersion: v1 -# kind: Service -# metadata: -# namespace: kube-system -# name: kubernetes-dashboard-http -# spec: -# type: ClusterIP -# selector: -# k8s-app: kubernetes-dashboard -# ports: -# - protocol: TCP -# port: 80 -# targetPort: 9090 diff --git a/ak1pro/prod/httproutes.yaml b/ak1pro/prod/httproutes.yaml index 80e75ae..f744a2a 100644 --- a/ak1pro/prod/httproutes.yaml +++ b/ak1pro/prod/httproutes.yaml @@ -1,4 +1,4 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: tls-redirect @@ -26,7 +26,7 @@ spec: requestRedirect: scheme: https --- -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: qb-prod @@ -49,7 +49,7 @@ spec: - name: qbittorrent port: 80 --- -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: jf-prod @@ -72,7 +72,7 @@ spec: - name: jellyfin port: 80 --- -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: homarr-prod @@ -96,7 +96,7 @@ spec: - name: homarr port: 80 --- -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: files-prod diff --git a/ak1pro/staging/httproutes.yaml b/ak1pro/staging/httproutes.yaml index 088efd7..ebc8b8e 100644 --- a/ak1pro/staging/httproutes.yaml +++ b/ak1pro/staging/httproutes.yaml @@ -1,4 +1,4 @@ -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: tls-redirect @@ -19,7 +19,7 @@ spec: requestRedirect: scheme: https --- -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: qb-staging @@ -41,7 +41,7 @@ spec: - name: qbittorrent port: 80 --- -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: jf-staging From 54c7dadb8eef341966abcd1c23fc97b979653431 Mon Sep 17 00:00:00 2001 From: Ionut Ilie Date: Thu, 9 Nov 2023 18:26:49 +0200 Subject: [PATCH 04/10] chore: move apps to apps folder Signed-off-by: Ionut Ilie --- ak1pro/{ => apps}/base/envoy-iap/deployment.yaml | 0 ak1pro/{ => apps}/base/envoy-iap/envoy-hmac-secret.yaml | 0 ak1pro/{ => apps}/base/envoy-iap/envoy-token-secret.yaml | 0 ak1pro/{ => apps}/base/envoy-iap/envoy.yaml | 0 ak1pro/{ => apps}/base/envoy-iap/http-routing.yaml | 0 ak1pro/{ => apps}/base/envoy-iap/kustomization.yaml | 0 ak1pro/{ => apps}/base/filebrowser/deployment.yaml | 0 ak1pro/{ => apps}/base/filebrowser/kustomization.yaml | 0 ak1pro/{ => apps}/base/filebrowser/service.yaml | 0 ak1pro/{ => apps}/base/homarr/deployment.yaml | 0 ak1pro/{ => apps}/base/homarr/kustomization.yaml | 0 ak1pro/{ => apps}/base/homarr/service.yaml | 0 ak1pro/{ => apps}/base/jellyfin/kustomization.yaml | 0 ak1pro/{ => apps}/base/jellyfin/service.yaml | 0 ak1pro/{ => apps}/base/jellyfin/statefulSet.yaml | 0 ak1pro/{ => apps}/base/qbittorrent/kustomization.yaml | 0 ak1pro/{ => apps}/base/qbittorrent/service.yaml | 0 ak1pro/{ => apps}/base/qbittorrent/statefulSet.yaml | 0 ak1pro/{ => apps}/base/sonarr/kustomization.yaml | 0 ak1pro/{ => apps}/base/sonarr/sonarr-sts.yaml | 0 ak1pro/{ => apps}/base/sonarr/sonarr-svc.yaml | 0 ak1pro/{ => apps}/base/traefik/00-account.yml | 0 ak1pro/{ => apps}/base/traefik/00-role.yml | 0 ak1pro/{ => apps}/base/traefik/01-role-binding.yml | 0 ak1pro/{ => apps}/base/traefik/02-traefik-services.yml | 0 ak1pro/{ => apps}/base/traefik/02-traefik.yml | 0 ak1pro/{ => apps}/base/traefik/kustomization.yaml | 0 ak1pro/{ => apps}/base/traefik/traefik.yaml | 0 ak1pro/{ => apps}/prod/filebrowser/kustomization.yaml | 0 ak1pro/{ => apps}/prod/homarr/kustomization.yaml | 0 ak1pro/{ => apps}/prod/httproutes.yaml | 0 ak1pro/{ => apps}/prod/ingress.yaml | 0 ak1pro/{ => apps}/prod/jellyfin/kustomization.yaml | 0 ak1pro/{ => apps}/prod/jellyfin/sts-patch.yaml | 0 ak1pro/{ => apps}/prod/kustomization.yaml | 0 ak1pro/{ => apps}/prod/qbittorrent/kustomization.yaml | 0 ak1pro/{ => apps}/prod/qbittorrent/sts-patch.yaml | 0 ak1pro/{ => apps}/staging/httproutes.yaml | 0 ak1pro/{ => apps}/staging/ingress.yaml | 0 ak1pro/{ => apps}/staging/jellyfin/kustomization.yaml | 0 ak1pro/{ => apps}/staging/jellyfin/sts-patch.yaml | 0 ak1pro/{ => apps}/staging/kustomization.yaml | 0 ak1pro/{ => apps}/staging/qbittorrent/kustomization.yaml | 0 ak1pro/{ => apps}/staging/qbittorrent/sts-patch.yaml | 0 ak1pro/{ => apps}/staging/security-policy.yaml | 0 45 files changed, 0 insertions(+), 0 deletions(-) rename ak1pro/{ => apps}/base/envoy-iap/deployment.yaml (100%) rename ak1pro/{ => apps}/base/envoy-iap/envoy-hmac-secret.yaml (100%) rename ak1pro/{ => apps}/base/envoy-iap/envoy-token-secret.yaml (100%) rename ak1pro/{ => apps}/base/envoy-iap/envoy.yaml (100%) rename ak1pro/{ => apps}/base/envoy-iap/http-routing.yaml (100%) rename ak1pro/{ => apps}/base/envoy-iap/kustomization.yaml (100%) rename ak1pro/{ => apps}/base/filebrowser/deployment.yaml (100%) rename ak1pro/{ => apps}/base/filebrowser/kustomization.yaml (100%) rename ak1pro/{ => apps}/base/filebrowser/service.yaml (100%) rename ak1pro/{ => apps}/base/homarr/deployment.yaml (100%) rename ak1pro/{ => apps}/base/homarr/kustomization.yaml (100%) rename ak1pro/{ => apps}/base/homarr/service.yaml (100%) rename ak1pro/{ => apps}/base/jellyfin/kustomization.yaml (100%) rename ak1pro/{ => apps}/base/jellyfin/service.yaml (100%) rename ak1pro/{ => apps}/base/jellyfin/statefulSet.yaml (100%) rename ak1pro/{ => apps}/base/qbittorrent/kustomization.yaml (100%) rename ak1pro/{ => apps}/base/qbittorrent/service.yaml (100%) rename