diff --git a/apps/bytestash/network-policy.yaml b/apps/bytestash/network-policy.yaml deleted file mode 100644 index fb49a91..0000000 --- a/apps/bytestash/network-policy.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: cilium.io/v2 -kind: CiliumNetworkPolicy -metadata: - name: allow-ingress - namespace: bytestash -spec: - description: "Allow external traffic from the shared Cilium edge proxy into the bytestash service" - endpointSelector: - matchLabels: - app: bytestash - ingress: - - fromEntities: - - ingress - - fromEndpoints: - - matchLabels: - io.kubernetes.pod.namespace: cilium-ingress - toPorts: - - ports: - - port: "80" - protocol: TCP - - port: "5000" - protocol: TCP diff --git a/apps/bytestash/route.yaml b/apps/bytestash/route.yaml deleted file mode 100644 index eeb5de4..0000000 --- a/apps/bytestash/route.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: bytestash - namespace: bytestash -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: shared-edge-gateway - namespace: cilium-ingress - hostnames: - - snippets.gwg313.xyz - - snippets.local.gwg313.xyz - - snippets.zerotier.gwg313.xyz - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: "" - kind: Service - name: bytestash - port: 80 - weight: 1 ---- -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: ReferenceGrant -metadata: - name: allow-gateway-to-bytestash - namespace: bytestash -spec: - from: - - group: gateway.networking.k8s.io - kind: Gateway - namespace: cilium-ingress - to: - - group: "" - kind: Service - name: bytestash diff --git a/apps/bytestash/secret-sealed.yaml b/apps/bytestash/secret-sealed.yaml deleted file mode 100644 index b4bb814..0000000 --- a/apps/bytestash/secret-sealed.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: bytestash-secret - namespace: bytestash -spec: - encryptedData: - JWT_SECRET_KEY: AgBvX/MKBvdcxWwjMsEVEqvzR0LbYglztJE7mFkjmAFnmOcxt1pUw9notf7J0de0DLWpSfzeuUyZJUPGxjR2sIyAvzL3Q+lc++0MxKLM5gMxcem4oxsc9Je+sEX7M3mEJpDrxNBUwPASR/2iX0hR2jJTB6NU2Ji3QU6Hvg8McgrFgJagjQqQR6DGiIESdCYqm2nmlOWzT5Wy7ez7CVsOEnxoWZhRpBCe1nJo4PuAZRHoB6sm06+l0Z7rPhxrJKf+g9jmbouExPeIg04QhgtPK5BcGEIqRstu+cPa2Vjv5wVKkLlsfRiM7dvjw23EoQu1BSY9NWgeAQc6DL0r2Zh3FAkZBWKsIbjdWEcAD1WdsObAZcwn/p+kkr48ThBjdNzvcoB53girlYJ++VPYGH5J+j9s7+v4rPT8sA1ynrqkaLeqX4klyqfkJ5/AESY8DIXSBaeo212qTNeBDDDmX/bYCwH7NFDGh+tugeFjjJMLwxZaJtdy8DNwgWvumI/Ibnp1NWn8pMO6+FjPD/lOuquh30tZfVmZdADdgjYR7pT7iJ24OejwCwEeC3LhTvMvez5k5vsbjdyj3KX7507ajDfIOb2y/XQq4NDzqGBdF8oRIhs2hEQhVoy0gsEooOeklnuNg2nMzkY1aRkTJRl6pIV1qyxdPJdZrow9xdOoeMYCbaQrMjQHVKuqLpt4CaLPvx7wG4XqSpXySlfPjxXkLmOdFyDRvYF7wtEt2lLVDNAE1QufKvYq52RRFzMkdFsjZVrPyauyfRYNQ41UizlPPMYsS+Vz - template: - metadata: - creationTimestamp: null - name: bytestash-secret - namespace: bytestash - type: Opaque diff --git a/apps/harbor/templates/route.yaml b/apps/harbor/templates/route.yaml index f2269a1..1928014 100644 --- a/apps/harbor/templates/route.yaml +++ b/apps/harbor/templates/route.yaml @@ -36,21 +36,3 @@ spec: name: harbor-portal port: 80 weight: 1 ---- -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: ReferenceGrant -metadata: - name: allow-ingress-to-harbor - namespace: harbor -spec: - from: - - group: gateway.networking.k8s.io - kind: HTTPRoute - namespace: cilium-ingress - to: - - group: "" - kind: Service - name: harbor-core - - group: "" - kind: Service - name: harbor-portal diff --git a/apps/stirling-pdf/deployment.yaml b/apps/stirling-pdf/deployment.yaml deleted file mode 100644 index 930f763..0000000 --- a/apps/stirling-pdf/deployment.