SeanOMik
/
k3s-cluster
1
0
Fork 0
Code Issues 2 Pull Requests 4 Packages Projects Releases Wiki Activity

Compare commits

base: SeanOMik:3d6d366dd95c39f684285a5e4202f4eeb97c496a
Branches Tags
SeanOMik:main
SeanOMik:renovate/app-template-3.x
SeanOMik:renovate/ghcr.io-onedr0p-qbittorrent-5.x
SeanOMik:renovate/postgresql-16.x
SeanOMik:renovate/mysql-12.x
SeanOMik:feat/thin-cluster
SeanOMik:feat/separate-huginn-agents
SeanOMik:wip/deluge
SeanOMik:renovate/configure
SeanOMik:feature/add-guacamole-again
SeanOMik:feature/readd-guacamole
SeanOMik:feature/zfs-alerts
SeanOMik:feature/bitnami-gitea-chart
..
compare: SeanOMik:914f5f16036101a509227fe9a86ae5da20f98300
Branches Tags
SeanOMik:main
SeanOMik:renovate/app-template-3.x
SeanOMik:renovate/ghcr.io-onedr0p-qbittorrent-5.x
SeanOMik:renovate/postgresql-16.x
SeanOMik:renovate/mysql-12.x
SeanOMik:feat/thin-cluster
SeanOMik:feat/separate-huginn-agents
SeanOMik:wip/deluge
SeanOMik:renovate/configure
SeanOMik:feature/add-guacamole-again
SeanOMik:feature/readd-guacamole
SeanOMik:feature/zfs-alerts
SeanOMik:feature/bitnami-gitea-chart

2 Commits
3d6d366dd9 ... 914f5f1603

Author SHA1 Message Date
SeanOMik 914f5f1603
chore: delete harbor 2024-01-27 00:16:40 -05:00
SeanOMik 0c1237a361
feat: Add Palworld as a game server 2024-01-27 00:16:38 -05:00
13 changed files with 177 additions and 228 deletions
Show Stats Expand all files Collapse all files

3
cluster/apps/game-servers/kustomization.yaml
View File

@ -3,4 +3,5 @@ kind: Kustomization
resources: resources:
- ./namespace.yaml - ./namespace.yaml
- ./network_policy.yaml - ./network_policy.yaml
- ./factorio #- ./factorio
- ./palworld

15
cluster/apps/game-servers/network_policy.yaml
View File

@ -12,7 +12,6 @@ spec:
- namespaceSelector: - namespaceSelector:
matchLabels: matchLabels:
name: "game-servers" name: "game-servers"
# - podSelector: {}
# Allow traefik pods # Allow traefik pods
- namespaceSelector: - namespaceSelector:
@ -23,3 +22,17 @@ spec:
- podSelector: - podSelector:
matchLabels: matchLabels:
needsGameServers: "yes" needsGameServers: "yes"
egress:
- to:
- ipBlock:
cidr: 192.168.87.0/24 # server lan
ports:
# palworld
- protocol: UDP
port: 8211
- protocol: UDP
port: 38211
- protocol: UDP
port: 25575
- protocol: UDP
port: 32575

84
cluster/apps/game-servers/palworld/helm-release.yaml Normal file
View File

@ -0,0 +1,84 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: palworld
namespace: game-servers
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 1.3.x
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
image:
repository: ghcr.io/jammsen/docker-palworld-dedicated-server
tag: 1ea15dc
env:
TZ: America/New_York
COMMUNITY_SERVER: false
# Game settings
IS_MULTIPLAY: true
DIFFICULTY: Difficult
NIGHTTIME_SPEEDRATE: 0.8 # shorter nights
SERVER_NAME: ThePalFuckers
SERVER_DESCRIPTION: A private Palworld dedi server running on a dedi server
COOP_PLAYER_MAX_NUM: 6 # 4 is default
RCON_ENABLED: true
RCON_PORT: 25575
envFrom:
- secretRef:
name: palworld-server-secret
service:
main:
type: NodePort
# annotations:
# metallb.universe.tf/allow-shared-ip: "main-ip-192.168.87.10"
# metallb.universe.tf/loadBalancerIPs: 192.168.87.10
ports:
http:
enabled: false
game:
enabled: true
primary: true
port: &game_port 8211
nodePort: 38211
protocol: UDP
rcon:
enabled: true
primary: true
port: 25575
nodePort: 32575
protocol: TCP
ingress:
main:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: factorio
hosts:
- host: "pal.${SECRET_NEW_DOMAIN}"
paths:
- path: /
pathType: Prefix
service:
port: *game_port
persistence:
data:
enabled: true
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/game-servers/palworld
mountPath: /palworld

