diff --git a/argocd-apps/homelab.yaml b/argocd-apps/homelab.yaml index 76039d8..5e12018 100644 --- a/argocd-apps/homelab.yaml +++ b/argocd-apps/homelab.yaml @@ -236,3 +236,91 @@ spec: - CreateNamespace=true - PruneLast=true --- +# Outline +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: outline + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: homelab + source: + repoURL: https://gitea.dooplex.hu/admin/homelab-manifests.git + targetRevision: main + path: outline-system + destination: + server: https://kubernetes.default.svc + namespace: outline-system + syncPolicy: + syncOptions: + - CreateNamespace=true + - PruneLast=true +--- +# Tandoor +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: tandoor + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: homelab + source: + repoURL: https://gitea.dooplex.hu/admin/homelab-manifests.git + targetRevision: main + path: tandoor-system + destination: + server: https://kubernetes.default.svc + namespace: tandoor-system + syncPolicy: + syncOptions: + - CreateNamespace=true + - PruneLast=true +--- +# Uptimekuma +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: uptimekuma + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: homelab + source: + repoURL: https://gitea.dooplex.hu/admin/homelab-manifests.git + targetRevision: main + path: uptimekuma-system + destination: + server: https://kubernetes.default.svc + namespace: uptimekuma-system + syncPolicy: + syncOptions: + - CreateNamespace=true + - PruneLast=true +--- +# Vaultwarden +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: vaultwarden + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: vaultwarden + source: + repoURL: https://gitea.dooplex.hu/admin/homelab-manifests.git + targetRevision: main + path: vaultwarden-system + destination: + server: https://kubernetes.default.svc + namespace: vaultwarden-system + syncPolicy: + syncOptions: + - CreateNamespace=true + - PruneLast=true +--- diff --git a/outline-system/outline.yaml b/outline-system/outline.yaml new file mode 100644 index 0000000..581a267 --- /dev/null +++ b/outline-system/outline.yaml @@ -0,0 +1,543 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: outline-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: outline + app.kubernetes.io/version: 1.1.0 + name: outline + namespace: outline-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: outline + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: outline + app.kubernetes.io/version: 1.1.0 + spec: + containers: + - name: outline + image: outlinewiki/outline:1.1.0 + imagePullPolicy: IfNotPresent + env: + - name: NODE_ENV + value: production + - name: SECRET_KEY + valueFrom: + secretKeyRef: + name: outline-app + key: secret-key + - name: UTILS_SECRET + valueFrom: + secretKeyRef: + name: outline-app + key: utils-secret + - name: DB_USER + valueFrom: + secretKeyRef: + name: outline-db + key: username + - name: DB_PASS + valueFrom: + secretKeyRef: + name: outline-db + key: password + - name: DATABASE_URL + value: postgres://$(DB_USER):$(DB_PASS)@outline-postgres:5432/outline + - name: PGSSLMODE + value: disable + - name: REDIS_URL + value: redis://outline-redis:6379 + - name: URL + value: https://outline.dooplex.hu + - name: PORT + value: "3000" + - name: FILE_STORAGE + value: s3 + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: outline-minio + key: root-user + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: outline-minio + key: root-password + - name: AWS_REGION + value: us-east-1 + - name: AWS_S3_UPLOAD_BUCKET_URL + value: http://outline-minio:9000 + - name: AWS_S3_UPLOAD_BUCKET_NAME + value: outline + - name: AWS_S3_FORCE_PATH_STYLE + value: "true" + - name: AWS_S3_ACL + value: private + - name: OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: outline-oidc + key: client-id + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: outline-oidc + key: client-secret + - name: OIDC_AUTH_URI + value: "https://accounts.google.com/o/oauth2/v2/auth" + - name: OIDC_TOKEN_URI + value: "https://oauth2.googleapis.com/token" + - name: OIDC_USERINFO_URI + value: "https://openidconnect.googleapis.com/v1/userinfo" + - name: OIDC_USERNAME_CLAIM + value: "email" + - name: OIDC_DISPLAY_NAME + value: "Google" + - name: OIDC_SCOPES + value: "openid profile email" + # CRITICAL SECURITY SETTING (Temporary) + #- name: ALLOWED_DOMAINS + # value: "gmail.com" + # SMTP Configuration + - name: SMTP_HOST + valueFrom: + secretKeyRef: + name: smtp-credentials + key: host + - name: SMTP_PORT + valueFrom: + secretKeyRef: + name: smtp-credentials + key: port + - name: SMTP_USERNAME + valueFrom: + secretKeyRef: + name: smtp-credentials + key: username + - name: SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: smtp-credentials + key: password + - name: SMTP_FROM_EMAIL + valueFrom: + secretKeyRef: + name: smtp-credentials + key: from-address + - name: SMTP_SECURE + value: "false" + - name: FORCE_HTTPS + value: "true" + - name: DEFAULT_LANGUAGE + value: en_US + ports: + - containerPort: 3000 + name: http + protocol: TCP + livenessProbe: + httpGet: + path: /_health + port: http + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 10 + failureThreshold: 5 + readinessProbe: + httpGet: + path: /_health + port: http + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + resources: + limits: + cpu: "1" + memory: 1Gi + requests: + cpu: 100m + memory: 256Mi + volumes: [] +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: postgres + name: outline-postgres + namespace: outline-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: postgres + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: postgres + spec: + containers: + - name: postgres + image: postgres:16-alpine + imagePullPolicy: IfNotPresent + env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: outline-db + key: username + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: outline-db + key: password + - name: POSTGRES_DB + value: outline + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + ports: + - containerPort: 5432 + name: postgres + protocol: TCP + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi + volumeMounts: + - name: data + mountPath: /var/lib/postgresql/data + subPath: data + securityContext: + fsGroup: 999 + volumes: + - name: data + persistentVolumeClaim: + claimName: outline-postgres +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: redis + name: outline-redis + namespace: outline-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: redis + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: redis + spec: + containers: + - name: redis + image: redis:7-alpine + imagePullPolicy: IfNotPresent + command: + - redis-server + - --appendonly + - "yes" + ports: + - containerPort: 6379 + name: redis + protocol: TCP + livenessProbe: + exec: + command: + - sh + - -c + - redis-cli ping | grep PONG + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 3 + timeoutSeconds: 5 + readinessProbe: + exec: + command: + - sh + - -c + - redis-cli ping | grep PONG + initialDelaySeconds: 5 + periodSeconds: 10 + failureThreshold: 3 + timeoutSeconds: 5 + resources: + limits: + cpu: 250m + memory: 256Mi + requests: + cpu: 50m + memory: 64Mi + volumeMounts: + - name: data + mountPath: /data + volumes: + - name: data + persistentVolumeClaim: + claimName: outline-redis +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: minio + name: outline-minio + namespace: outline-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: minio + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: minio + spec: + containers: + - name: minio + image: minio/minio:latest + imagePullPolicy: IfNotPresent + command: + - minio + - server + - /data + - --console-address + - ":9001" + env: + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: outline-minio + key: root-user + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: outline-minio + key: root-password + ports: + - containerPort: 9000 + name: api + protocol: TCP + - containerPort: 9001 + name: console + protocol: TCP + livenessProbe: + httpGet: + path: /minio/health/live + port: api + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 10 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /minio/health/ready + port: api + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi + volumeMounts: + - name: data + mountPath: /data + volumes: + - name: data + hostPath: + path: /mnt/4_hdd/data/outline/minio + type: DirectoryOrCreate +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: outline + app.kubernetes.io/version: 1.1.0 + name: outline + namespace: outline-system +spec: + type: ClusterIP + ports: + - name: http + port: 3000 