ak1pro/{ => apps}/base/qbittorrent/statefulSet.yaml (100%) rename ak1pro/{ => apps}/base/sonarr/kustomization.yaml (100%) rename ak1pro/{ => apps}/base/sonarr/sonarr-sts.yaml (100%) rename ak1pro/{ => apps}/base/sonarr/sonarr-svc.yaml (100%) rename ak1pro/{ => apps}/base/traefik/00-account.yml (100%) rename ak1pro/{ => apps}/base/traefik/00-role.yml (100%) rename ak1pro/{ => apps}/base/traefik/01-role-binding.yml (100%) rename ak1pro/{ => apps}/base/traefik/02-traefik-services.yml (100%) rename ak1pro/{ => apps}/base/traefik/02-traefik.yml (100%) rename ak1pro/{ => apps}/base/traefik/kustomization.yaml (100%) rename ak1pro/{ => apps}/base/traefik/traefik.yaml (100%) rename ak1pro/{ => apps}/prod/filebrowser/kustomization.yaml (100%) rename ak1pro/{ => apps}/prod/homarr/kustomization.yaml (100%) rename ak1pro/{ => apps}/prod/httproutes.yaml (100%) rename ak1pro/{ => apps}/prod/ingress.yaml (100%) rename ak1pro/{ => apps}/prod/jellyfin/kustomization.yaml (100%) rename ak1pro/{ => apps}/prod/jellyfin/sts-patch.yaml (100%) rename ak1pro/{ => apps}/prod/kustomization.yaml (100%) rename ak1pro/{ => apps}/prod/qbittorrent/kustomization.yaml (100%) rename ak1pro/{ => apps}/prod/qbittorrent/sts-patch.yaml (100%) rename ak1pro/{ => apps}/staging/httproutes.yaml (100%) rename ak1pro/{ => apps}/staging/ingress.yaml (100%) rename ak1pro/{ => apps}/staging/jellyfin/kustomization.yaml (100%) rename ak1pro/{ => apps}/staging/jellyfin/sts-patch.yaml (100%) rename ak1pro/{ => apps}/staging/kustomization.yaml (100%) rename ak1pro/{ => apps}/staging/qbittorrent/kustomization.yaml (100%) rename ak1pro/{ => apps}/staging/qbittorrent/sts-patch.yaml (100%) rename ak1pro/{ => apps}/staging/security-policy.yaml (100%) diff --git a/ak1pro/base/envoy-iap/deployment.yaml b/ak1pro/apps/base/envoy-iap/deployment.yaml similarity index 100% rename from ak1pro/base/envoy-iap/deployment.yaml rename to ak1pro/apps/base/envoy-iap/deployment.yaml diff --git a/ak1pro/base/envoy-iap/envoy-hmac-secret.yaml b/ak1pro/apps/base/envoy-iap/envoy-hmac-secret.yaml similarity index 100% rename from ak1pro/base/envoy-iap/envoy-hmac-secret.yaml rename to ak1pro/apps/base/envoy-iap/envoy-hmac-secret.yaml diff --git a/ak1pro/base/envoy-iap/envoy-token-secret.yaml b/ak1pro/apps/base/envoy-iap/envoy-token-secret.yaml similarity index 100% rename from ak1pro/base/envoy-iap/envoy-token-secret.yaml rename to ak1pro/apps/base/envoy-iap/envoy-token-secret.yaml diff --git a/ak1pro/base/envoy-iap/envoy.yaml b/ak1pro/apps/base/envoy-iap/envoy.yaml similarity index 100% rename from ak1pro/base/envoy-iap/envoy.yaml rename to ak1pro/apps/base/envoy-iap/envoy.yaml diff --git a/ak1pro/base/envoy-iap/http-routing.yaml b/ak1pro/apps/base/envoy-iap/http-routing.yaml similarity index 100% rename from ak1pro/base/envoy-iap/http-routing.yaml rename to ak1pro/apps/base/envoy-iap/http-routing.yaml diff --git a/ak1pro/base/envoy-iap/kustomization.yaml b/ak1pro/apps/base/envoy-iap/kustomization.yaml similarity index 100% rename from ak1pro/base/envoy-iap/kustomization.yaml rename to ak1pro/apps/base/envoy-iap/kustomization.yaml diff --git a/ak1pro/base/filebrowser/deployment.yaml b/ak1pro/apps/base/filebrowser/deployment.yaml similarity index 100% rename from ak1pro/base/filebrowser/deployment.yaml rename to ak1pro/apps/base/filebrowser/deployment.yaml diff --git a/ak1pro/base/filebrowser/kustomization.yaml b/ak1pro/apps/base/filebrowser/kustomization.yaml similarity index 100% rename from ak1pro/base/filebrowser/kustomization.yaml rename to ak1pro/apps/base/filebrowser/kustomization.yaml diff --git a/ak1pro/base/filebrowser/service.yaml b/ak1pro/apps/base/filebrowser/service.yaml similarity index 100% rename from ak1pro/base/filebrowser/service.yaml rename to ak1pro/apps/base/filebrowser/service.yaml diff --git a/ak1pro/base/homarr/deployment.yaml b/ak1pro/apps/base/homarr/deployment.yaml similarity index 100% rename from ak1pro/base/homarr/deployment.yaml rename to ak1pro/apps/base/homarr/deployment.yaml diff --git a/ak1pro/base/homarr/kustomization.yaml b/ak1pro/apps/base/homarr/kustomization.yaml similarity index 100% rename from ak1pro/base/homarr/kustomization.yaml rename to ak1pro/apps/base/homarr/kustomization.yaml diff --git a/ak1pro/base/homarr/service.yaml b/ak1pro/apps/base/homarr/service.yaml similarity index 100% rename from ak1pro/base/homarr/service.yaml rename to ak1pro/apps/base/homarr/service.yaml diff --git a/ak1pro/base/jellyfin/kustomization.yaml b/ak1pro/apps/base/jellyfin/kustomization.yaml similarity index 100% rename from ak1pro/base/jellyfin/kustomization.yaml rename to ak1pro/apps/base/jellyfin/kustomization.yaml diff --git a/ak1pro/base/jellyfin/service.yaml b/ak1pro/apps/base/jellyfin/service.yaml similarity index 100% rename from ak1pro/base/jellyfin/service.yaml rename to ak1pro/apps/base/jellyfin/service.yaml diff --git a/ak1pro/base/jellyfin/statefulSet.yaml b/ak1pro/apps/base/jellyfin/statefulSet.yaml similarity index 100% rename from ak1pro/base/jellyfin/statefulSet.yaml rename to ak1pro/apps/base/jellyfin/statefulSet.yaml diff --git a/ak1pro/base/qbittorrent/kustomization.yaml b/ak1pro/apps/base/qbittorrent/kustomization.yaml similarity index 