Merge branch 'main' of https://github.com/illiumst/kubedeploy

apps/adguard/base/adguard-deployment.yaml

@@ -5,6 +5,7 @@ metadata:
   namespace: adguard
 spec:
   replicas: 1
+  revisionHistoryLimit: 1
   selector:
     matchLabels:
       app: adguard

apps/dashy/base/deployment.yaml

@@ -1,49 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: dashy
-  name: dashy
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: dashy
-  strategy: {}
-  template:
-    metadata:
-      labels:
-        app: dashy
-    spec:
-      containers:
-        - env:
-            - name: NODE_ENV
-              value: production
-          image: ghcr.io/lissy93/dashy:latest
-          livenessProbe:
-            exec:
-              command:
-                - node
-                - /app/services/healthcheck
-            failureThreshold: 3
-            initialDelaySeconds: 40
-            periodSeconds: 90
-            timeoutSeconds: 10
-          name: dashy
-          ports:
-            - name: http
-              containerPort: 8080
-              protocol: TCP
-          resources:
-            limits:
-              cpu: "0.3"
-              memory: "1G"
-          volumeMounts:
-            - name: config
-              mountPath: /app/user-data
-              subPath: b2475220-0041-4aef-9436-ec17e00485a9
-      restartPolicy: Always
-      volumes:
-        - name: config
-          persistentVolumeClaim:
-            claimName: dashy-pvc

apps/dashy/base/ingress.yaml

@@ -1,15 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: dashy
-  namespace: dashy
-spec:
-  entryPoints:
-    - websecure-local
-  tls: {}
-  routes:
-  - match: Host(`dashy.steffenillium.de`)
-    kind: Rule
-    services:
-    - name: dashy
-      port: http

apps/emby/base/deployment.yaml

@@ -7,6 +7,7 @@ metadata:
   namespace: emby
 spec:
   replicas: 1
+  revisionHistoryLimit: 1
   strategy:
     type: Recreate
   selector:
@@ -47,7 +48,7 @@ spec:
           subPath: music
         resources:
           limits:
-            gpu.intel.com/i915: 1 # requesting 1 GPU
+            gpu.intel.com/i915: "1" # requesting 1 GPU
             cpu: "0.3"
             memory: "2G"
         livenessProbe:

apps/gitea/base/deployment.yaml

@@ -6,6 +6,7 @@ metadata:
   name: gitea
 spec:
   replicas: 1
+  revisionHistoryLimit: 1
   selector:
     matchLabels:
       app: gitea

apps/homepage/base/configmap.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: homepage
+  labels:
+    app.kubernetes.io/name: homepage
+data:
+  kubernetes.yaml: |
+    mode: cluster

apps/homepage/base/deployment.yaml

@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: homepage
+  name: homepage
+spec:
+  replicas: 1
+  revisionHistoryLimit: 1
+  selector:
+    matchLabels:
+      app: homepage
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: homepage
+    spec:
+      serviceAccountName: homepage
+      automountServiceAccountToken: true
+      dnsPolicy: ClusterFirst
+      enableServiceLinks: true
+      containers:
+        - image: ghcr.io/gethomepage/homepage:latest
+          name: homepage
+          ports:
+            - containerPort: 3000
+              hostPort: 3000
+              protocol: TCP
+              name: http
+          resources:
+            limits:
+              cpu: "0.1"
+              memory: "250M"
+          volumeMounts:
+            - mountPath: /app/config
+              name: homepage-pvc
+      restartPolicy: Always
+      hostAliases:
+        - ip: "192.168.178.102"
+          hostnames:
+          - "emby.steffenillium.de"
+          - "traefik.steffenillium.de"
+          - "photos.steffenillium.de"
+          - "newcloud.steffenillium.de"
+          - "documents.steffenillium.de"
+      volumes:
+        - name: homepage-pvc
+          persistentVolumeClaim:
+            claimName: homepage-pvc

apps/homepage/base/ingress.yaml

@@ -0,0 +1,20 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: homepage
+  namespace: homepage
+spec:
+  entryPoints:
+    - websecure-local
+  tls: {}
+  routes:
+  - match: Host(`hp.steffenillium.de`)
+    kind: Rule
+    services:
+    - name: homepage
+      port: http
+      sticky:
+        cookie:
+          httpOnly: true
+          secure: true
+          sameSite: none

apps/homepage/base/kustomization.yaml

@@ -4,5 +4,6 @@ resources:
 - deployment.yaml
 - ingress.yaml
 - namespace.yaml
-- service.yaml
 - pvc.yaml
+- service.yaml
+- configmap.yaml

apps/homepage/base/namespace.yaml

@@ -1,4 +1,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: dashy
+  name: homepage