5
cluster/apps/game-servers/palworld/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./server-pass.sops.yaml
- ./helm-release.yaml

70
cluster/apps/game-servers/palworld/server-pass.sops.yaml Normal file
View File

@ -0,0 +1,70 @@
apiVersion: v1
kind: Secret
metadata:
name: palworld-server-secret
data:
SERVER_PASSWORD: ENC[AES256_GCM,data:hmgj4tzEFH4Q3HZa,iv:1iQrKKeKC+FlPUmhSrrwlJvPCHK8rtEcHeCJtkwdpos=,tag:/TPAzdUsYbEP04JCOlogZw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-01-27T04:33:48Z"
mac: ENC[AES256_GCM,data:n36Uh2qW0+TIMoSAEDUpbKUmr+dju0Iu7TcZr9uh01WeWrF2pKpfs13kpOay84GyDcsz+EgBYWHoR5SqgRVVWtt82yI+GP5FMo1JNhQ9gdwvqAAlIj9gb6ZkzXm8K9IdKGwvsZciapJNMMQamgYsm/PInRQL++/uq0CqcByJLy4=,iv:m62/FUmrr9Z+4La0TLXC3Mz9RkbqoGYfq3uOqsVu1pk=,tag:IDBoF2PzYGzygD/AJLvo2A==,type:str]
pgp:
- created_at: "2024-01-27T04:33:48Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAyqlIeyoxYovAQ/9GWC4lYqJ+dlITYSESAGVrlWJ5qajTUoDtpIOtVfm5H5U
GAuQouQjferazQN6aBwtFLgCTN/IfOITOGrPuIm9rAzTyMdAF+lpt+lQ/9tnllgS
m+90cVx/KsrU+qWYkUZqB8Zelz2IMXZdbNtqfiSgTiZRv11pLqILFasjYQMoGajC
j99X4ytAf/lcDuRphKL5OLpBAkxduZHX9XzJKX/1SjQlGHhnrXYlYmH+5qAU83Kk
F0TT6fPtuQC+xCpk706nAGBKJV1qkebf9wgGw1Qpv87ZnrYYv1j9slOPJnkkHocq
wq/IKU/SeRUyWO1Plh/u+rq70lhvuQirR57qfV060HOiZBop5iGeRcno3eiOok7F
Qf4+FtkRGlSnxPzOKdCwmVdzpRa4g+NC5Y+hEWma5lFRq7qJ/aLMOhvNNjlo9wVX
pWfruPP25FckVCViGLOOfQs85rLdle+T/krwPXEZSdNCyUkb4rUFALpEBNUY4VRs
56pFml1EgGmDTUkJHtjF55gjKqVeFrJRjHRfOyQgmr9QTeZ7IQMFUPcPbhpYF46o
TI38aTFzNipQnnaT1fO3c6BDBOfm1F5gsaczagMjsBUmmobRSd89HN151g+10CNb
7MW/m+MppXxqKEZNqc2Aab303uuxygfFrMVBm//jqRaZXcmwM8J0wIExf7XgbaaF
AgwDXjg0p2IN1X8BEADHAv0TKr7ZR5209ABeaNsHTsnVzxPghgWQPxveeedZOUGo
WRa0SJVx76TTgGZ2xSnm1xBEHuU68yqtyDfBI2L/mOMp/6d/KIa96aH7LaWL9tip
6knWBBKt0VZVW5o731gBE6Nr3K9pPVsXOrHTjL8JsQld+84dLpkkL4WcryajPJCA
VXjf/CzXhbRK7vrqSiyuZbIZL99YGPusCgGzdTF0Qj7D9ZjMUg73AbqTNkrsvgIn
7nIuoLpktP9IsbS8Q0oMsWYdi/vBvMbcDdU2rERFf0sfmZqrPbllLLW9HvHtwOse
Xz6DZoF9eft9kbSpO9BdYM3/dWfY6Jsvs/bW5C87IXgdF90nqqQ4yhqJroL+1IvK
KazkT4Uq4WNPfVMTkHmZEiS5H4Ak1P4S40kbRsZZWiOqrfx/qVhKvgd5r87/DBPq
HWtkI9tWL5T59NbbA+YJCDfbdHqRpN0gxBewfhHwpH7tMhRdGCZ4ISgm9yNnr0Nk
MSAYT1aMb9mdAHDU6QYCK6CO8z96fuMyqe3B9Ga0UBPPJB/OEQFWJsgFfBJurYKg
xbboPeQ+XWhDgJFV4yDAooolPG+CDLrfTHWMwVFPHqKyf6zN7G+69Bfyqnk0M21U
XWDrw0LU/2lrZh8AxwhDS1Zpz/KJ15Y+EweW6HKtH3Rb2Dhmznv5G7Czr9C1ddRo
AQkCEJAZgZ/NkuwMTLk+Np5QFi2bmuexCHNFhUoEy/ojJtPo6Ck5F8O6GmAWSD9w
S/Yk/tWkEVKxw+vl6gDybGwq+p+udhciU5dHkmbdpxOeVrA2PsQI1nUDqLrd9gCG
wigodoObUTc=
=x08X
-----END PGP MESSAGE-----
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
- created_at: "2024-01-27T04:33:48Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VARAAsxfnIPUWatZhWCEQNVWGa1+SsZqbLHXbJiF0kqw+2Uix
lnpa5mIs+L8gFDb0wzS15PsO9IU81YR5LJ7t4M0M6WA/sRHVREzkn6nozIqX0zaZ
qgqiMyhNss4kvKoJTGHvl0F49HUjCJn5PB0dynG0YjdphOnFZs5BrtNfnlYjqZvf
2+ncbWAlPs/fcmB4TQs/Xvug19zxz9VDbmMfxmU26kNiNF45D4fgb+qJDEPB2TdB
CkftMUz1YDuLSi9icLNo2UhxAS8+JX5z1NkL7KOajEsueJIMWlFwt7IWMcx/7I51
qQquNvlNmaSoap49Ca/pA/X7K34uzrSQjslOz1H6lrbNJSVVCmkYzDbt4XrmnocR
Y7fO6Co2qKbVqZwmGKsBqUlH9NRDXkWTEjS25+igAItPeJRFR1nHXp/ZYu6HUh4g
tjF6V43KLn/1mssbeS7xkNRM3BfU67LyeeVUGWU79CFfTJSakwkTr1VW2HrwBrsU
C1m7BMDXpAlwdEooa/JfVNAdzzjE2B/o0Hlzbu9HfPC7alT06ExkUvl1tRgeZIwy
pfySkno2pvl2yxTzyBKDNAg/++PDk0xHfHwf15YOeowQZfspncJYPAplT45GWmoL
0E1WAY6oXmdlqjzCeNIkirB7fOtk1hGvC41UP+fKxtW3oqorn29ODCF0rxS+BG/U
aAEJAhD4aWEYAsC3g0Lb9mmcFNgmDAPKJdqeSgf1vh4Hd4NnM8Z/LUPQP5IZZma4
dw/Dv3kbDLOIgEacnil3VXgIv4ECSSR7tZcC1ouaAHVALzVdh+/tSE53Io5IqEnV
D00W0y+1grgp
=AzxP
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.8.1