100% rename from ak1pro/base/qbittorrent/kustomization.yaml rename to ak1pro/apps/base/qbittorrent/kustomization.yaml diff --git a/ak1pro/base/qbittorrent/service.yaml b/ak1pro/apps/base/qbittorrent/service.yaml similarity index 100% rename from ak1pro/base/qbittorrent/service.yaml rename to ak1pro/apps/base/qbittorrent/service.yaml diff --git a/ak1pro/base/qbittorrent/statefulSet.yaml b/ak1pro/apps/base/qbittorrent/statefulSet.yaml similarity index 100% rename from ak1pro/base/qbittorrent/statefulSet.yaml rename to ak1pro/apps/base/qbittorrent/statefulSet.yaml diff --git a/ak1pro/base/sonarr/kustomization.yaml b/ak1pro/apps/base/sonarr/kustomization.yaml similarity index 100% rename from ak1pro/base/sonarr/kustomization.yaml rename to ak1pro/apps/base/sonarr/kustomization.yaml diff --git a/ak1pro/base/sonarr/sonarr-sts.yaml b/ak1pro/apps/base/sonarr/sonarr-sts.yaml similarity index 100% rename from ak1pro/base/sonarr/sonarr-sts.yaml rename to ak1pro/apps/base/sonarr/sonarr-sts.yaml diff --git a/ak1pro/base/sonarr/sonarr-svc.yaml b/ak1pro/apps/base/sonarr/sonarr-svc.yaml similarity index 100% rename from ak1pro/base/sonarr/sonarr-svc.yaml rename to ak1pro/apps/base/sonarr/sonarr-svc.yaml diff --git a/ak1pro/base/traefik/00-account.yml b/ak1pro/apps/base/traefik/00-account.yml similarity index 100% rename from ak1pro/base/traefik/00-account.yml rename to ak1pro/apps/base/traefik/00-account.yml diff --git a/ak1pro/base/traefik/00-role.yml b/ak1pro/apps/base/traefik/00-role.yml similarity index 100% rename from ak1pro/base/traefik/00-role.yml rename to ak1pro/apps/base/traefik/00-role.yml diff --git a/ak1pro/base/traefik/01-role-binding.yml b/ak1pro/apps/base/traefik/01-role-binding.yml similarity index 100% rename from ak1pro/base/traefik/01-role-binding.yml rename to ak1pro/apps/base/traefik/01-role-binding.yml diff --git a/ak1pro/base/traefik/02-traefik-services.yml b/ak1pro/apps/base/traefik/02-traefik-services.yml similarity index 100% rename from ak1pro/base/traefik/02-traefik-services.yml rename to ak1pro/apps/base/traefik/02-traefik-services.yml diff --git a/ak1pro/base/traefik/02-traefik.yml b/ak1pro/apps/base/traefik/02-traefik.yml similarity index 100% rename from ak1pro/base/traefik/02-traefik.yml rename to ak1pro/apps/base/traefik/02-traefik.yml diff --git a/ak1pro/base/traefik/kustomization.yaml b/ak1pro/apps/base/traefik/kustomization.yaml similarity index 100% rename from ak1pro/base/traefik/kustomization.yaml rename to ak1pro/apps/base/traefik/kustomization.yaml diff --git a/ak1pro/base/traefik/traefik.yaml b/ak1pro/apps/base/traefik/traefik.yaml similarity index 100% rename from ak1pro/base/traefik/traefik.yaml rename to ak1pro/apps/base/traefik/traefik.yaml diff --git a/ak1pro/prod/filebrowser/kustomization.yaml b/ak1pro/apps/prod/filebrowser/kustomization.yaml similarity index 100% rename from ak1pro/prod/filebrowser/kustomization.yaml rename to ak1pro/apps/prod/filebrowser/kustomization.yaml diff --git a/ak1pro/prod/homarr/kustomization.yaml b/ak1pro/apps/prod/homarr/kustomization.yaml similarity index 100% rename from ak1pro/prod/homarr/kustomization.yaml rename to ak1pro/apps/prod/homarr/kustomization.yaml diff --git a/ak1pro/prod/httproutes.yaml b/ak1pro/apps/prod/httproutes.yaml similarity index 100% rename from ak1pro/prod/httproutes.yaml rename to ak1pro/apps/prod/httproutes.yaml diff --git a/ak1pro/prod/ingress.yaml b/ak1pro/apps/prod/ingress.yaml similarity index 100% rename from ak1pro/prod/ingress.yaml rename to ak1pro/apps/prod/ingress.yaml diff --git a/ak1pro/prod/jellyfin/kustomization.yaml b/ak1pro/apps/prod/jellyfin/kustomization.yaml similarity index 100% rename from ak1pro/prod/jellyfin/kustomization.yaml rename to ak1pro/apps/prod/jellyfin/kustomization.yaml diff --git a/ak1pro/prod/jellyfin/sts-patch.yaml b/ak1pro/apps/prod/jellyfin/sts-patch.yaml similarity index 100% rename from ak1pro/prod/jellyfin/sts-patch.yaml rename to ak1pro/apps/prod/jellyfin/sts-patch.yaml diff --git a/ak1pro/prod/kustomization.yaml b/ak1pro/apps/prod/kustomization.yaml similarity index 100% rename from ak1pro/prod/kustomization.yaml rename to ak1pro/apps/prod/kustomization.yaml diff --git a/ak1pro/prod/qbittorrent/kustomization.yaml b/ak1pro/apps/prod/qbittorrent/kustomization.yaml similarity index 100% rename from ak1pro/prod/qbittorrent/kustomization.yaml rename to ak1pro/apps/prod/qbittorrent/kustomization.yaml diff --git a/ak1pro/prod/qbittorrent/sts-patch.yaml b/ak1pro/apps/prod/qbittorrent/sts-patch.yaml similarity index 100% rename from ak1pro/prod/qbittorrent/sts-patch.yaml rename to ak1pro/apps/prod/qbittorrent/sts-patch.yaml diff --git a/ak1pro/staging/httproutes.yaml b/ak1pro/apps/staging/httproutes.yaml similarity index 100% rename from ak1pro/staging/httproutes.yaml rename to ak1pro/apps/staging/httproutes.yaml diff --git a/ak1pro/staging/ingress.yaml b/ak1pro/apps/staging/ingress.yaml similarity index 100% rename from ak1pro/staging/ingress.yaml rename to ak1pro/apps/staging/ingress.yaml diff --git a/ak1pro/staging/jellyfin/kustomization.yaml b/ak1pro/apps/staging/jellyfin/kustomization.yaml similarity index 100% rename from ak1pro/staging/jellyfin/kustomization.yaml rename to