diff --git a/cluster/apps/irc/kustomization.yaml b/cluster/apps/irc/kustomization.yaml new file mode 100644 index 0000000..383acde --- /dev/null +++ b/cluster/apps/irc/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./namespace.yaml +- ./network_policy.yaml +- ./znc +- ./thelounge \ No newline at end of file diff --git a/cluster/apps/irc/namespace.yaml b/cluster/apps/irc/namespace.yaml new file mode 100644 index 0000000..997b900 --- /dev/null +++ b/cluster/apps/irc/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: irc + labels: + name: irc \ No newline at end of file diff --git a/cluster/apps/irc/network_policy.yaml b/cluster/apps/irc/network_policy.yaml new file mode 100644 index 0000000..5d3494d --- /dev/null +++ b/cluster/apps/irc/network_policy.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: deny-most-allow-some + namespace: irc +spec: + # Apply to all pods in this namespace + podSelector: {} + ingress: + - from: + # Allow all pods in this namespace + - namespaceSelector: + matchLabels: + name: "irc" +# - podSelector: {} + + # Allow traefik pods + - namespaceSelector: + matchLabels: + name: "traefik" + + # Allow all pods with this label + - podSelector: + matchLabels: + needsIRC: "yes" \ No newline at end of file diff --git a/cluster/apps/irc/thelounge/helm-release.yaml b/cluster/apps/irc/thelounge/helm-release.yaml new file mode 100644 index 0000000..645e0e2 --- /dev/null +++ b/cluster/apps/irc/thelounge/helm-release.yaml @@ -0,0 +1,60 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: thelounge + namespace: irc +spec: + interval: 5m + chart: + spec: + chart: app-template + version: 1.3.x + sourceRef: + kind: HelmRepository + name: bjws-charts + namespace: flux-system + + values: + image: + repository: lscr.io/linuxserver/thelounge + tag: latest + env: + TZ: America/New_York + PGID: "1000" + PUID: "1000" + service: + main: + ports: + http: + port: 9000 + probes: + liveness: + enabled: false + ingress: + main: + enabled: true + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd + hosts: + - host: &host "lounge.${SECRET_NEW_DOMAIN}" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - *host + secretName: wildcard-main-tls + persistence: + config: + enabled: true + type: hostPath + hostPath: /mnt/MainPool/Kubernetes/thelounge + mountPath: /config + + resources: + requests: + cpu: 1m + memory: 40Mi + limits: + memory: 300Mi \ No newline at end of file diff --git a/cluster/apps/irc/thelounge/kustomization.yaml b/cluster/apps/irc/thelounge/kustomization.yaml new file mode 100644 index 0000000..ea3145d --- /dev/null +++ b/cluster/apps/irc/thelounge/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./helm-release.yaml \ No newline at end of file diff --git a/cluster/apps/irc/znc/helm-release.yaml b/cluster/apps/irc/znc/helm-release.yaml new file mode 100644 index 0000000..b52be33 --- /dev/null +++ b/cluster/apps/irc/znc/helm-release.yaml @@ -0,0 +1,56 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: znc + namespace: irc +spec: + interval: 5m + chart: + spec: + chart: app-template + version: 1.3.x + sourceRef: + kind: HelmRepository + name: bjws-charts + namespace: flux-system + + values: + image: + repository: znc + tag: latest + service: + main: + ports: + http: + port: 6501 + probes: + liveness: + enabled: false + ingress: + main: + enabled: true + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd + hosts: + - host: &host "znc.${SECRET_NEW_DOMAIN}" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - *host + secretName: wildcard-main-tls + persistence: + config: + enabled: true + type: hostPath + hostPath: /mnt/MainPool/Kubernetes/znc + mountPath: /config + + resources: + requests: + cpu: 1m + memory: 4Mi + limits: + memory: 100Mi \ No newline at end of file diff --git a/cluster/apps/irc/znc/kustomization.yaml b/cluster/apps/irc/znc/kustomization.yaml new file mode 100644 index 0000000..ea3145d --- /dev/null +++ b/cluster/apps/irc/znc/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./helm-release.yaml \ No newline at end of file diff --git a/cluster/apps/kustomization.yaml b/cluster/apps/kustomization.yaml index 31d3000..a8c6cb4 100644 --- a/cluster/apps/kustomization.yaml +++ b/cluster/apps/kustomization.yaml @@ -6,4 +6,5 @@ resources: - ./media - ./download - ./management -- ./tools \ No newline at end of file +- ./tools +- ./irc \ No newline at end of file diff --git a/docs/todo.md b/docs/todo.md index 0019378..0c38278 100644 --- a/docs/todo.md +++ b/docs/todo.md @@ -13,7 +13,7 @@ TODO: - [ ] Grafana - [ ] Grafana Loki - [ ] uptime-kuma -- [ ] IRC +- [x] IRC - [ ] Harbor - [ ] CDN (nginx filelist) - [ ] Budget (firefly-iii)