Move 'utilities' to 'management', add transfersh

cluster/apps/kustomization.yaml

@@ -5,4 +5,4 @@ resources:
 - ./authentik
 - ./media
 - ./download
-- ./utility
+- ./management

cluster/apps/management/guacamole/guacamole.sops.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
     name: guacamole-secret
-    namespace: utility
+    namespace: management
 stringData:
     OPENID_CLIENT_ID: ENC[AES256_GCM,data:rIJWHZ9rJQ1jwXL3+Mg00ZrcUwu4CevdOHRuP/EYjbUR5cKccvgwMg==,iv:NU7HCctec1PJeE9RAi7PhSpsNR9jxSTqh/7IJgKm9aw=,tag:vAPLHnK8HbsTaisLPY/vfQ==,type:str]
 sops:

cluster/apps/management/guacamole/helm-release.yaml

@@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
   name: guacamole
-  namespace: utility
+  namespace: management
 spec:
   interval: 5m
   chart:

cluster/apps/management/namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: management
+  labels:
+    name: management

cluster/apps/management/network_policy.yaml

@@ -2,7 +2,7 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   name: deny-most-allow-some
-  namespace: utility
+  namespace: management
 spec:
   # Apply to all pods in this namespace
   podSelector: {}
@@ -11,7 +11,7 @@ spec:
     # Allow all pods in this namespace
     - namespaceSelector:
         matchLabels:
-          name: "utility"
+          name: "management"
 
     # Allow traefik pods
     - namespaceSelector:
@@ -21,4 +21,4 @@ spec:
     # Allow all pods with this label
     - podSelector:
         matchLabels:
-          needsUtility: "yes"
+          needsManagement: "yes"

cluster/apps/tools/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./namespace.yaml
+- ./network_policy.yaml
+- ./transfersh

cluster/apps/tools/namespace.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: utility
+  name: tools
   labels:
-    name: utility
+    name: tools

cluster/apps/tools/network_policy.yaml

@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: deny-most-allow-some
+  namespace: tools
+spec:
+  # Apply to all pods in this namespace
+  podSelector: {}
+  ingress:
+  - from:
+    # Allow all pods in this namespace
+    - namespaceSelector:
+        matchLabels:
+          name: "media"
+#    - podSelector: {}
+
+    # Allow traefik pods
+    - namespaceSelector:
+        matchLabels:
+          name: "traefik"
+
+    # Allow all pods with this label
+    - podSelector:
+        matchLabels:
+          needsTools: "yes"

cluster/apps/tools/transfersh/helm-release.yaml

@@ -0,0 +1,71 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: transfersh
+  namespace: tools
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.3.x
+      sourceRef:
+        kind: HelmRepository
+        name: bjws-charts
+        namespace: flux-system
+
+  values:
+    image:
+      repository: dutchcoders/transfer.sh
+      tag: latest
+
+    args:
+      - --provider
+      - local
+
+      - --basedir
+      - /storage/
+
+      - --temp-path
+      - /tmp/
+      
+      - --max-upload-size
+      - "10000000"
+
+    service:
+      main:
+        ports:
+          http:
+            port: 8080
+
+    probes:
+      liveness:
+        enabled: false
+
+    ingress:
+      main:
+        enabled: true
+        annotations:
+          cert-manager.io/cluster-issuer: "letsencrypt-production"
+          traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        hosts:
+          - host: "upload.${SECRET_NEW_DOMAIN}"
+            paths:
+              - path: /
+                pathType: Prefix
+
+    persistence:
+      storage:
+        enabled: true
+        type: pvc
+        accessMode: ReadWriteOnce
+        size: 40Gi
+        mountPath: /storage
+
+    resources:
+      requests:
+        cpu: 3m
+        memory: 1500Mi
+        
+      limits:
+        memory: 3000Mi

cluster/apps/tools/transfersh/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./helm-release.yaml