24
cluster/apps/harbor/harbor-ingress.yaml
View File

@ -1,24 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: harbor-core-ingress
namespace: harbor
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
rules:
- host: &host "oci.${SECRET_NEW_DOMAIN}"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: harbor
port:
number: 80
tls:
- hosts:
- *host
secretName: wildcard-main-tls

27
cluster/apps/harbor/harbor-pv.yaml
View File

@ -1,27 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-pv
namespace: harbor
spec:
storageClassName: hostpath
persistentVolumeReclaimPolicy: Retain
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/MainPool/Kubernetes/harbor"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-pv-claim
namespace: harbor
spec:
storageClassName: hostpath
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi

64
cluster/apps/harbor/harbor.sops.yaml
View File

@ -1,64 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: harbor-secret
namespace: harbor
stringData:
REGISTRY_STORAGE_S3_ACCESSKEY: ENC[AES256_GCM,data:1k2KYsDvvQs=,iv:6GEFFeLSKH8+QxDg3rLR7q9h0jglYU4ou1byklt2x8w=,tag:JjFAs/3jsVhSBGJmbul4iQ==,type:str]
REGISTRY_STORAGE_S3_SECRETKEY: ENC[AES256_GCM,data:0U40z0y7vn2wPPyGt0dYQx80QuGoj7Ni/uJMtHgrc5U=,iv:YX9acsf2G2B4RLnGez6VLD2UiwKFIqhz2X4S+uTyX50=,tag:hVJVh2aSpVz22BjGGcPOuA==,type:str]
#ENC[AES256_GCM,data:JGk1Br4y3LKLTdPHRD4F+hwP,iv:rzYB5JF0SeE9BWwp5btZABpfHgqKfQukXpXAa0Dy2A0=,tag:K9pJFFtcDhmrE4SfYlivwg==,type:comment]
password: ENC[AES256_GCM,data:XkJEhaoRRSlxbKP94GN8dIZbj8KCwZFkcpgWNjn4vZE=,iv:Bi0D/T1izvN+l8LoZDwyUrcoN1ViS2Q6ambq2xyJFk8=,tag:ojUu0VOdnXJjbsb0XigkDg==,type:str]
REDIS_PASSWORD: ENC[AES256_GCM,data:8kEbWelcGhd4v/yewnM4QshW2hzx+VWX2iFE76sKhYc=,iv:kbGieMQhMbml2SIznBX1pTncnSaxdsZ0PUynCECpjyU=,tag:HfRJA+P57IzpxuFtKD+tTg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-04-16T05:54:57Z"
mac: ENC[AES256_GCM,data:c4DP6+KnDOXYubNbf5NqVZPxBik0a0BDiKqNLqm5dlNqjReeQFMa5BJxENelMwLMH2T/pHZ40i1UVfkTDbsy//+oWgUwZDcmN4MVDC+Y0nPqgF48K6obxJ0XgNg5tDqPWyxTMJuslMP3QDCZVyBWODb51Zzfwpd6fuiBogKdlBM=,iv:JiHRd3tFLg+UKcRfKlnyK6CEK6K6EAe/QNc0lm4Lf4w=,tag:wkt+kX3I//yN1Ob2+aiw5A==,type:str]