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: stirling-pdf - namespace: stirling-pdf -spec: - replicas: 1 - selector: - matchLabels: - app: stirling-pdf - template: - metadata: - labels: - app: stirling-pdf - spec: - securityContext: - fsGroup: 1000 - containers: - - name: stirling-pdf - image: docker.stirlingpdf.com/stirlingtools/stirling-pdf:2.11.0-fat - resources: - requests: - cpu: 250m - memory: 512Mi - limits: - cpu: 1000m - memory: 2Gi - ports: - - containerPort: 8080 - volumeMounts: - - name: stirling-data - mountPath: /usr/share/tessdata - subPath: training-data - - name: stirling-data - mountPath: /configs - subPath: configs - - name: stirling-data - mountPath: /customFiles - subPath: custom-files - - name: stirling-data - mountPath: /logs - subPath: logs - - name: stirling-data - mountPath: /pipeline - subPath: pipeline - volumes: - - name: stirling-data - persistentVolumeClaim: - claimName: stirling-data diff --git a/apps/stirling-pdf/network-policy.yaml b/apps/stirling-pdf/network-policy.yaml deleted file mode 100644 index 722abc1..0000000 --- a/apps/stirling-pdf/network-policy.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: cilium.io/v2 -kind: CiliumNetworkPolicy -metadata: - name: allow-ingress - namespace: stirling-pdf -spec: - endpointSelector: - matchLabels: - app: stirling-pdf - - ingress: - - fromEntities: - - ingress - toPorts: - - ports: - - port: "80" - protocol: TCP - - port: "8080" - protocol: TCP diff --git a/apps/stirling-pdf/route.yaml b/apps/stirling-pdf/route.yaml deleted file mode 100644 index 8ab49c0..0000000 --- a/apps/stirling-pdf/route.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: stirling-pdf - namespace: stirling-pdf -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: shared-edge-gateway - namespace: cilium-ingress - hostnames: - - pdftools.gwg313.xyz - - pdftools.local.gwg313.xyz - - pdftools.zerotier.gwg313.xyz - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: "" - kind: Service - name: stirling-pdf - port: 80 - weight: 1 ---- -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: ReferenceGrant -metadata: - name: allow-gateway-to-stirling - namespace: stirling-pdf -spec: - from: - - group: gateway.networking.k8s.io - kind: Gateway - namespace: cilium-ingress - to: - - group: "" - kind: Service - name: stirling-pdf diff --git a/bytestash/bytestash-peer-auth.yaml b/bytestash/bytestash-peer-auth.yaml new file mode 100644 index 0000000..8a3354a --- /dev/null +++ b/bytestash/bytestash-peer-auth.yaml @@ -0,0 +1,8 @@ +apiVersion: security.istio.io/v1beta1 +kind: PeerAuthentication +metadata: + name: strict-mtls + namespace: bytestash +spec: + mtls: + mode: STRICT diff --git a/bytestash/bytestash-secret-sealed.yaml b/bytestash/bytestash-secret-sealed.yaml new file mode 100644 index 0000000..255eb8a --- /dev/null +++ b/bytestash/bytestash-secret-sealed.yaml @@ -0,0 +1,15 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: bytestash-secret + namespace: bytestash +spec: + encryptedData: + JWT_SECRET_KEY: AgBhyqlrAr9hDaCZ7yPbZZuXtZMeqbMqd0LXWwT8nlEpTY0Tk7LLwjdv6DoY3gvj0Jbgcoa+Edgg6HywykouVAqe2i6HbDwWOPVjRw5K1GA7y7jlb8IOP2D7ZJN8sKW7MUfhmmraN0piuvpCMVl/NHbT1XfQq4mym/PChHcD4Ju+lNMfFWkHNZtXf/9tpYcTa3cmREf0uBFQRNQFP2TaUx8X+QmzIIdoGaqZA+Jud2HkTHymsRhn7fSK3smaJecw/y7IR4ohNcJ17FqOyaqbnQ/MUzB+aprFKjBOnVmZwbWSjJYWPN1nx6NPndmk8X3Q3XeB50WnoAhqNSwI6a58wo/zVHyM5B3Q+L9slCWd8t27z+Jv7Y8zRFl137dbhDBcrHf73miNnaK5x0b741Bv3yDakJG+DrU5YlmGH2/t4XBZjMMRxF4y0CgdT+DN+cZrkbkATHIQWZARmLTqYfig/2D+PfKhrniE4Tfq3V2gLN12Kwf09fqM02Uo2faOya6QF3fvGGZx3QXiDrzPMthLuvk1JqPqU98fNKniS8x7/q1LdHH6ga5wyXyGk76tl540p+kdY2sAi7K5/VAw0QM6A+6EHXJJgZ4bdd02eB0F1/lCKcCzZhs5lIjBu0r/d81wYlId6GtMvXZiMfsbMS9a7evGl20PXAn2C5KxWfyyyIX3wn7JIAxiOdGwPUOI6E4/LCJSnzlfBa7SWFrMHAjniNyQOLB0S9amtHwDDt6j + template: + metadata: + creationTimestamp: null + name: bytestash-secret + namespace: bytestash + type: Opaque diff --git a/bytestash/certificate.yaml b/bytestash/certificate.yaml new file mode 100644 index 0000000..8e22729 --- /dev/null +++ b/bytestash/certificate.yaml @@ -0,0 +1,12 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: bytestash-cert + namespace: istio-system +spec: + secretName: bytestash-cert + issuerRef: + name: letsencrypt-dns + kind: ClusterIssuer + dnsNames: + - snippets.gwg313.xyz diff --git a/apps/bytestash/configmap.yaml b/bytestash/configmap.yaml similarity index 100% rename from apps/bytestash/configmap.yaml rename to bytestash/configmap.yaml diff --git a/apps/bytestash/deployment.yaml b/bytestash/deployment.yaml similarity index 82% rename from apps/bytestash/deployment.yaml rename to bytestash/deployment.yaml index c7fb53a..9408803 100644 --- a/apps/bytestash/deployment.yaml +++ b/bytestash/deployment.yaml @@ -21,16 +21,9 @@ spec: type: RuntimeDefault containers: - name: bytestash - image: "ghcr.io/jordan-dalby/bytestash:pr-332" + image: "ghcr.io/jordan-dalby/bytestash:latest" ports: - containerPort: 5000 - resources: - requests: - cpu: 50m - memory: 128Mi - limits: - cpu: 200m - memory: 256Mi envFrom: - configMapRef: name: bytestash-config diff --git a/bytestash/gateway.yaml b/bytestash/gateway.yaml new file mode 100644 index 0000000..215ebb0 --- /dev/null +++ b/bytestash/gateway.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: bytestash-gateway + namespace: bytestash +spec: + selector: + istio: gateway + servers: + - port: + number: 443 + name: https + protocol: HTTPS + hosts: + - "snippets.gwg313.xyz" + tls: + mode: SIMPLE + credentialName: bytestash-cert diff --git a/apps/bytestash/namespace.yaml b/bytestash/namespace.yaml similarity index 100% rename from apps/bytestash/namespace.yaml rename to bytestash/namespace.yaml diff --git a/apps/bytestash/service.yaml b/bytestash/service.yaml similarity index 100% rename from apps/bytestash/service.yaml rename to bytestash/service.yaml diff --git a/bytestash/storage.yaml b/bytestash/storage.yaml new file mode 100644 index 0000000..2f422a9 --- /dev/null +++ b/bytestash/storage.