From 612f5d05b41e47da7a7637f19e31dc848a43a380 Mon Sep 17 00:00:00 2001 From: Jos Wilbrink Date: Fri, 19 Jan 2024 22:08:49 +0100 Subject: [PATCH] first commit --- README.md | 1 + gitea/deploy.yml | 37 +++++++ gitea/ingress-routes.yaml | 23 ++++ gitea/pvc-gitea.yml | 17 +++ gitea/service.yml | 13 +++ mattermost/README.md | 1 + mattermost/database.yml | 68 ++++++++++++ mattermost/ingress-routes.yaml | 23 ++++ mattermost/install.sh | 7 ++ mattermost/job.yml | 19 ++++ mattermost/job.yml.bak | 27 +++++ mattermost/mattermost-app.yml | 64 +++++++++++ mattermost/pvc-mattermost.yml | 29 +++++ mattermost/secrets.yml | 12 ++ mattermost/service.yml | 14 +++ mattermost/uninstall.sh | 7 ++ prometheus/ingress-routes.rancher.yaml | 22 ++++ prometheus/ingress-routes.yaml | 45 ++++++++ prometheus/prometheus-nfs-pvc.yml | 11 ++ proxies/auth | 1 + proxies/svc-adguard.yml | 46 ++++++++ proxies/svc-dsm.yml | 46 ++++++++ proxies/svc-edge.yml | 47 ++++++++ proxies/svc-foto.yml | 47 ++++++++ proxies/svc-gateway.yml | 140 +++++++++++++++++++++++ proxies/svc-henk.yml | 32 ++++++ proxies/svc-kpn.yml | 53 +++++++++ proxies/svc-loki.yml | 46 ++++++++ proxies/svc-portainer.yml | 46 ++++++++ storageclass/data-hostpath-sc.yml | 9 ++ unifi/manifest.yml | 148 +++++++++++++++++++++++++ unifi/pvc-unifi.yml | 11 ++ 32 files changed, 1112 insertions(+) create mode 100644 README.md create mode 100644 gitea/deploy.yml create mode 100644 gitea/ingress-routes.yaml create mode 100644 gitea/pvc-gitea.yml create mode 100644 gitea/service.yml create mode 100644 mattermost/README.md create mode 100644 mattermost/database.yml create mode 100644 mattermost/ingress-routes.yaml create mode 100755 mattermost/install.sh create mode 100644 mattermost/job.yml create mode 100644 mattermost/job.yml.bak create mode 100644 mattermost/mattermost-app.yml create mode 100644 mattermost/pvc-mattermost.yml create mode 100644 mattermost/secrets.yml create mode 100644 mattermost/service.yml create mode 100755 mattermost/uninstall.sh create mode 100644 prometheus/ingress-routes.rancher.yaml create mode 100644 prometheus/ingress-routes.yaml create mode 100644 prometheus/prometheus-nfs-pvc.yml create mode 100644 proxies/auth create mode 100644 proxies/svc-adguard.yml create mode 100644 proxies/svc-dsm.yml create mode 100644 proxies/svc-edge.yml create mode 100644 proxies/svc-foto.yml create mode 100644 proxies/svc-gateway.yml create mode 100644 proxies/svc-henk.yml create mode 100644 proxies/svc-kpn.yml create mode 100644 proxies/svc-loki.yml create mode 100644 proxies/svc-portainer.yml create mode 100644 storageclass/data-hostpath-sc.yml create mode 100644 unifi/manifest.yml create mode 100644 unifi/pvc-unifi.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..f256dc9 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +# This dir contains all installed k8s stuff on belle diff --git a/gitea/deploy.yml b/gitea/deploy.yml new file mode 100644 index 0000000..ad2db2e --- /dev/null +++ b/gitea/deploy.yml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: gitea-repo +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitea + namespace: gitea-repo + labels: + app: gitea +spec: + replicas: 1 + selector: + matchLabels: + app: gitea + template: + metadata: + labels: + app: gitea + spec: + containers: + - name: gitea + image: gitea/gitea:1.21.4 + ports: + - containerPort: 3000 + name: gitea + - containerPort: 22 + name: git-ssh + volumeMounts: + - mountPath: /data + name: git-data + volumes: + - name: git-data + persistentVolumeClaim: + claimName: gitea-pvc diff --git a/gitea/ingress-routes.yaml b/gitea/ingress-routes.yaml new file mode 100644 index 0000000..9df897b --- /dev/null +++ b/gitea/ingress-routes.