ak1pro/apps/staging/jellyfin/kustomization.yaml diff --git a/ak1pro/staging/jellyfin/sts-patch.yaml b/ak1pro/apps/staging/jellyfin/sts-patch.yaml similarity index 100% rename from ak1pro/staging/jellyfin/sts-patch.yaml rename to ak1pro/apps/staging/jellyfin/sts-patch.yaml diff --git a/ak1pro/staging/kustomization.yaml b/ak1pro/apps/staging/kustomization.yaml similarity index 100% rename from ak1pro/staging/kustomization.yaml rename to ak1pro/apps/staging/kustomization.yaml diff --git a/ak1pro/staging/qbittorrent/kustomization.yaml b/ak1pro/apps/staging/qbittorrent/kustomization.yaml similarity index 100% rename from ak1pro/staging/qbittorrent/kustomization.yaml rename to ak1pro/apps/staging/qbittorrent/kustomization.yaml diff --git a/ak1pro/staging/qbittorrent/sts-patch.yaml b/ak1pro/apps/staging/qbittorrent/sts-patch.yaml similarity index 100% rename from ak1pro/staging/qbittorrent/sts-patch.yaml rename to ak1pro/apps/staging/qbittorrent/sts-patch.yaml diff --git a/ak1pro/staging/security-policy.yaml b/ak1pro/apps/staging/security-policy.yaml similarity index 100% rename from ak1pro/staging/security-policy.yaml rename to ak1pro/apps/staging/security-policy.yaml From 964c2985a463bf17a72280aed9af7ce350b82e8a Mon Sep 17 00:00:00 2001 From: Ionut Ilie Date: Thu, 9 Nov 2023 18:33:20 +0200 Subject: [PATCH 05/10] chore: fluxcd folder structure Signed-off-by: Ionut Ilie --- ak1pro/clusters/.gitkeep | 0 ak1pro/{ => infrastructure}/cert-manager/ClusterIssuer.yaml | 0 ak1pro/{ => infrastructure}/cert-manager/kustomization.yaml | 0 ak1pro/{ => infrastructure}/cert-manager/readme.md | 0 ak1pro/{ => infrastructure}/kube-public/certificate.yaml | 0 ak1pro/{ => infrastructure}/kube-public/gateway.yaml | 0 ak1pro/{ => infrastructure}/kube-public/httproutes.yaml | 0 ak1pro/{ => infrastructure}/kube-public/readme.md | 0 .../microk8s-config/kubernetes-dashboard/k8s-dash-httproute.yaml | 0 .../microk8s-config/kubernetes-dashboard/values.yaml | 0 ak1pro/{ => infrastructure}/microk8s-config/namespace.yaml | 0 .../{ => infrastructure}/microk8s-config/network-attach-def.yaml | 0 ak1pro/{ => infrastructure}/microk8s-config/storage-class.yaml | 0 ak1pro/{ => other}/docker-compose.sh | 0 ak1pro/{ => other}/docker-compose.yml | 0 ak1pro/{apps/staging => other}/security-policy.yaml | 0 16 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 ak1pro/clusters/.gitkeep rename ak1pro/{ => infrastructure}/cert-manager/ClusterIssuer.yaml (100%) rename ak1pro/{ => infrastructure}/cert-manager/kustomization.yaml (100%) rename ak1pro/{ => infrastructure}/cert-manager/readme.md (100%) rename ak1pro/{ => infrastructure}/kube-public/certificate.yaml (100%) rename ak1pro/{ => infrastructure}/kube-public/gateway.yaml (100%) rename ak1pro/{ => infrastructure}/kube-public/httproutes.yaml (100%) rename ak1pro/{ => infrastructure}/kube-public/readme.md (100%) rename ak1pro/{ => infrastructure}/microk8s-config/kubernetes-dashboard/k8s-dash-httproute.yaml (100%) rename ak1pro/{ => infrastructure}/microk8s-config/kubernetes-dashboard/values.yaml (100%) rename ak1pro/{ => infrastructure}/microk8s-config/namespace.yaml (100%) rename ak1pro/{ => infrastructure}/microk8s-config/network-attach-def.yaml (100%) rename ak1pro/{ => infrastructure}/microk8s-config/storage-class.yaml (100%) rename ak1pro/{ => other}/docker-compose.sh (100%) rename ak1pro/{ => other}/docker-compose.yml (100%) rename ak1pro/{apps/staging => other}/security-policy.yaml (100%) diff --git a/ak1pro/clusters/.gitkeep b/ak1pro/clusters/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ak1pro/cert-manager/ClusterIssuer.yaml b/ak1pro/infrastructure/cert-manager/ClusterIssuer.yaml similarity index 100% rename from ak1pro/cert-manager/ClusterIssuer.yaml rename to ak1pro/infrastructure/cert-manager/ClusterIssuer.yaml diff --git a/ak1pro/cert-manager/kustomization.yaml b/ak1pro/infrastructure/cert-manager/kustomization.yaml similarity index 100% rename from ak1pro/cert-manager/kustomization.yaml rename to ak1pro/infrastructure/cert-manager/kustomization.yaml diff --git a/ak1pro/cert-manager/readme.md b/ak1pro/infrastructure/cert-manager/readme.md similarity index 100% rename from ak1pro/cert-manager/readme.md rename to ak1pro/infrastructure/cert-manager/readme.md diff --git a/ak1pro/kube-public/certificate.yaml b/ak1pro/infrastructure/kube-public/certificate.yaml similarity index 100% rename from ak1pro/kube-public/certificate.yaml rename to ak1pro/infrastructure/kube-public/certificate.yaml diff --git a/ak1pro/kube-public/gateway.yaml b/ak1pro/infrastructure/kube-public/gateway.yaml similarity index 100% rename from ak1pro/kube-public/gateway.yaml rename to ak1pro/infrastructure/kube-public/gateway.yaml diff --git a/ak1pro/kube-public/httproutes.yaml b/ak1pro/infrastructure/kube-public/httproutes.yaml similarity index 100% rename from ak1pro/kube-public/httproutes.yaml rename to ak1pro/infrastructure/kube-public/httproutes.yaml diff --git a/ak1pro/kube-public/readme.md b/ak1pro/infrastructure/kube-public/readme.md similarity index 100% rename from ak1pro/kube-public/readme.md rename to ak1pro/infrastructure/kube-public/readme.md diff --git a/ak1pro/microk8s-config/kubernetes-dashboard/k8s-dash-httproute.yaml