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: bytestash-pv +spec: + capacity: + storage: 1Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: manual + nfs: + path: /mnt/tank/k8s/bytestash + server: truenas.local.gwg313.xyz +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: bytestash-pvc + namespace: bytestash +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + volumeName: bytestash-pv diff --git a/bytestash/virtualservice.yaml b/bytestash/virtualservice.yaml new file mode 100644 index 0000000..76875d5 --- /dev/null +++ b/bytestash/virtualservice.yaml @@ -0,0 +1,16 @@ +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: bytestash + namespace: bytestash +spec: + hosts: + - "snippets.gwg313.xyz" + gateways: + - bytestash/bytestash-gateway + http: + - route: + - destination: + host: bytestash + port: + number: 80 diff --git a/focalboard/certificate.yaml b/focalboard/certificate.yaml new file mode 100644 index 0000000..35dcc80 --- /dev/null +++ b/focalboard/certificate.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: focalboard-cert + namespace: istio-system +spec: + secretName: focalboard-cert + issuerRef: + name: letsencrypt-dns + kind: ClusterIssuer + dnsNames: + - pm.local.gwg313.xyz + - pm.gwg313.xyz + - pm.zerotier.gwg313.xyz diff --git a/focalboard/configmap.yaml b/focalboard/configmap.yaml new file mode 100644 index 0000000..f5a6722 --- /dev/null +++ b/focalboard/configmap.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: focalboard-config + namespace: focalboard +data: + config.json: | + { + "serverRoot": "https://pm.gwg313.xyz", + "port": 8000, + + "dbtype": "sqlite3", + "dbconfig": "/opt/focalboard/data/focalboard.db", + + "useSSL": false, + "webpath": "./pack", + "filespath": "/data/files", + + "telemetry": false, + "prometheusaddress": ":9092", + + "session_expire_time": 2592000, + "session_refresh_time": 18000, + + "localOnly": false, + "enableLocalMode": false + } diff --git a/focalboard/deployment.yaml b/focalboard/deployment.yaml new file mode 100644 index 0000000..633092e --- /dev/null +++ b/focalboard/deployment.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: focalboard + namespace: focalboard +spec: + replicas: 1 + selector: + matchLabels: + app: focalboard + template: + metadata: + labels: + app: focalboard + spec: + enableServiceLinks: false + containers: + - name: focalboard + image: mattermost/focalboard:latest + ports: + - containerPort: 8000 + volumeMounts: + - name: data + mountPath: /data + - name: config + mountPath: /opt/focalboard/config.json + subPath: config.json + env: + - name: FB_PORT + value: "8000" + volumes: + - name: data + persistentVolumeClaim: + claimName: focalboard-data + - name: config + configMap: + name: focalboard-config diff --git a/focalboard/gateway.yaml b/focalboard/gateway.yaml new file mode 100644 index 0000000..5df27e6 --- /dev/null +++ b/focalboard/gateway.yaml @@ -0,0 +1,20 @@ +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: focalboard-gateway + namespace: focalboard +spec: + selector: + istio: gateway + servers: + - port: + number: 443 + name: https + protocol: HTTPS + tls: + mode: SIMPLE + credentialName: focalboard-cert + hosts: + - pm.local.gwg313.xyz + - pm.gwg313.xyz + - pm.zerotier.gwg313.xyz diff --git a/focalboard/iscsi-secret-sealed.yaml b/focalboard/iscsi-secret-sealed.yaml new file mode 100644 index 0000000..e495c7b --- /dev/null +++ b/focalboard/iscsi-secret-sealed.