SeanOMik
/
k3s-cluster
1
0
Fork 0
Code Issues 2 Pull Requests 33 Packages Projects Releases Wiki Activity

Move 'utilities' to 'management', add transfersh

This commit is contained in:
SeanOMik 2023-04-12 01:30:13 -04:00
parent 14afb67f86
commit 5cfcd8005e
Signed by: SeanOMik
GPG Key ID: 568F326C7EB33ACB
12 changed files with 120 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cluster/apps/kustomization.yaml
View File

@ -5,4 +5,4 @@ resources:
- ./authentik - ./authentik
- ./media - ./media
- ./download - ./download
- ./utility - ./management

2
cluster/apps/utility/guacamole/guacamole.sops.yaml → cluster/apps/management/guacamole/guacamole.sops.yaml
View File

@ -2,7 +2,7 @@ apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: guacamole-secret name: guacamole-secret
namespace: utility namespace: management
stringData: stringData:
OPENID_CLIENT_ID: ENC[AES256_GCM,data:rIJWHZ9rJQ1jwXL3+Mg00ZrcUwu4CevdOHRuP/EYjbUR5cKccvgwMg==,iv:NU7HCctec1PJeE9RAi7PhSpsNR9jxSTqh/7IJgKm9aw=,tag:vAPLHnK8HbsTaisLPY/vfQ==,type:str] OPENID_CLIENT_ID: ENC[AES256_GCM,data:rIJWHZ9rJQ1jwXL3+Mg00ZrcUwu4CevdOHRuP/EYjbUR5cKccvgwMg==,iv:NU7HCctec1PJeE9RAi7PhSpsNR9jxSTqh/7IJgKm9aw=,tag:vAPLHnK8HbsTaisLPY/vfQ==,type:str]
sops: sops:

2
cluster/apps/utility/guacamole/helm-release.yaml → cluster/apps/management/guacamole/helm-release.yaml
View File

@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease kind: HelmRelease
metadata: metadata:
name: guacamole name: guacamole
namespace: utility namespace: management
spec: spec:
interval: 5m interval: 5m
chart: chart:

0
cluster/apps/utility/guacamole/kustomization.yaml → cluster/apps/management/guacamole/kustomization.yaml
View File

0
cluster/apps/utility/kustomization.yaml → cluster/apps/management/kustomization.yaml
View File

6
cluster/apps/management/namespace.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: management
labels:
name: management

6
cluster/apps/utility/network_policy.yaml → cluster/apps/management/network_policy.yaml
View File

@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1
kind: NetworkPolicy kind: NetworkPolicy
metadata: metadata:
name: deny-most-allow-some name: deny-most-allow-some
namespace: utility namespace: management
spec: spec:
# Apply to all pods in this namespace # Apply to all pods in this namespace
podSelector: {} podSelector: {}
@ -11,7 +11,7 @@ spec:
# Allow all pods in this namespace # Allow all pods in this namespace
- namespaceSelector: - namespaceSelector:
matchLabels: matchLabels:
name: "utility" name: "management"
# Allow traefik pods # Allow traefik pods
- namespaceSelector: - namespaceSelector:
@ -21,4 +21,4 @@ spec:
# Allow all pods with this label # Allow all pods with this label
- podSelector: - podSelector:
matchLabels: matchLabels:
needsUtility: "yes" needsManagement: "yes"

6
cluster/apps/tools/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./namespace.yaml
- ./network_policy.yaml
- ./transfersh

4
cluster/apps/utility/namespace.yaml → cluster/apps/tools/namespace.yaml
View File

@ -1,6 +1,6 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: utility name: tools
labels: labels:
name: utility name: tools

25
cluster/apps/tools/network_policy.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-most-allow-some
namespace: tools
spec:
# Apply to all pods in this namespace
podSelector: {}
ingress:
- from:
# Allow all pods in this namespace
- namespaceSelector:
matchLabels:
name: "media"
# - podSelector: {}
# Allow traefik pods
- namespaceSelector:
matchLabels:
name: "traefik"
# Allow all pods with this label
- podSelector:
matchLabels:
needsTools: "yes"

71
cluster/apps/tools/transfersh/helm-release.yaml Normal file
View File

@ -0,0 +1,71 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: transfersh
namespace: tools
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 1.3.x
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
image:
repository: dutchcoders/transfer.sh
tag: latest
args:
- --provider
- local
- --basedir
- /storage/
- --temp-path
- /tmp/
- --max-upload-size
- "10000000"
service:
main:
ports:
http:
port: 8080
probes:
liveness:
enabled: false
ingress:
main:
enabled: true
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-production"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
hosts:
- host: "upload.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
persistence:
storage:
enabled: true
type: pvc
accessMode: ReadWriteOnce
size: 40Gi
mountPath: /storage
resources:
requests:
cpu: 3m
memory: 1500Mi
limits:
memory: 3000Mi

4
cluster/apps/tools/transfersh/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helm-release.yaml