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-routes-gitea + namespace: gitea-repo + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + tls: + - hosts: + - git.jsnet.io + secretName: tls-secret-mattermost + rules: + - host: git.jsnet.io + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: gitea-svc + port: + number: 3000 diff --git a/gitea/pvc-gitea.yml b/gitea/pvc-gitea.yml new file mode 100644 index 0000000..d681cf4 --- /dev/null +++ b/gitea/pvc-gitea.yml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + finalizers: + - kubernetes.io/pvc-protection + labels: + app: gitea + name: gitea-pvc + namespace: gitea-repo +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi + storageClassName: data-hostpath + volumeMode: Filesystem diff --git a/gitea/service.yml b/gitea/service.yml new file mode 100644 index 0000000..d83a4bc --- /dev/null +++ b/gitea/service.yml @@ -0,0 +1,13 @@ +kind: Service +apiVersion: v1 +metadata: + name: gitea-svc + namespace: gitea-repo +spec: + selector: + app: gitea + ports: + - name: gitea-http + port: 3000 + - name: gitea-ssh + port: 22 diff --git a/mattermost/README.md b/mattermost/README.md new file mode 100644 index 0000000..4a85e85 --- /dev/null +++ b/mattermost/README.md @@ -0,0 +1 @@ +https://computingforgeeks.com/install-and-configure-mattermost-on-a-kubernetes-cluster/ diff --git a/mattermost/database.yml b/mattermost/database.yml new file mode 100644 index 0000000..6c4f2c8 --- /dev/null +++ b/mattermost/database.yml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Service +metadata: + name: mariadb + namespace: mattermost +spec: + selector: + app: mariadb + ports: + - name: mariadb + protocol: TCP + port: 3306 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mariadb + namespace: mattermost + labels: + app: mariadb +spec: + selector: + matchLabels: + app: mariadb + template: + metadata: + labels: + app: mariadb + spec: + containers: + - name: mariadb + image: mariadb:10.8 + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mattermost.env + key: ROOT_PASSWORD + - name: MYSQL_DATABASE + valueFrom: + secretKeyRef: + name: mattermost.env + key: DATABASE + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: mattermost.env + key: USER + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: mattermost.env + key: PASSWORD + ports: + - containerPort: 3306 + name: mariadb + volumeMounts: + - name: mariadb-storage + mountPath: /var/lib/mysql + - name: mariadb-backup + mountPath: /mnt/bak + volumes: + - name: mariadb-storage + persistentVolumeClaim: + claimName: mattermost-pvc + - name: mariadb-backup + persistentVolumeClaim: + claimName: mattermost-backup-pvc diff --git a/mattermost/ingress-routes.yaml b/mattermost/ingress-routes.yaml new file mode 100644 index 0000000..6addc88 --- /dev/null +++ b/mattermost/ingress-routes.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-routes-mattermost + namespace: mattermost + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + tls: + - hosts: + - mm.jsnet.io + secretName: tls-secret-mattermost + rules: + - host: mm.jsnet.io + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: mattermost-svc + port: + number: 8065 diff --git a/mattermost/install.sh b/mattermost/install.sh new file mode 100755 index 0000000..bcf9dd9 --- /dev/null +++ b/mattermost/install.sh @@ -0,0 +1,7 @@ +#!/bin/zsh +kubectl create ns mattermost +kubectl apply -f secrets.yml +kubectl apply -f pvc-mattermost.yml +kubectl apply -f database.yml +kubectl apply -f service.yml +kubectl apply -f mattermost-app.yml diff --git a/mattermost/job.yml b/mattermost/job.yml new file mode 100644 index 0000000..b640149 --- /dev/null +++ b/mattermost/job.yml @@ -0,0 +1,19 @@ +apiVersion: batch/v1 +kind: Job +metadata: + creationTimestamp: null + name: backupmaria + namespace: mattermost +spec: + template: + metadata: + creationTimestamp: null + spec: + containers: + - command: + - mysqldump + image: imega/mysql-client + name: backupmaria + resources: {} + restartPolicy: Never +status: {} diff --git a/mattermost/job.yml.bak b/mattermost/job.yml.bak new file mode 100644 index 0000000..e8315bf --- /dev/null +++ b/mattermost/job.yml.bak @@ -0,0 +1,27 @@ +apiVersion: batch/v1 +kind: Job +metadata: + creationTimestamp: null + name: backupmaria + namespace: mattermost +spec: + template: + metadata: + creationTimestamp: null + spec: + containers: + - command: + - mysqldump + - -h + - mariadb.mattermost.svc.cluster.local + - --skip-column-statistics + - -umattermost + - -pAkzq#20! + - mattermost + - > + - /mnt/bak/mm$(date "+%Y-%m-%d-%H").sql + image: imega/mysql-client + name: backupmaria + resources: {} + restartPolicy: Never +status: {} diff --git a/mattermost/mattermost-app.yml b/mattermost/mattermost-app.yml new file mode 100644 index 0000000..a0c0c21 --- /dev/null +++ b/mattermost/mattermost-app.yml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mattermost-app + labels: + app: mattermost-app + tier: app + namespace: mattermost +spec: + selector: + matchLabels: + app: mattermost-app + template: + metadata: + labels: + app: mattermost-app + spec: + containers: + - name: mattermost-app + image: "mattermost/mattermost-team-edition:latest" + env: + - name: DB_TYPE + value: "mariadb" + - name: DB_HOST + value: "mariadb" + - name: DB_PORT_NUMBER + value: "3306" + - name: MM_USERNAME + valueFrom: + secretKeyRef: + name: mattermost.env + key: USER + - name: MM_PASSWORD + valueFrom: + secretKeyRef: + name: mattermost.env + key: PASSWORD + - name: MM_DBNAME + valueFrom: + secretKeyRef: + name: mattermost.env + key: DATABASE + - name: MM_SQLSETTINGS_DATASOURCE + value: "mattermost:Akzq#20!@tcp(mariadb:3306)/mattermost?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s" + - name: MM_SQLSETTINGS_DRIVERNAME + value: "mysql" + ports: + - containerPort: 8065 + name: http + volumeMounts: + # optional persistent storage + #- name: appdata + #mountPath: /mattermost/data + - name: etclocaltime + mountPath: /etc/localtime + readOnly: true + volumes: + # optional persistent storage + #- name: appdata + #persistentVolumeClaim: + # claimName: mattermost-app + - name: etclocaltime + hostPath: + path: /etc/localtime diff --git a/mattermost/pvc-mattermost.yml b/mattermost/pvc-mattermost.yml new file mode 100644 index 0000000..e1af33b --- /dev/null +++ b/mattermost/pvc-mattermost.yml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + finalizers: + - kubernetes.io/pvc-protection + labels: + app: mattermost + name: mattermost-pvc + namespace: mattermost +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi + storageClassName: data-hostpath + volumeMode: Filesystem +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mattermost-backup-pvc + namespace: mattermost +spec: + storageClassName: data-hostpath + accessModes: [ReadWriteOnce] + resources: + requests: + storage: 5Gi diff --git a/mattermost/secrets.yml b/mattermost/secrets.yml new file mode 100644 index 0000000..a98576b --- /dev/null +++ b/mattermost/secrets.yml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mattermost.env + namespace: mattermost +type: Opaque +data: + ROOT: cm9vdA== + ROOT_PASSWORD: QWt6cSMyMCE= + DATABASE: bWF0dGVybW9zdA== + USER: bWF0dGVybW9zdA== + PASSWORD: QWt6cSMyMCE= diff --git a/mattermost/service.yml b/mattermost/service.yml new file mode 100644 index 0000000..9becddd --- /dev/null +++ b/mattermost/service.yml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: "mattermost-svc" + namespace: mattermost +spec: + type: ClusterIP + ports: + - name: http + port: 8065 + targetPort: 8065 + protocol: TCP + selector: + app: mattermost-app diff --git a/mattermost/uninstall.sh b/mattermost/uninstall.sh new file mode 100755 index 0000000..496a18e --- /dev/null +++ b/mattermost/uninstall.sh @@ -0,0 +1,7 @@ +#!/bin/zsh +kubectl delete -f mattermost-app.yml +kubectl delete -f secrets.yml +kubectl delete -f pvc-mattermost.yml +kubectl delete -f database.yml +kubectl delete -f service.yml +kubectl delete ns mattermost diff --git a/prometheus/ingress-routes.rancher.yaml b/prometheus/ingress-routes.rancher.yaml new file mode 100644 index 0000000..f002df2 --- /dev/null +++ b/prometheus/ingress-routes.rancher.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-routes-rancher + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + tls: + - hosts: + - rancher.jsnet.io + secretName: tls-secret-rancher-ingress + rules: + - host: rancher.jsnet.io + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: rancher + port: + number: 80 diff --git a/prometheus/ingress-routes.yaml b/prometheus/ingress-routes.yaml new file mode 100644 index 0000000..a1c6992 --- /dev/null +++ b/prometheus/ingress-routes.yaml @@ -0,0 +1,45 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-routes-prometheus + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + tls: + - hosts: + - prometheus.jsnet.io + secretName: tls-secret-prometheus + rules: + - host: prometheus.jsnet.io + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: kube-prom-stack-kube-prome-prometheus + port: + number: 9090 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-routes-grafana + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + tls: + - hosts: + - grafana.jsnet.io + secretName: tls-secret-grafana + rules: + - host: grafana.jsnet.io + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: kube-prom-stack-grafana + port: + number: 80 diff --git a/prometheus/prometheus-nfs-pvc.yml b/prometheus/prometheus-nfs-pvc.yml new file mode 100644 index 0000000..4be5ce5 --- /dev/null +++ b/prometheus/prometheus-nfs-pvc.yml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: prometheus-nfs-pvc +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn-nfs + resources: + requests: + storage: 10Gi diff --git a/proxies/auth b/proxies/auth new file mode 100644 index 0000000..e8d15f7 --- /dev/null +++ b/proxies/auth @@ -0,0 +1 @@ +jos:$apr1$U.S33UfL$TNpHRGfk.pku1ceEAxLjO0 diff --git a/proxies/svc-adguard.yml b/proxies/svc-adguard.yml new file mode 100644 index 0000000..76d43b8 --- /dev/null +++ b/proxies/svc-adguard.yml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: Service +metadata: + name: proxy-service-adguard + namespace: proxies +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 3030 + name: http +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: proxy-service-adguard + namespace: proxies +subsets: +- addresses: + - ip: 192.168.5.198 + ports: + - port: 3030 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-route-adguard + namespace: proxies + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + tls: + - hosts: + - adguard.jsnet.io + secretName: tls-secret-adguard + rules: + - host: adguard.jsnet.io + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: proxy-service-adguard + port: + number: 80 diff --git a/proxies/svc-dsm.yml b/proxies/svc-dsm.yml new file mode 100644 index 0000000..a75e9b7 --- /dev/null +++ b/proxies/svc-dsm.yml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: Service +metadata: + name: proxy-service-dsm + namespace: proxies +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 5000 + name: http +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: proxy-service-dsm + namespace: proxies +subsets: +- addresses: + - ip: 192.168.5.54 + ports: + - port: 5000 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-route-dsm + namespace: proxies + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + tls: + - hosts: + - dsm.jsnet.io + secretName: tls-secret-dsm + rules: + - host: dsm.jsnet.io + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: proxy-service-dsm + port: + number: 80 diff --git a/proxies/svc-edge.yml b/proxies/svc-edge.yml new file mode 100644 index 0000000..a41f3e5 --- /dev/null +++ b/proxies/svc-edge.yml @@ -0,0 +1,47 @@ +apiVersion: v1 +kind: Service +metadata: + name: proxy-service-edge + namespace: proxies +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 8443 + name: http +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: proxy-service-edge + namespace: proxies +subsets: +- addresses: + - ip: 192.168.5.1 + ports: + - port: 8443 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-route-edge + namespace: proxies + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + tls: + - hosts: + - edge.jsnet.io + secretName: tls-secret-edge + rules: + - host: edge.jsnet.io + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: proxy-service-edge + port: + number: 80 diff --git a/proxies/svc-foto.yml b/proxies/svc-foto.yml new file mode 100644 index 0000000..92f4e9e --- /dev/null +++ b/proxies/svc-foto.yml @@ -0,0 +1,47 @@ +apiVersion: v1 +kind: Service +metadata: + name: proxy-service-foto + namespace: proxies +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 5080 + name: http +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: proxy-service-foto + namespace: proxies +subsets: +- addresses: + - ip: 192.168.5.54 + ports: + - port: 5080 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-route-foto + namespace: proxies + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" + nginx.ingress.kubernetes.io/proxy-body-size: "1000m" +spec: + tls: + - hosts: + - foto.jsnet.io + secretName: tls-secret-foto + rules: + - host: foto.jsnet.io + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: proxy-service-foto + port: + number: 80 diff --git a/proxies/svc-gateway.yml b/proxies/svc-gateway.yml new file mode 100644 index 0000000..842b015 --- /dev/null +++ b/proxies/svc-gateway.yml @@ -0,0 +1,140 @@ +apiVersion: v1 +kind: Service +metadata: + name: proxy-service-gw + namespace: proxies +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 5006 + name: http +--- +apiVersion: v1 +kind: Service +metadata: + name: proxy-service-gwapi + namespace: proxies +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 5005 + name: http +--- +apiVersion: v1 +kind: Service +metadata: + name: proxy-service-gwauth + namespace: proxies +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 5000 + name: http +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: proxy-service-gw + namespace: proxies +subsets: +- addresses: + - ip: 192.168.5.18 + ports: + - port: 5006 +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: proxy-service-gwapi + namespace: proxies +subsets: +- addresses: + - ip: 192.168.5.18 + ports: + - port: 5005 +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: proxy-service-gwauth + namespace: proxies +subsets: +- addresses: + - ip: 192.168.5.18 + ports: + - port: 5000 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-route-gw + namespace: proxies + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + tls: + - hosts: + - gw.jsnet.io + secretName: tls-secret-gw + rules: + - host: gw.jsnet.io + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: proxy-service-gw + port: + number: 80 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-route-gwapi + namespace: proxies + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + tls: + - hosts: + - gwapi.jsnet.io + secretName: tls-secret-gwapi + rules: + - host: gwapi.jsnet.io + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: proxy-service-gwapi + port: + number: 80 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-route-gwauth + namespace: proxies + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + tls: + - hosts: + - gwauth.jsnet.io + secretName: tls-secret-gwauth + rules: + - host: gwauth.jsnet.io + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: proxy-service-gwauth + port: + number: 80 diff --git a/proxies/svc-henk.yml b/proxies/svc-henk.yml new file mode 100644 index 0000000..d0136f2 --- /dev/null +++ b/proxies/svc-henk.yml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: Service +metadata: + name: proxy-service-henk + namespace: proxies +spec: + type: ExternalName + externalName: foto.jsnet.io +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-route-henk + namespace: proxies + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + tls: + - hosts: + - henk.jsnet.io + secretName: tls-secret-henk + rules: + - host: henk.jsnet.io + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: proxy-service-henk + port: + number: 80 diff --git a/proxies/svc-kpn.yml b/proxies/svc-kpn.yml new file mode 100644 index 0000000..ca32075 --- /dev/null +++ b/proxies/svc-kpn.yml @@ -0,0 +1,53 @@ +apiVersion: v1 +kind: Service +metadata: + name: proxy-service-kpn + namespace: proxies +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 5000 + name: http +--- +apiVersion: discovery.k8s.io/v1 +kind: EndpointSlice +metadata: + name: proxy-service-kpn + labels: + # You should set the "kubernetes.io/service-name" label. + # Set its value to match the name of the Service + kubernetes.io/service-name: proxy-service-kpn +addressType: IPv4 +ports: + - name: '' + appProtocol: http + protocol: TCP + port: 80 +endpoints: + - addresses: + - "192.168.1.254" +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-route-kpn + namespace: proxies + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + tls: + - hosts: + - kpn.jsnet.io + secretName: tls-secret-kpn + rules: + - host: kpn.jsnet.io + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: proxy-service-kpn + port: + number: 80 diff --git a/proxies/svc-loki.yml b/proxies/svc-loki.yml new file mode 100644 index 0000000..a2e5d06 --- /dev/null +++ b/proxies/svc-loki.yml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: Service +metadata: + name: proxy-service-portainer + namespace: proxies +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 30777 + name: http +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: proxy-service-portainer + namespace: proxies +subsets: +- addresses: + - ip: 192.168.5.198 + ports: + - port: 30777 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-route-portainer + namespace: proxies + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + tls: + - hosts: + - portainer.jsnet.io + secretName: tls-secret-portainer + rules: + - host: portainer.jsnet.io + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: proxy-service-portainer + port: + number: 80 diff --git a/proxies/svc-portainer.yml b/proxies/svc-portainer.yml new file mode 100644 index 0000000..a2e5d06 --- /dev/null +++ b/proxies/svc-portainer.yml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: Service +metadata: + name: proxy-service-portainer + namespace: proxies +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 30777 + name: http +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: proxy-service-portainer + namespace: proxies +subsets: +- addresses: + - ip: 192.168.5.198 + ports: + - port: 30777 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-route-portainer + namespace: proxies + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + tls: + - hosts: + - portainer.jsnet.io + secretName: tls-secret-portainer + rules: + - host: portainer.jsnet.io + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: proxy-service-portainer + port: + number: 80 diff --git a/storageclass/data-hostpath-sc.yml b/storageclass/data-hostpath-sc.yml new file mode 100644 index 0000000..4653c95 --- /dev/null +++ b/storageclass/data-hostpath-sc.yml @@ -0,0 +1,9 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: data-hostpath +provisioner: microk8s.io/hostpath +reclaimPolicy: Delete +parameters: + pvDir: /data/pv +volumeBindingMode: WaitForFirstConsumer diff --git a/unifi/manifest.yml b/unifi/manifest.yml new file mode 100644 index 0000000..2ba3ce7 --- /dev/null +++ b/unifi/manifest.yml @@ -0,0 +1,148 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: unifi + labels: + name: unifi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: unifi-controller +spec: + replicas: 1 + selector: + matchLabels: + app: unifi-controller + template: + metadata: + labels: + app: unifi-controller + spec: + containers: + - name: unifi-controller + image: linuxserver/unifi-controller + imagePullPolicy: IfNotPresent + env: + - name: PUID + value: "0" + - name: PGID + value: "0" + ports: + - name: device-comm + containerPort: 8080 + protocol: TCP + - name: stun + containerPort: 3478 + protocol: UDP + - name: default-console + containerPort: 8443 + protocol: TCP + - name: secure-redirect + containerPort: 8843 + protocol: TCP + - name: http-redirect + containerPort: 8880 + protocol: TCP + - name: speedtest + containerPort: 6789 + protocol: TCP + - name: unifi-disc + containerPort: 10001 + protocol: UDP + - name: unifi-disc-l2 + containerPort: 1900 + protocol: UDP + resources: + requests: + cpu: "250m" + memory: "1024Mi" + limits: + cpu: "512m" + memory: "2048Mi" + volumeMounts: + - name: unifi-data + mountPath: /config + volumes: + - name: unifi-data + persistentVolumeClaim: + claimName: pvc-unifi +--- +apiVersion: v1 +kind: Service +metadata: + name: unifi-controller + labels: + app: unifi-controller +spec: + selector: + app: unifi-controller + ports: + - name: device-comm + port: 8080 + protocol: TCP + - name: stun + port: 3478 + protocol: UDP + - name: default-console + port: 8443 + protocol: TCP + - name: secure-redirect + port: 8843 + protocol: TCP + - name: http-redirect + port: 8880 + protocol: TCP + - name: speedtest + port: 6789 + protocol: TCP + - name: unifi-disc + port: 10001 + protocol: UDP + - name: unifi-disc-l2 + port: 1900 + protocol: UDP +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-routes-unifi + namespace: unifi + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + tls: + - hosts: + - ui.jsnet.io + secretName: tls-secret-ui + rules: + - host: ui.jsnet.io + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: unifi-controller + port: + number: 8443 + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: inform-route-unifi + namespace: unifi +spec: + rules: + - host: inform-unifi.jsnet.io + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: unifi-controller + port: + number: 8080 diff --git a/unifi/pvc-unifi.yml b/unifi/pvc-unifi.yml new file mode 100644 index 0000000..621f81d --- /dev/null +++ b/unifi/pvc-unifi.yml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: pvc-unifi + namespace: unifi +spec: + storageClassName: data-hostpath + accessModes: [ReadWriteOnce] + resources: + requests: + storage: 5Gi