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: focalboard-iscsi-auth + namespace: focalboard +spec: + encryptedData: + discovery.sendtargets.auth.password: AgCQ43B6UutDThhw5gfI74RhhNAcBJkzeoeKMsnzYmMo8Mjz8XV7mNKFR6iWmyJ6FAI55Wt0pNTZi2KFtDCkGXB2isAarmtPdYUajWT6Naum3YFd3fKvNmx/Hk/wfkVqQnSwbw+pehu9uks2fiF/6n6S048JQW83LbCzs3Icb5b8Z761ivQXEwwpFJvRr1fUb0bBZnFxc0YU3d48zJyhX90ljyGql6Y/mXs1m62x3yZrTxojjhz359kDk7xpkYPUKLCW708fBITlhiwH2DwaztANCy+T9bRKBl8YnseAUpSa6ipP7xUyTw4kTSMS8UUTHfnd6OklUbPaAAYYLf8evOajArhZzfwsLIC+8vmhonf9MPZQTcdF8YJl23x4E/+k4xVL3Wh01QDnpTLwbLUyGM5hgQezmXIhYq9QNDSYHyJZC6jpeLJJuD4aHctkP2yZ22B6STybSAyPh7fuB4Br1qycMitjOSMTgiGi3+T2U8tOQ0bWZvQIyD6GqqMJPMZM/3wwt/AEVkmWNFkCkYcXtxacOTfzoUZGf1L0bF4rEQKTFXQxbVq+TGzfPiMLJ3jdj8ZpO79kafUINXr+gXwd4itKqGaV39lCg6drqiVMY5YVaE2V4kGZXRivgGe0+CpsdpsaHGsYYY/x3ONEw3IYm7HvHCVF8gdOqykxDSbrGMoyO2JJs1oyrOQ8USwFWOku5XUmFwjniXYWOgBghA2Q8g== + discovery.sendtargets.auth.username: AgAZsdwSsp/KNr4CpqXKD53tJLLMCAB+j8Ml9YRCnTG/6oKFs+4zthCBC5H8z7WOPyCi31bEuRwM+gTAVYz5cGdJlO2s+0mhnvXI+NoZSU0IoWqczkGq90Ss/2auQZq4edKnhZQh9guM/nGv79zyNzocIdQ4J/JJXXadVWJbkvhym3OdK/jh5sYIkkKKUbKVv3rJLRSw7pyQT+uJWw/+pgxcV4dVuczvfsodA6OWbAMIdouqsfpzKrfmzo5StKUQiNQxjyWhXuBoHXODtzf/ZI9+DJnKce5LueoiM/NrEfkL8tWcU0ty7FXbCynOYg+NM2RRXyaSzY4tSpRkU3Zkp3cy37gISA+n0o8vUokGpPCew2A2vFWpqktjR69RJJXO0lA7fvpM8auysHuHiJxDrUkGlo+aQoHODXrDVeQ/yeigoFBdgSXCrwHu+lTbw+Uu6WmdwWEPr/TQVDABLwzWxIwy8zkHD5MvugsM4jjwPxKzpC+ReEXbEZZly4lwlqliDQtVmdWxQ6fJF5+smLkMLlrbbmLSkuv+bODn2Jb+k5QtwVz//ZdOQBLaMuzKvjIng1fv8aPJR0kzA/0DIUmAOicCLDBOZZI7cXt75FHyQbxLQU1A7vn/dbn5mdwRw1P+Ha36QR4SpSPe5L83TxFgEMvkmnTAYURrnG6OKCfWjNiNWHaa5CFxnhDdaiZ6dj501M9ERteyI0irp1ah + node.session.auth.password: AgCQv/EkgJF/dSaEgoqNmKqV59wEHw0X+fNShJ4Wn6tBPbzGFggt4LcuvTIlhqCspsFL0HZB/sDoo32tGIcXpPKUt7iQZFpTVI20TaeI2f9vRoPHmZVwC4Y/qnoi2QvcnayzGT9fMy2LsditN6q7KwRYeU4Kl5AVXj57OjhDxau53/uEXkrXIgipdXjSHg/DoH0s08o4RKgsDS64YmbdZzVoJJ90U7TvcWi94ypg02y0w/vicpVUoEBQ2PKBTvP088zkCZSAwyfNtwyrLV4gBTyMdpHuYjuS1yFIlV4E77abfro2NP4iXnqiJnsXUfZ3gbMg+xzTmFcen8U8aYa3M+XXI/75lX0ET46pKevB5xNVnxBp+azGsBddSbzzpHOVlxqJYRa4EIQVfkXMCQKeWGnbutG0SLMv2PFtp9oGOkgij4I+Fhs5WAJ5luV/No4Z6ONyodc68Precp8yMoESA4noqaXC4py0sOAdnbliIFf+hTCJK/3Z6ecajKJ2wDd1xFlVr+x2kfdwmYQzROos+zNNrVy13pyDZgUnNqIP0yyQCnBrGJlhozNmMe/CkFZaTxPx3fBG24odfLfgNqub07cqiy0yUAF4IVVsCJtH9YzHKVklRG8b3OiHd3w4E/jOkwMsnXOFWbzHRMdiwwtxV8/M7BtWRA+VhYzp/DsV/gyZ6MthXtdkdW+vzIY3ZIVyinceknv9tYfRdOjpYS9ldQ== + node.session.auth.username: AgCYg4H4MoGfIoIkTfdAyMe7i2hF9IqiY9cHt07uv8finHnykgwo4s8jAnLdGRI1R+sQfs2IeLGcdNLUg/YsOXI4nvY18Bb7qAo+KrMmmSb1ZIKKHN/pP08rCVRJsqOKNd6lIDpfk921fpdn83i6Otp2lHabBU/z4a96LDU2cC2WGyIbK5IP/gS1EYHWK8ya12lbdPKglGG0NA+bbKpW2kRC4omJTZ6v1+GpJT524lZCGazsw0y+Hpa9UuswCEGsvhw4wDoxAxr+Dg25Fv9iL/UJCisx7lv+0/1t1KLBHFEJpJyvOA9BdIiUOWFzoN0wzcmGa0k0vCdZwHjFqmVRvQjUDl2iSpa97AAxIma+nZ0ToVDp2FJHShBnnNTKoQNf7P5mlAEfG7ffx+JCH7drLqDQvE1SUQBvT3NKm5kTZdpnzKIUX8FEiXGFBj1VmVc/ceRukgZ6qAm7yJl91nxdp30/16fnjGtjNn3TJgB+jCNnR28P26tzhIiEjYnHvY5vncG7Dxc5AJkrwI1kyLenbgvI9/m0IpSm49dXu0iaZF78KTn5M5RLxqhfx+58o+crL763yBkT7zkEpSGT7X2ud4B64NUE7PQLgiXtMe5Q6Rr5KI1KFGeBur5F71cey7oYCLqQaMAhstxE7iGSVCNBKOzLle94TkiGGe/HKGaRRyzxM1uGvw/jJwdWGOFXJ2JEN5Y6eWHNH1INPGt8 + template: + metadata: + creationTimestamp: null + name: focalboard-iscsi-auth + namespace: focalboard + type: kubernetes.io/iscsi-chap diff --git a/focalboard/namespace.yaml b/focalboard/namespace.yaml new file mode 100644 index 0000000..3339aea --- /dev/null +++ b/focalboard/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: focalboard diff --git a/focalboard/service.yaml b/focalboard/service.yaml new file mode 100644 index 0000000..b3bf05c --- /dev/null +++ b/focalboard/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: focalboard + namespace: focalboard +spec: + selector: + app: focalboard + ports: + - port: 80 + targetPort: 8000 diff --git a/focalboard/storage.yaml b/focalboard/storage.yaml new file mode 100644 index 0000000..70973aa --- /dev/null +++ b/focalboard/storage.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: focalboard-pv +spec: + capacity: + storage: 10Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + iscsi: + targetPortal: truenas.local.gwg313.xyz:3260 + iqn: iqn.2005-10.org.freenas.ctl:focalboard + lun: 0 + fsType: ext4 + chapAuthDiscovery: true + chapAuthSession: true + secretRef: + name: focalboard-iscsi-auth + claimRef: + namespace: focalboard + name: focalboard-data +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: focalboard-data + namespace: focalboard +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + volumeName: focalboard-pv diff --git a/focalboard/virtualservice.yaml b/focalboard/virtualservice.yaml new file mode 100644 index 0000000..d801569 --- /dev/null +++ b/focalboard/virtualservice.yaml @@ -0,0 +1,21 @@ +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: focalboard + namespace: focalboard +spec: + hosts: + - pm.local.gwg313.xyz + - pm.gwg313.xyz + - pm.zerotier.gwg313.xyz + gateways: + - focalboard-gateway + http: + - match: + - uri: + prefix: / + route: + - destination: + host: focalboard + port: + number: 80 diff --git a/management/platform-apps/bytestash.yaml b/management/platform-apps/bytestash.yaml deleted file mode 100644 index dc95b94..0000000 --- a/management/platform-apps/bytestash.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: bytestash - namespace: argocd - annotations: - argocd.argoproj.io/sync-wave: "15" -spec: - project: default - destination: - server: https://kubernetes.default.svc - namespace: bytestash - source: - repoURL: https://github.com/gwg313/homelab-gitops.git - path: apps/bytestash - targetRevision: main - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - - ServerSideApply=true - - SkipDryRunOnMissingResource=true diff --git a/management/platform-apps/kustomization.yaml b/management/platform-apps/kustomization.yaml index ee644fc..678ac5a 100644 --- a/management/platform-apps/kustomization.yaml +++ b/management/platform-apps/kustomization.yaml @@ -16,5 +16,3 @@ resources: - yopass.yaml - tekton.yaml - navidrome.yaml - - bytestash.yaml - - stirling-pdf.yaml diff --git a/management/platform-apps/stirling-pdf.yaml b/management/platform-apps/stirling-pdf.yaml deleted file mode 100644 index e0eba73..0000000 --- a/management/platform-apps/stirling-pdf.