b/ak1pro/infrastructure/microk8s-config/kubernetes-dashboard/k8s-dash-httproute.yaml similarity index 100% rename from ak1pro/microk8s-config/kubernetes-dashboard/k8s-dash-httproute.yaml rename to ak1pro/infrastructure/microk8s-config/kubernetes-dashboard/k8s-dash-httproute.yaml diff --git a/ak1pro/microk8s-config/kubernetes-dashboard/values.yaml b/ak1pro/infrastructure/microk8s-config/kubernetes-dashboard/values.yaml similarity index 100% rename from ak1pro/microk8s-config/kubernetes-dashboard/values.yaml rename to ak1pro/infrastructure/microk8s-config/kubernetes-dashboard/values.yaml diff --git a/ak1pro/microk8s-config/namespace.yaml b/ak1pro/infrastructure/microk8s-config/namespace.yaml similarity index 100% rename from ak1pro/microk8s-config/namespace.yaml rename to ak1pro/infrastructure/microk8s-config/namespace.yaml diff --git a/ak1pro/microk8s-config/network-attach-def.yaml b/ak1pro/infrastructure/microk8s-config/network-attach-def.yaml similarity index 100% rename from ak1pro/microk8s-config/network-attach-def.yaml rename to ak1pro/infrastructure/microk8s-config/network-attach-def.yaml diff --git a/ak1pro/microk8s-config/storage-class.yaml b/ak1pro/infrastructure/microk8s-config/storage-class.yaml similarity index 100% rename from ak1pro/microk8s-config/storage-class.yaml rename to ak1pro/infrastructure/microk8s-config/storage-class.yaml diff --git a/ak1pro/docker-compose.sh b/ak1pro/other/docker-compose.sh similarity index 100% rename from ak1pro/docker-compose.sh rename to ak1pro/other/docker-compose.sh diff --git a/ak1pro/docker-compose.yml b/ak1pro/other/docker-compose.yml similarity index 100% rename from ak1pro/docker-compose.yml rename to ak1pro/other/docker-compose.yml diff --git a/ak1pro/apps/staging/security-policy.yaml b/ak1pro/other/security-policy.yaml similarity index 100% rename from ak1pro/apps/staging/security-policy.yaml rename to ak1pro/other/security-policy.yaml From ba063a5ef13354d0d13fa3bcd6e705729d629a51 Mon Sep 17 00:00:00 2001 From: Ionut Ilie Date: Thu, 9 Nov 2023 18:48:03 +0200 Subject: [PATCH 06/10] chore: validate kustomize build Signed-off-by: Ionut Ilie --- ak1pro/scripts/validate.sh | 73 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100755 ak1pro/scripts/validate.sh diff --git a/ak1pro/scripts/validate.sh b/ak1pro/scripts/validate.sh new file mode 100755 index 0000000..729aa4a --- /dev/null +++ b/ak1pro/scripts/validate.sh @@ -0,0 +1,73 @@ +#!/usr/bin/env bash + +# This script downloads the Flux OpenAPI schemas, then it validates the +# Flux custom resources and the kustomize overlays using kubeconform. +# This script is meant to be run locally and in CI before the changes +# are merged on the main branch that's synced by Flux. + +# Copyright 2023 The Flux authors. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Prerequisites +# - yq v4.34 +# - kustomize v5.0 +# - kubeconform v0.6 + +set -o errexit +set -o pipefail + +# mirror kustomize-controller build options +kustomize_flags=("--load-restrictor=LoadRestrictionsNone") +kustomize_config="kustomization.yaml" + +# # skip Kubernetes Secrets due to SOPS fields failing validation +# kubeconform_flags=("-skip=Secret") +# kubeconform_config=("-strict" "-ignore-missing-schemas" "-schema-location" "default" "-schema-location" "/tmp/flux-crd-schemas" "-verbose") + +# echo "INFO - Downloading Flux OpenAPI schemas" +# mkdir -p /tmp/flux-crd-schemas/master-standalone-strict +# curl -sL https://github.com/fluxcd/flux2/releases/latest/download/crd-schemas.tar.gz | tar zxf - -C /tmp/flux-crd-schemas/master-standalone-strict + +# find . -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; +# do +# echo "INFO - Validating $file" +# yq e 'true' "$file" > /dev/null +# done + +# echo "INFO - Validating clusters" +# find ./clusters -maxdepth 2 -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; +# do +# kubeconform "${kubeconform_flags[@]}" "${kubeconform_config[@]}" "${file}" +# if [[ ${PIPESTATUS[0]} != 0 ]]; then +# exit 1 +# fi +# done + +# echo "INFO - Validating kustomize overlays" +# find . -type f -name $kustomize_config -print0 | while IFS= read -r -d $'\0' file; +# do +# echo "INFO - Validating kustomization ${file/%$kustomize_config}" +# kustomize build "${file/%$kustomize_config}" "${kustomize_flags[@]}" \| \ +# kubeconform "${kubeconform_flags[@]}" "${kubeconform_config[@]}" +# if [[ ${PIPESTATUS[0]} != 0 ]]; then +# exit 1 +# fi +# done + +echo "INFO - Validating kustomize overlays" +find . -type f -name $kustomize_config -print0 | while IFS= read -r -d $'\0' file; + do + echo "INFO - Validating kustomization ${file/%$kustomize_config}" + kustomize build "${file/%$kustomize_config}" "${kustomize_flags[@]}" +done From e1667203ec02ba745728ce750b9836d50b0aa59b Mon Sep 17 00:00:00 2001 From: Ionut Ilie Date: Thu, 9 Nov 2023 19:00:00 +0200 Subject: [PATCH 07/10] chore: update paths Signed-off-by: Ionut Ilie --- ak1pro/microk8s.md | 8 ++++---- ak1pro/notes.md | 6 +++--- ak1pro/readme.md | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/ak1pro/microk8s.md b/ak1pro/microk8s.md index 823ecdf..a9776dc 100644 --- a/ak1pro/microk8s.md +++ b/ak1pro/microk8s.md @@ -24,7 +24,7 @@ For Jellyfin's DLNA Broadcast # microk8s enable multus microk8s enable community microk8s enable multus -microk8s kubectl apply -f ak1pro/microk8s-config/network-attach-def.yaml +microk8s kubectl apply -f ak1pro/infrastructure/microk8s-config/network-attach-def.yaml ``` ### HostPath Storage @@ -32,7 +32,7 @@ microk8s kubectl apply -f ak1pro/microk8s-config/network-attach-def.yaml ```bash # HostPath Storage microk8s enable hostpath-storage -microk8s kubectl apply -f ak1pro/microk8s-config/storage-class.yaml +microk8s kubectl apply -f ak1pro/infrastructure/microk8s-config/storage-class.yaml ``` ### K8s Gateway-Api @@ -69,11 +69,11 @@ helm search repo kubernetes-dashboard/kubernetes-dashboard --versions # Deploy a Helm Release named "kubernetes-dashboard" using the kubernetes-dashboard chart helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard \ --namespace kube-system \ ---values=ak1pro/microk8s-config/kubernetes-dashboard/values.yaml \ +--values=ak1pro/infrastructure/microk8s-config/kubernetes-dashboard/values.yaml \ --version=6.0.8 --dry-run # create HTTP Route -kubectl apply -f ak1pro/microk8s-config/k8s-dash-httproute.yaml +kubectl apply -f ak1pro/infrastructure/microk8s-config/k8s-dash-httproute.yaml kubectl patch ns kube-system --type='json' \ -p='[{"op": "add", "path": "/metadata/labels/shared-gateway-access", "value": "true"}]' diff --git a/ak1pro/notes.md b/ak1pro/notes.md index 0df695d..56bd65d 100644 --- a/ak1pro/notes.md +++ b/ak1pro/notes.md @@ -10,7 +10,7 @@ microk8s enable metallb:192.168.100.200-192.168.100.220 # microk8s enable multus microk8s enable community microk8s enable multus -microk8s kubectl apply -f ak1pro/microk8s-config/network-attach-def.yaml +microk8s kubectl apply -f ak1pro/infrastructure/microk8s-config/network-attach-def.yaml # kubernetes dashboard # https://vividcode.io/disable-authentication-and-https-in-kubernetes-dashboard/ @@ -20,7 +20,7 @@ microk8s kubectl -n kube-system get secret microk8s-dashboard-token -o jsonpath= # HostPath Storage microk8s enable hostpath-storage -microk8s kubectl apply -f ak1pro/microk8s-config/storage-class.yaml +microk8s kubectl apply -f ak1pro/infrastructure/microk8s-config/storage-class.yaml ## Gateway API @@ -39,6 +39,6 @@ kubectl get svc -n kube-public --selector=gateway.envoyproxy.io/owning-gateway- # $ microk8s helm get all envoy-gateway -n envoy-gateway ## Namespaces -microk8s kubectl apply -f ak1pro/microk8s-config/namespace.yaml +microk8s kubectl apply -f ak1pro/infrastructure/microk8s-config/namespace.yaml ``` diff --git a/ak1pro/readme.md b/ak1pro/readme.md index 50f04de..7ec7548 100644 --- a/ak1pro/readme.md +++ b/ak1pro/readme.md @@ -18,13 +18,13 @@ MicroK8s config for Home Server. ### prod ```bash -kubectl apply -k ak1pro/prod +kubectl apply -k ak1pro/apps/prod ``` ### staging ```bash -kubectl apply -k ak1pro/staging +kubectl apply -k ak1pro/apps/staging ``` ## ToDo From 1b9e7749c8f77e373cb2bcecba6f637ad4cbf37d Mon Sep 17 00:00:00 2001 From: Ionut Ilie Date: Thu, 9 Nov 2023 19:12:23 +0200 Subject: [PATCH 08/10] chore: test sonarr Signed-off-by: Ionut Ilie --- .../{sonarr-sts.yaml => deployment.yaml} | 3 +-- ak1pro/apps/base/sonarr/kustomization.yaml | 6 ++--- .../sonarr/{sonarr-svc.yaml => service.yaml} | 2 +- ak1pro/apps/staging/sonarr/httpRoute.yaml | 23 +++++++++++++++++++ ak1pro/apps/staging/sonarr/kustomization.yaml | 17 ++++++++++++++ 5 files changed, 45 insertions(+), 6 deletions(-) rename ak1pro/apps/base/sonarr/{sonarr-sts.yaml => deployment.yaml} (96%) rename ak1pro/apps/base/sonarr/{sonarr-svc.yaml => service.yaml} (90%) create mode 100644 ak1pro/apps/staging/sonarr/httpRoute.yaml create mode 100644 ak1pro/apps/staging/sonarr/kustomization.yaml diff --git a/ak1pro/apps/base/sonarr/sonarr-sts.yaml b/ak1pro/apps/base/sonarr/deployment.yaml similarity index 96% rename from ak1pro/apps/base/sonarr/sonarr-sts.yaml rename to ak1pro/apps/base/sonarr/deployment.yaml index c196dc4..eaf62b2 100644 --- a/ak1pro/apps/base/sonarr/sonarr-sts.yaml +++ b/ak1pro/apps/base/sonarr/deployment.yaml @@ -1,9 +1,8 @@ apiVersion: apps/v1 -kind: StatefulSet +kind: Deployment metadata: name: sonarr spec: - serviceName: sonarr replicas: 1 selector: matchLabels: diff --git a/ak1pro/apps/base/sonarr/kustomization.yaml b/ak1pro/apps/base/sonarr/kustomization.yaml index 039c107..e513d38 100644 --- a/ak1pro/apps/base/sonarr/kustomization.yaml +++ b/ak1pro/apps/base/sonarr/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: prod +namespace: staging labels: - includeSelectors: true @@ -8,5 +8,5 @@ labels: app.kubernetes.io/name: sonarr resources: - - sonarr-sts.yaml - - sonarr-svc.yaml + - deployment.yaml + - service.yaml diff --git a/ak1pro/apps/base/sonarr/sonarr-svc.yaml b/ak1pro/apps/base/sonarr/service.yaml similarity index 90% rename from ak1pro/apps/base/sonarr/sonarr-svc.yaml rename to ak1pro/apps/base/sonarr/service.yaml index b554d25..479a63c 100644 --- a/ak1pro/apps/base/sonarr/sonarr-svc.yaml +++ b/ak1pro/apps/base/sonarr/service.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: sonarr spec: - type: LoadBalancer + type: ClusterIP selector: app.kubernetes.io/name: sonarr ports: diff --git a/ak1pro/apps/staging/sonarr/httpRoute.yaml b/ak1pro/apps/staging/sonarr/httpRoute.yaml new file mode 100644 index 0000000..02c7f94 --- /dev/null +++ b/ak1pro/apps/staging/sonarr/httpRoute.