apps/homepage/base/pvc.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: dashy-pvc
+  name: homepage-pvc
 spec:
   accessModes:
     - ReadWriteMany
@@ -11,12 +11,12 @@ spec:
   storageClassName: ""
   volumeMode: Filesystem
   # volumeName should be same as PV name
-  volumeName: dashy
+  volumeName: homepage
 ---
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: dashy
+  name: homepage
 spec:
   accessModes:
   - ReadWriteMany
@@ -35,10 +35,10 @@ spec:
       # Required options from storageclass parameters need to be added in volumeAttributes
       "clusterID": "rook-ceph"
       "staticVolume": "true"
-      "rootPath": /volumes/csi/dashy
+      "rootPath": /volumes/csi/homepage
     # volumeHandle can be anything, need not to be same
     # as PV name or volume name. keeping same for brevity
-    volumeHandle: dashy
+    volumeHandle: homepage
   persistentVolumeReclaimPolicy: Retain
   volumeMode: Filesystem
 

apps/homepage/base/service.yaml

@@ -2,12 +2,14 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    app: dashy
-  name: dashy
+    app: homepage
+  name: homepage
 spec:
   ports:
     - name: http
-      port: 4000
+      port: 3000
       targetPort: http
   selector:
-    app: dashy
+    app: homepage
+status:
+  loadBalancer: {}

apps/homepage/kustomization.yaml

@@ -1,7 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
-namespace: dashy
+namespace: homepage
 
 resources:
 - base
+- security

apps/homepage/security/clusterrole.yaml

@@ -0,0 +1,46 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: homepage
+  labels:
+    app: homepage
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+      - pods
+      - nodes
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - extensions
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - traefik.containo.us
+      - traefik.io
+    resources:
+      - ingressroutes
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - metrics.k8s.io
+    resources:
+      - nodes
+      - pods
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions/status
+    verbs:
+      - get

apps/homepage/security/clusterrolebinding.yaml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: homepage
+  labels:
+    app: homepage
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: homepage
+subjects:
+  - kind: ServiceAccount
+    name: homepage
+    

apps/homepage/security/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- clusterrole.yaml
+- clusterrolebinding.yaml
+- secret.yaml
+- serviceaccount.yaml

apps/homepage/security/secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/service-account-token
+metadata:
+  name: homepage
+  labels:
+    app: homepage
+  annotations:
+    kubernetes.io/service-account.name: homepage

apps/homepage/security/serviceaccount.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: homepage
+  labels:
+    app: homepage
+secrets:
+  - name: homepage

apps/nextcloud/base/app.yaml

@@ -6,6 +6,7 @@ metadata:
   name: nextcloud
 spec:
   replicas: 1
+  revisionHistoryLimit: 1
   selector:
     matchLabels:
       app: nextcloud
@@ -19,6 +20,24 @@ spec:
       containers:
         - name: cron
           image: nextcloud:latest
+          env:
+            - name: MYSQL_DATABASE
+              value: nextcloud
+            - name: MYSQL_HOST
+              value: maridb:3306
+            - name: MYSQL_USER
+              value: nextcloud
+            - name: PHP_MEMORY_LIMIT
+              value: 2G
+            - name: PHP_UPLOAD_LIMIT
+              value: 100G
+            - name: REDIS_HOST
+              value: redis
+            - name: MYSQL_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: nextcloud-secret
+                  key: MYSQL_PASSWORD
           volumeMounts:
             - mountPath: /var/www/html
               name: nextcloud-pvc
@@ -27,59 +46,13 @@ spec:
               name: nextcloud-data
           command: [ "/cron.sh" ]
           resources: {}
-        - image: mariadb
-          name: mariadb
-          args:
-            - --transaction-isolation=READ-COMMITTED
-            - --binlog-format=ROW
-            - --innodb-file-per-table=1
-            - --skip-innodb-read-only-compressed
-          env:
-            - name: MARIADB_ROOT_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: nextcloud-secret
-                  key: MARIADB_ROOT_PASSWORD
-            - name: MYSQL_DATABASE
-              value: nextcloud
-            - name: MYSQL_USER
-              value: nextcloud
-            - name: REDIS_HOST
-              value: 127.0.0.1
-            - name: MYSQL_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: nextcloud-secret
-                  key: MYSQL_PASSWORD
-          resources:
-            limits:
-              cpu: "0.3"
-              memory: "1G"
-          ports:
-            - name: mariadb
-              containerPort: 3306
-              protocol: TCP
-          volumeMounts:
-            - mountPath: /var/lib/mysql
-              name: nextcloud-pvc
-              subPath: 99f37b73-8f14-44b2-9211-af5de21de749/db-storage
-        - image: redis:alpine
-          name: redis
-          resources:
-            limits:
-              cpu: "0.1"
-              memory: "250M"
-          ports:
-            - name: redis
-              containerPort: 6379
-              protocol: TCP
         - image: nextcloud
           name: nextcloud
           env:
             - name: MYSQL_DATABASE
               value: nextcloud
             - name: MYSQL_HOST
-              value: 127.0.0.1:3306
+              value: maridb:3306
             - name: MYSQL_USER
               value: nextcloud
             - name: PHP_MEMORY_LIMIT
@@ -87,7 +60,7 @@ spec:
             - name: PHP_UPLOAD_LIMIT
               value: 100G
             - name: REDIS_HOST
-              value: 127.0.0.1
+              value: redis
             - name: MYSQL_PASSWORD
               valueFrom:
                 secretKeyRef:
@@ -97,10 +70,7 @@ spec:
             - name: nextcloud
               containerPort: 80
               protocol: TCP
-          resources:
-            limits:
-              cpu: "0.5"
-              memory: "2G"
+          resources: {}
           volumeMounts:
             - mountPath: /var/www/html
               name: nextcloud-pvc
@@ -117,6 +87,4 @@ spec:
             server: 192.168.178.4
             path: /mnt/storage/service/nextcloud/data
             readOnly: false
-
-
-            
+          