pgp:
- created_at: "2023-06-19T18:35:58Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAzKleRwoSoixAQ/8DxiD1YIAVNgg45XOY/mTWNfWy/IScUmkxdRygygmPEEX
OWU4sR7fW44U0hNRbWZX0Rl99ifn//eAjbTX9vnEj50de5dHW8r17piOaPtYEOqa
5woX+O+VgHCw9KM1rao8w34EZEeHKinXYiDhPrlZ3w2UFU+Jzi2DM+n2+dLhpxUU
QUYn3l3e/igLo00rA3/HzxRF2U0OaAtbnRENkSpOblAjdlrSpTFRmdvsw6F7RRO1
ddVFaVu7+EewH4YEerrP1VeZyuQ5wtSCrGqYNbuDko6/kizAz02JRbTNlPmCVqeI
liBIz6DJQWZe+6aN0cARBRi+POP/mFY/aL87vL7n13Oz8OLVwc5nb5ZXWZrJguEb
SRIX3m5gR24MIg0y5J0VzE4XQeJHhHv2CFptXqDATi8z05gmgYAaaO63KMh4Ztgw
Q9KLyT6RV2ipoUdwE0t+aY5JqKXlIj5iYhLkdkGrVZ5DJWYnxQThZJeE0oEGI7Xa
xNxJHONCuOTXXcS8wIpCsHAMKq2CjCa4PT2vGFsgoN5AL/DoU6M44T/YQpBG3vDA
/y8AVv6+jhp42iWWlkmqkjhlqOZbRrTqYaQTsMTSdZ5USE+p94TujFcaDWl40tkz
lY52y8sQ9iL2MmE2c6VqLvKK4zL/PbOxp8Hmq0wknoFrltJ8ln1PqN8xWYn/IHbU
aAEJAhBewFZNfVPgYFQF08q2PxaL5f12yeeDV/r6x66+INJixSFn2KAT8l9B4r3f
PMQRIj5HAwVu1pHh02dSqApy5nSFCapxonxFFEhyp5sFnTIAJIYrtOp3qlGiC+DF
ISEsf0H2tK5G
=1vmu
-----END PGP MESSAGE-----
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
- created_at: "2023-06-19T18:35:58Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VAQ/7BEeLXvCMGrx5tmkipqFlu3z8ERLJ53uqLobFgevs0Cjw
gMnC74vQned+UFqwygWYjE1uAmZAx1MEZN64wPKBbin7wpcgdFl5b0BFGr1CoruG
tMlvWOtQMfJOPkAAwltqdkYrHMqjYuK8c5UD7k/X7cbf9zviN9L74JdwWrR8/EOO
WfhreYnGTyMRIw7nHE+lDoOt0SsW0e/N3beuWZEcYlkYaWQxwMKnNIfOpoyJqIcM
KpFTYVLsOGu5BJL6yWGfMFZ3FH/cwbWxOS11I7nVZVHHrQNRyMt/9vomU7+tpye3
XW+BESYEyHb7c+8t0zW3Vf7PfBYl434fy5qh3QY1qZPzf0AJeF+am19moebmNmO/
ZEi4avaefM7a7ruTbqKJJBMTqfR9Lc/XpTKcmCWyTYu/NGYxJn3CPaXoxyd94PVi
UD0caq8xdoDsszlI/iCv0A83CXV8THOT0Ak+vaMYLJ9FsxlTyL8ApcrhV3X7pgTT
GOCtPTe5cq1PxIyWnzynBwwbc9iIVduXgrjkbTZrri78T6ySGoj+G4m2CpXFibV5
QLoom4t13UROPrFpiPlwHb/yMYIds32FhFuW8wEzd8LXal2U1TgRYu0qa6GmGRqy
qkPGuKIZb6ahtJm7rRN6Kd8CuUQo3pV+YwX2ljHde8H3tDeUJijJPAgwZVk5kXLU
aAEJAhBA2OUNkgAOFcVgrrym90PW+PnTP2oFLwngZIg5izvCyhTXRoL7D1j/blhx
1EDzHzqQKmNoEN46y+sgbJMu9MzjahE7CfcoTCYs3A69eFiD/y6cfY4t/yBMFzWr
LDYnqh+p0PBC
=sfsx
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.7.3