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: sonarr-prod + namespace: prod +spec: + parentRefs: + - kind: Gateway + name: envoy-gateway + namespace: kube-public + sectionName: https + hostnames: + - "sonarr.ak1pro.n1l.ro" + - "sonarr-prod.ak1pro.n1l.ro" + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: sonarr + port: 80 diff --git a/ak1pro/apps/staging/sonarr/kustomization.yaml b/ak1pro/apps/staging/sonarr/kustomization.yaml new file mode 100644 index 0000000..07ebd63 --- /dev/null +++ b/ak1pro/apps/staging/sonarr/kustomization.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: staging + +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/name: sonarr + +resources: + - ../../base/sonarr + - httproute.yaml + +images: + - name: lscr.io/linuxserver/sonarr:latest + newName: lscr.io/linuxserver/sonarr + newTag: develop From ffc2811f544e2186bf4c576236378bcba9ef593d Mon Sep 17 00:00:00 2001 From: Ionut Ilie Date: Thu, 9 Nov 2023 19:14:30 +0200 Subject: [PATCH 09/10] chore: test homepage Signed-off-by: Ionut Ilie --- ak1pro/apps/base/homepage/configMap.yaml | 75 +++++++++++++++++++ ak1pro/apps/base/homepage/deployment.yaml | 65 ++++++++++++++++ ak1pro/apps/base/homepage/httpRoute.yaml | 23 ++++++ ak1pro/apps/base/homepage/kustomization.yaml | 17 +++++ ak1pro/apps/base/homepage/rbac.yaml | 54 +++++++++++++ ak1pro/apps/base/homepage/secret.yaml | 10 +++ ak1pro/apps/base/homepage/service.yaml | 17 +++++ ak1pro/apps/base/homepage/serviceAccount.yaml | 9 +++ 8 files changed, 270 insertions(+) create mode 100644 ak1pro/apps/base/homepage/configMap.yaml create mode 100644 ak1pro/apps/base/homepage/deployment.yaml create mode 100644 ak1pro/apps/base/homepage/httpRoute.yaml create mode 100644 ak1pro/apps/base/homepage/kustomization.yaml create mode 100644 ak1pro/apps/base/homepage/rbac.yaml create mode 100644 ak1pro/apps/base/homepage/secret.yaml create mode 100644 ak1pro/apps/base/homepage/service.yaml create mode 100644 ak1pro/apps/base/homepage/serviceAccount.yaml diff --git a/ak1pro/apps/base/homepage/configMap.yaml b/ak1pro/apps/base/homepage/configMap.yaml new file mode 100644 index 0000000..52bc82c --- /dev/null +++ b/ak1pro/apps/base/homepage/configMap.yaml @@ -0,0 +1,75 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: homepage + namespace: default + labels: + app.kubernetes.io/name: homepage +data: + kubernetes.yaml: | + mode: cluster + settings.yaml: "" + #settings.yaml: | + # providers: + # longhorn: + # url: https://longhorn.my.network + custom.css: "" + custom.js: "" + bookmarks.yaml: | + - Developer: + - Github: + - abbr: GH + href: https://github.com/ + services.yaml: | + - Media + - qBittorrent: + icon: qbittorrent.png + href: https://qb.ak1pro.n1l.ro/ + description: Torrent client + widget: + type: qbittorrent + url: https://qb.ak1pro.n1l.ro/ + username: admin + password: adminadmin + - Jellyfin: + icon: jellyfin.png + href: https://jf.ak1pro.n1l.ro/ + description: Movies & TV Shows + widget: + type: jellyfin + url: https://jf.ak1pro.n1l.ro/ + key: fa93b3ac9051dfc43c983bdc3cfe734b + enableBlocks: true # optional, defaults to false + enableNowPlaying: true # optional, defaults to true + + - My Second Group: + - My Second Service: + href: http://localhost/ + description: Homepage is the best + + - My Third Group: + - My Third Service: + href: http://localhost/ + description: Homepage is 😎 + widgets.yaml: | + - kubernetes: + cluster: + show: false + cpu: true + memory: true + showLabel: true + label: "ak1pro" + nodes: + show: true + cpu: true + memory: true + showLabel: true + - resources: + backend: resources + expanded: true + cpu: true + memory: true + - search: + provider: duckduckgo + target: _blank + docker.yaml: "" diff --git a/ak1pro/apps/base/homepage/deployment.yaml b/ak1pro/apps/base/homepage/deployment.yaml new file mode 100644 index 0000000..bcb9cda --- /dev/null +++ b/ak1pro/apps/base/homepage/deployment.yaml @@ -0,0 +1,65 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: homepage + namespace: default + labels: + app.kubernetes.io/name: homepage +spec: + revisionHistoryLimit: 3 + replicas: 1 + strategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: homepage + template: + metadata: + labels: + app.kubernetes.io/name: homepage + spec: + serviceAccountName: homepage + automountServiceAccountToken: true + dnsPolicy: ClusterFirst + enableServiceLinks: true + containers: + - name: homepage + image: "ghcr.io/gethomepage/homepage:latest" + imagePullPolicy: Always + ports: + - name: http + containerPort: 3000 + protocol: TCP + volumeMounts: + - mountPath: /app/config/custom.js + name: homepage-config + subPath: custom.js + - mountPath: /app/config/custom.css + name: homepage-config + subPath: custom.css + - mountPath: /app/config/bookmarks.yaml + name: homepage-config + subPath: bookmarks.yaml + - mountPath: /app/config/docker.yaml + name: homepage-config + subPath: docker.yaml + - mountPath: /app/config/kubernetes.yaml + name: homepage-config + subPath: kubernetes.yaml + - mountPath: /app/config/services.yaml + name: homepage-config + subPath: services.yaml + - mountPath: /app/config/settings.yaml + name: homepage-config + subPath: settings.yaml + - mountPath: /app/config/widgets.yaml + name: homepage-config + subPath: widgets.yaml + - mountPath: /app/config/logs + name: logs + volumes: + - name: homepage-config + configMap: + name: homepage + - name: logs + emptyDir: {} diff --git a/ak1pro/apps/base/homepage/httpRoute.yaml b/ak1pro/apps/base/homepage/httpRoute.yaml new file mode 100644 index 0000000..3e89f14 --- /dev/null +++ b/ak1pro/apps/base/homepage/httpRoute.