apps/nextcloud/base/database-service.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mariadb
+spec:
+  ports:
+    - name: mariadb
+      port: 3306
+      targetPort: mariadb
+  selector:
+    app: mariadb

apps/nextcloud/base/database.yaml

@@ -0,0 +1,63 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: mariadb
+  name: mariadb
+spec:
+  replicas: 1
+  revisionHistoryLimit: 1
+  selector:
+    matchLabels:
+      app: mariadb
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: mariadb
+    spec:
+      containers:
+        - image: mariadb
+          name: mariadb
+          args:
+            - --transaction-isolation=READ-COMMITTED
+            - --binlog-format=ROW
+            - --innodb-file-per-table=1
+            - --skip-innodb-read-only-compressed
+          env:
+            - name: MARIADB_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: nextcloud-secret
+                  key: MARIADB_ROOT_PASSWORD
+            - name: MYSQL_DATABASE
+              value: nextcloud
+            - name: MYSQL_USER
+              value: nextcloud
+            - name: REDIS_HOST
+              value: 127.0.0.1
+            - name: MYSQL_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: nextcloud-secret
+                  key: MYSQL_PASSWORD
+          resources:
+            limits:
+              cpu: "0.3"
+              memory: "1G"
+          ports:
+            - name: mariadb
+              containerPort: 3306
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /var/lib/mysql
+              name: nextcloud-pvc
+              subPath: 99f37b73-8f14-44b2-9211-af5de21de749/db-storage
+
+      restartPolicy: Always
+      volumes:
+        - name: nextcloud-pvc
+          persistentVolumeClaim:
+            claimName: nextcloud-pvc
+                        

apps/nextcloud/base/kustomization.yaml

@@ -4,9 +4,13 @@ kind: Kustomization
 namespace: nextcloud
 
 resources:
-- deployment.yaml
+- app.yaml
+- redis.yaml
+- database.yaml
 - pvc.yaml
-- service.yaml
+- app-service.yaml
+- database-service.yaml
+- redis-service.yaml
 - ingress.yaml
 - middleware.yaml
 - secret-sealed.yaml

apps/nextcloud/base/redis-service.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis
+spec:
+  ports:
+    - name: redis
+      port: 6379
+      targetPort: redis
+  selector:
+    app: redis

apps/nextcloud/base/redis.yaml

@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: redis
+  name: redis
+spec:
+  replicas: 1
+  revisionHistoryLimit: 1
+  selector:
+    matchLabels:
+      app: redis
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: redis
+    spec:
+      containers:
+        - image: redis:alpine
+          name: redis
+          resources:
+            limits: {}
+          ports:
+            - name: redis
+              containerPort: 6379
+              protocol: TCP
+      
+      restartPolicy: Always
+           

apps/paperless/base/database.yaml

@@ -6,6 +6,7 @@ metadata:
   name: paperless-webserver
 spec:
   replicas: 1
+  revisionHistoryLimit: 1
   selector:
     matchLabels:
       app: paperless-webserver
@@ -46,10 +47,7 @@ spec:
             - name: http 
               containerPort: 8000
               protocol: TCP
-          resources:
-            limits:
-              cpu: "0.2"
-              memory: "2G"
+          resources: {}
           volumeMounts:
             - mountPath: /usr/src/paperless/data
               name: paperless-pvc
@@ -98,10 +96,7 @@ spec:
           ports:
             - containerPort: 6379
               protocol: TCP
-          resources:
-            limits:
-              cpu: "0.1"
-              memory: "250M"
+          resources: {}
       restartPolicy: Always
       volumes:
         - name: paperless-pvc

apps/sftpgo/base/deployment.yaml

@@ -12,6 +12,7 @@ spec:
   strategy:
     type: Recreate
   replicas: 1
+  revisionHistoryLimit: 1
   selector:
     matchLabels:
       app.kubernetes.io/instance: sftpgo

apps/vaultwarden/base/deployment.yaml

@@ -6,6 +6,7 @@ metadata:
   name: vaultwarden
 spec:
   replicas: 1
+  revisionHistoryLimit: 1
   selector:
     matchLabels:
       app: vaultwarden