85
cluster/apps/harbor/helm-release.yaml
View File

@ -1,85 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: harbor
namespace: harbor
spec:
interval: 5m
chart:
spec:
chart: harbor
version: 1.14.x
sourceRef:
kind: HelmRepository
name: harbor-charts
namespace: flux-system
values:
logLevel: debug
expose:
type: clusterIP
tls:
enabled: false
# secret:
# secretName: wildcard-main-tls
# notarySecretName: wildcard-main-tls
#
# ingress:
# hosts:
# core: oci.${SECRET_NEW_DOMAIN}
# notary: charts.${SECRET_NEW_DOMAIN}
#
# annotations:
# cert-manager.io/cluster-issuer: letsencrypt-production
# traefik.ingress.kubernetes.io/router.entrypoints: websecure
persistence:
persistentVolumeClaim:
registry:
existingClaim: harbor-pv-claim
subPath: "registry/"
jobservice:
jobLog:
existingClaim: harbor-pv-claim
subPath: "jobservice/"
# trivy:
# existingClaim:
# subPath: "trivy/"
imageChartStorage:
type: s3
s3:
bucket: harbor
existingSecret: "harbor-secret"
regionendpoint: https://s3.seanomik.net:9000
notary:
enabled: false
trivy:
enabled: false
database:
type: external
external:
host: "postgresql.database"
port: "5432"
username: "k3spostgresql"
existingSecret: "harbor-secret"
coreDatabase: "harbor-registry"
redis:
type: external
external:
addr: "redis-master.database:6379"
username: ""
existingSecret: "harbor-secret"
metrics:
enabled: true
serviceMonitor:
enabled: true

8
cluster/apps/harbor/helm-repository.yaml
View File

@ -1,8 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: harbor-charts
namespace: flux-system
spec:
interval: 1m
url: https://helm.goharbor.io

9
cluster/apps/harbor/kustomization.yaml
View File

@ -1,9 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./namespace.yaml
- ./harbor.sops.yaml
- ./harbor-pv.yaml
- ./helm-repository.yaml
- ./helm-release.yaml
- ./harbor-ingress.yaml

6
cluster/apps/harbor/namespace.yaml
View File

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: harbor
labels:
name: harbor

3
cluster/apps/kustomization.yaml
View File

@ -10,6 +10,5 @@ resources:
- ./irc - ./irc
- ./monitoring - ./monitoring
- ./default - ./default
#- ./game-servers - ./game-servers
- ./dev - ./dev
#- ./harbor