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: homepage-prod + namespace: prod +spec: + parentRefs: + - kind: Gateway + name: envoy-gateway + namespace: kube-public + sectionName: https + hostnames: + - "homepage.ak1pro.n1l.ro" + - "homepage-prod.ak1pro.n1l.ro" + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: homepage + port: 3000 diff --git a/ak1pro/apps/base/homepage/kustomization.yaml b/ak1pro/apps/base/homepage/kustomization.yaml new file mode 100644 index 0000000..7fbe2e5 --- /dev/null +++ b/ak1pro/apps/base/homepage/kustomization.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: staging + +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/name: homepage + +resources: + - configMap.yaml + - serviceAccount.yaml + - rbac.yaml + - secret.yaml + - service.yaml + - deployment.yaml + - httpRoute.yaml diff --git a/ak1pro/apps/base/homepage/rbac.yaml b/ak1pro/apps/base/homepage/rbac.yaml new file mode 100644 index 0000000..efb751a --- /dev/null +++ b/ak1pro/apps/base/homepage/rbac.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: homepage + labels: + app.kubernetes.io/name: homepage +rules: + - apiGroups: + - "" + resources: + - namespaces + - pods + - nodes + verbs: + - get + - list + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - apiGroups: + - traefik.containo.us + resources: + - ingressroutes + verbs: + - get + - list + - apiGroups: + - metrics.k8s.io + resources: + - nodes + - pods + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: homepage + labels: + app.kubernetes.io/name: homepage +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: homepage +subjects: + - kind: ServiceAccount + name: homepage + namespace: default diff --git a/ak1pro/apps/base/homepage/secret.yaml b/ak1pro/apps/base/homepage/secret.yaml new file mode 100644 index 0000000..3c520c2 --- /dev/null +++ b/ak1pro/apps/base/homepage/secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: homepage + namespace: default + labels: + app.kubernetes.io/name: homepage + annotations: + kubernetes.io/service-account.name: homepage diff --git a/ak1pro/apps/base/homepage/service.yaml b/ak1pro/apps/base/homepage/service.yaml new file mode 100644 index 0000000..5a3da97 --- /dev/null +++ b/ak1pro/apps/base/homepage/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: homepage + namespace: default + labels: + app.kubernetes.io/name: homepage + annotations: +spec: + type: ClusterIP + ports: + - port: 3000 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: homepage diff --git a/ak1pro/apps/base/homepage/serviceAccount.yaml b/ak1pro/apps/base/homepage/serviceAccount.yaml new file mode 100644 index 0000000..5686f10 --- /dev/null +++ b/ak1pro/apps/base/homepage/serviceAccount.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: homepage + namespace: default + labels: + app.kubernetes.io/name: homepage +secrets: + - name: homepage From 8c110688ece87c6c99d44a909492bb2c81f22e48 Mon Sep 17 00:00:00 2001 From: Ionut Ilie Date: Thu, 9 Nov 2023 19:17:10 +0200 Subject: [PATCH 10/10] chore: update hosts Signed-off-by: Ionut Ilie --- ak1pro/host.md | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/ak1pro/host.md b/ak1pro/host.md index 9fab55c..faea169 100644 --- a/ak1pro/host.md +++ b/ak1pro/host.md @@ -22,28 +22,10 @@ UUID=f962d525-0f83-4947-a2c5-42f525033fda /mnt/smg2t ext4 errors=remount-ro,a | Ip | Pod | Ns | Obs | | ----------------- | ----------- | ----------- | -------------------------- | -| 192.168.100.200 | ------- | kube-public | ** ingress controller | -| 192.168.100.202 | dashboard | kube-system | kubernetes-dashboard | -| 192.168.100.210 | jellyfin | prod | webui | -| 192.168.100.211 | qbittorrent | prod | webui | -| 192.168.100.212 | jellyfin | staging | webui | -| 192.168.100.213 | qbittorrent | staging | webui | -| | | | | +| 192.168.100.200 | gateway | kube-public | ** ingress controller | | 192.168.100.220 | jellyfin | prod | macvlan for DLNA broadcast | ## DNS rewrites Wildcard resolve `*.ak1pro.n1l.ro` to ingress svc private Ip globally - -If you read this, it is not used in the config but it works -as long as other DNS does not rewrite the DNS local query - -| FQDN | Ip | service | DNS | -| ---------------------------- | ----------------- | ------------ | -------------- | -| `*.stable.local` | 192.168.100.200 | service | ADGUARD | -| `*.staging.local` | 192.168.100.200 | service | ADGUARD | -| `jellyfin.stable.local` | 192.168.100.200 | service | Gateway | -| `jellyfin.staging.local` | 192.168.100.200 | service | Gateway | -| `qbittorrent.staging.local` | 192.168.100.200 | qbittorrent | Gateway | -| `qbittorrent.stable.local` | 192.168.100.200 | qbittorrent | Gateway |