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: stirling-pdf - namespace: argocd - annotations: - argocd.argoproj.io/sync-wave: "15" -spec: - project: default - destination: - server: https://kubernetes.default.svc - namespace: stirling-pdf - source: - repoURL: https://github.com/gwg313/homelab-gitops.git - path: apps/stirling-pdf - targetRevision: main - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - - ServerSideApply=true - - SkipDryRunOnMissingResource=true diff --git a/platform/nfs-subdir/templates/extra-storage-classes.yaml b/platform/nfs-subdir/templates/extra-storage-classes.yaml index ebd52bd..ef0b8c3 100644 --- a/platform/nfs-subdir/templates/extra-storage-classes.yaml +++ b/platform/nfs-subdir/templates/extra-storage-classes.yaml @@ -1,10 +1,11 @@ +--- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: nfs-ephemeral annotations: argocd.argoproj.io/sync-wave: "1" -provisioner: cluster.local/nfs-provisioner-nfs-subdir-external-provisioner +provisioner: cluster.local/nfs-subdir-external-provisioner parameters: archiveOnDelete: "false" pathPattern: "ephemeral/${.PVC.namespace}/${.PVC.name}" @@ -17,7 +18,7 @@ metadata: name: nfs-retain annotations: argocd.argoproj.io/sync-wave: "1" -provisioner: cluster.local/nfs-provisioner-nfs-subdir-external-provisioner +provisioner: cluster.local/nfs-subdir-external-provisioner parameters: archiveOnDelete: "false" pathPattern: "retained/${.PVC.namespace}/${.PVC.name}" diff --git a/stirling-pdf/certificate.yaml b/stirling-pdf/certificate.yaml new file mode 100644 index 0000000..2d054bb --- /dev/null +++ b/stirling-pdf/certificate.yaml @@ -0,0 +1,12 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: stirling-pdf-cert + namespace: istio-system +spec: + secretName: stirling-pdf-cert + issuerRef: + name: letsencrypt-dns + kind: ClusterIssuer + dnsNames: + - pdftools.gwg313.xyz diff --git a/stirling-pdf/custom-files-pvc.yaml b/stirling-pdf/custom-files-pvc.yaml new file mode 100644 index 0000000..7994fec --- /dev/null +++ b/stirling-pdf/custom-files-pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: stirling-custom-files + namespace: stirling-pdf +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 512Mi + storageClassName: nfs-client diff --git a/stirling-pdf/deployment.yaml b/stirling-pdf/deployment.yaml new file mode 100644 index 0000000..6963d8a --- /dev/null +++ b/stirling-pdf/deployment.yaml @@ -0,0 +1,52 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: stirling-pdf + namespace: stirling-pdf +spec: + replicas: 1 + selector: + matchLabels: + app: stirling-pdf + template: + metadata: + labels: + app: stirling-pdf + spec: + containers: + - name: stirling-pdf + image: docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest + ports: + - containerPort: 8080 + env: + - name: DISABLE_ADDITIONAL_FEATURES + value: "false" + - name: LANGS + value: "en_US" + volumeMounts: + - name: training-data + mountPath: /usr/share/tessdata + - name: extra-configs + mountPath: /configs + - name: custom-files + mountPath: /customFiles + - name: logs + mountPath: /logs + - name: pipeline + mountPath: /pipeline + volumes: + - name: training-data + persistentVolumeClaim: + claimName: stirling-training-data + - name: extra-configs + persistentVolumeClaim: + claimName: stirling-extra-configs + - name: custom-files + persistentVolumeClaim: + claimName: stirling-custom-files + - name: logs + persistentVolumeClaim: + claimName: stirling-logs + - name: pipeline + persistentVolumeClaim: + claimName: stirling-pipeline diff --git a/stirling-pdf/extra-configs-pvc.yaml b/stirling-pdf/extra-configs-pvc.yaml new file mode 100644 index 0000000..a77b9c2 --- /dev/null +++ b/stirling-pdf/extra-configs-pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: stirling-extra-configs + namespace: stirling-pdf +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 512Mi + storageClassName: nfs-client diff --git a/stirling-pdf/gateway.yaml b/stirling-pdf/gateway.yaml new file mode 100644 index 0000000..fab2b24 --- /dev/null +++ b/stirling-pdf/gateway.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.istio.io/v1beta1 +kind: Gateway +metadata: + name: stirling-pdf-gateway + namespace: stirling-pdf +spec: + selector: + istio: gateway + servers: + - port: + number: 443 + name: https + protocol: HTTPS + tls: + mode: SIMPLE + credentialName: stirling-pdf-cert + hosts: + - pdftools.gwg313.xyz diff --git a/apps/stirling-pdf/pvc.yaml b/stirling-pdf/logs-pvc.yaml similarity index 57% rename from apps/stirling-pdf/pvc.yaml rename to stirling-pdf/logs-pvc.yaml index 8e53844..aa7e23a 100644 --- a/apps/stirling-pdf/pvc.yaml +++ b/stirling-pdf/logs-pvc.yaml @@ -1,12 +1,12 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: stirling-data + name: stirling-logs namespace: stirling-pdf spec: - storageClassName: nfs-retain accessModes: - - ReadWriteOnce + - ReadWriteMany resources: requests: - storage: 5Gi + storage: 512Mi + storageClassName: nfs-client diff --git a/apps/stirling-pdf/namespace.yaml b/stirling-pdf/namespace.yaml similarity index 100% rename from apps/stirling-pdf/namespace.yaml rename to stirling-pdf/namespace.yaml diff --git a/stirling-pdf/pipeline-pvc.yaml b/stirling-pdf/pipeline-pvc.yaml new file mode 100644 index 0000000..cbdfdd7 --- /dev/null +++ b/stirling-pdf/pipeline-pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: stirling-pipeline + namespace: stirling-pdf +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 512Mi + storageClassName: nfs-client diff --git a/apps/stirling-pdf/service.yaml b/stirling-pdf/service.yaml similarity index 100% rename from apps/stirling-pdf/service.yaml rename to stirling-pdf/service.yaml diff --git a/apps/bytestash/storage.yaml b/stirling-pdf/training-data-pvc.yaml similarity index 52% rename from apps/bytestash/storage.yaml rename to stirling-pdf/training-data-pvc.yaml index e409b1d..864c9cc 100644 --- a/apps/bytestash/storage.yaml +++ b/stirling-pdf/training-data-pvc.yaml @@ -1,12 +1,12 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: bytestash-pvc - namespace: bytestash + name: stirling-training-data + namespace: stirling-pdf spec: - storageClassName: nfs-retain accessModes: - - ReadWriteOnce + - ReadWriteMany resources: requests: storage: 1Gi + storageClassName: nfs-client diff --git a/stirling-pdf/virtualservice.yaml b/stirling-pdf/virtualservice.yaml new file mode 100644 index 0000000..eb5f156 --- /dev/null +++ b/stirling-pdf/virtualservice.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: stirling-pdf + namespace: stirling-pdf +spec: + hosts: + - pdftools.gwg313.xyz + gateways: + - stirling-pdf-gateway + http: + - match: + - uri: + prefix: / + route: + - destination: + host: stirling-pdf + port: + number: 80