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: outline +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: postgres + name: outline-postgres + namespace: outline-system +spec: + type: ClusterIP + ports: + - name: postgres + port: 5432 + protocol: TCP + targetPort: postgres + selector: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: postgres +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: redis + name: outline-redis + namespace: outline-system +spec: + type: ClusterIP + ports: + - name: redis + port: 6379 + protocol: TCP + targetPort: redis + selector: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: redis +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: minio + name: outline-minio + namespace: outline-system +spec: + type: ClusterIP + ports: + - name: api + port: 9000 + protocol: TCP + targetPort: api + - name: console + port: 9001 + protocol: TCP + targetPort: console + selector: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: minio +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + external-dns.alpha.kubernetes.io/hostname: outline.dooplex.hu,outline.home + nginx.ingress.kubernetes.io/proxy-body-size: 100m + nginx.ingress.kubernetes.io/ssl-redirect: "true" + labels: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: outline + name: outline + namespace: outline-system +spec: + ingressClassName: nginx-internal + rules: + - host: outline.dooplex.hu + http: + paths: + - backend: + service: + name: outline + port: + number: 3000 + path: / + pathType: Prefix + - host: outline.home + http: + paths: + - backend: + service: + name: outline + port: + number: 3000 + path: / + pathType: Prefix + tls: + - hosts: + - outline.dooplex.hu + secretName: outline-tls +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: postgres + name: outline-postgres + namespace: outline-system +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: longhorn +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/instance: outline + app.kubernetes.io/name: redis + name: outline-redis + namespace: outline-system +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: longhorn +--- diff --git a/tandoor-system/tandoor.yaml b/tandoor-system/tandoor.yaml new file mode 100644 index 0000000..86e8ac3 --- /dev/null +++ b/tandoor-system/tandoor.yaml @@ -0,0 +1,367 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: tandoor-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: tandoor + app.kubernetes.io/name: tandoor + app.kubernetes.io/version: 2.3.6 + name: tandoor + namespace: tandoor-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: tandoor + app.kubernetes.io/name: tandoor + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: tandoor + app.kubernetes.io/name: tandoor + app.kubernetes.io/version: 2.3.6 + spec: + initContainers: + - name: create-superuser + image: vabene1111/recipes:2.3.6 + workingDir: /opt/recipes + command: + - /bin/sh + - -c + - | + . /opt/recipes/venv/bin/activate + echo "Waiting for database..." + while ! python -c "import socket; socket.create_connection(('tandoor-postgres', 5432), timeout=5)" 2>/dev/null; do + sleep 2 + done + echo "Database is ready. Running migrations..." + python manage.py migrate --noinput + echo "Collecting static files..." + python manage.py collectstatic --noinput + echo "Creating superuser if not exists..." + python manage.py shell -c " + from django.contrib.auth import get_user_model + User = get_user_model() + import os + username = os.environ.get('DJANGO_SUPERUSER_USERNAME', 'admin') + if not User.objects.filter(username=username).exists(): + User.objects.create_superuser( + username=username, + email=os.environ.get('DJANGO_SUPERUSER_EMAIL', ''), + password=os.environ.get('DJANGO_SUPERUSER_PASSWORD', 'admin') + ) + print(f'Superuser {username} created successfully') + else: + print(f'Superuser {username} already exists') + " + volumeMounts: + - name: staticfiles + mountPath: /opt/recipes/staticfiles + env: + - name: DB_ENGINE + value: django.db.backends.postgresql + - name: POSTGRES_HOST + value: tandoor-postgres + - name: POSTGRES_PORT + value: "5432" + - name: POSTGRES_DB + value: tandoor + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: tandoor-db + key: username + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: tandoor-db + key: password + - name: SECRET_KEY + valueFrom: + secretKeyRef: + name: tandoor-app + key: secret-key + - name: DJANGO_SUPERUSER_USERNAME + valueFrom: + secretKeyRef: + name: tandoor-admin + key: username + - name: DJANGO_SUPERUSER_PASSWORD + valueFrom: + secretKeyRef: + name: tandoor-admin + key: password + - name: DJANGO_SUPERUSER_EMAIL + valueFrom: + secretKeyRef: + name: tandoor-admin + key: email + containers: + - name: tandoor + image: vabene1111/recipes:2.3.6 + imagePullPolicy: IfNotPresent + env: + - name: TZ + value: Europe/Budapest + - name: DEBUG + value: "0" + - name: ALLOWED_HOSTS + value: "*" + - name: CSRF_TRUSTED_ORIGINS + value: "https://tandoor.dooplex.hu,https://tandoor.home" + - name: SECURE_PROXY_SSL_HEADER + value: "HTTP_X_FORWARDED_PROTO,https" + - name: DB_ENGINE + value: django.db.backends.postgresql + - name: POSTGRES_HOST + value: tandoor-postgres + - name: POSTGRES_PORT + value: "5432" + - name: POSTGRES_DB + value: tandoor + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: tandoor-db + key: username + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: tandoor-db + key: password + - name: SECRET_KEY + valueFrom: + secretKeyRef: + name: tandoor-app + key: secret-key + - name: GUNICORN_MEDIA + value: "1" + - name: ENABLE_SIGNUP + value: "0" + - name: ENABLE_METRICS + value: "1" + - name: TANDOOR_PORT + value: "8080" + ports: + - containerPort: 8080 + name: http + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 10 + failureThreshold: 5 + readinessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + resources: + limits: + cpu: "1" + memory: 1Gi + requests: + cpu: 100m + memory: 256Mi + volumeMounts: + - name: staticfiles + mountPath: /opt/recipes/staticfiles + - name: mediafiles + mountPath: /opt/recipes/mediafiles + volumes: + - name: staticfiles + persistentVolumeClaim: + claimName: tandoor-staticfiles + - name: mediafiles + hostPath: + path: /mnt/4_hdd/data/tandoor/mediafiles + type: DirectoryOrCreate +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: tandoor + app.kubernetes.io/name: postgres + name: tandoor-postgres + namespace: tandoor-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: tandoor + app.kubernetes.io/name: postgres + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: tandoor + app.kubernetes.io/name: postgres + spec: + containers: + - name: postgres + image: postgres:16-alpine + imagePullPolicy: IfNotPresent + env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: tandoor-db + key: username + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: tandoor-db + key: password + - name: POSTGRES_DB + value: tandoor + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + ports: + - containerPort: 5432 + name: postgres + protocol: TCP + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi + volumeMounts: + - name: data + mountPath: /var/lib/postgresql/data + subPath: data + securityContext: + fsGroup: 999 + volumes: + - name: data + persistentVolumeClaim: + claimName: tandoor-postgres +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: tandoor + app.kubernetes.io/name: tandoor + app.kubernetes.io/version: 2.3.6 + name: tandoor + namespace: tandoor-system +spec: + type: ClusterIP + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/instance: tandoor + app.kubernetes.io/name: tandoor +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: tandoor + app.kubernetes.io/name: postgres + name: tandoor-postgres + namespace: tandoor-system +spec: + type: ClusterIP + ports: + - name: postgres + port: 5432 + protocol: TCP + targetPort: postgres + selector: + app.kubernetes.io/instance: tandoor + app.kubernetes.io/name: postgres +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + external-dns.alpha.kubernetes.io/hostname: tandoor.dooplex.hu,tandoor.home + nginx.ingress.kubernetes.io/proxy-body-size: 128m + nginx.ingress.kubernetes.io/ssl-redirect: "true" + labels: + app.kubernetes.io/instance: tandoor + app.kubernetes.io/name: tandoor + name: tandoor + namespace: tandoor-system +spec: + ingressClassName: nginx-internal + rules: + - host: tandoor.dooplex.hu + http: + paths: + - backend: + service: + name: tandoor + port: + number: 8080 + path: / + pathType: Prefix + - host: tandoor.home + http: + paths: + - backend: + service: + name: tandoor + port: + number: 8080 + path: / + pathType: Prefix + tls: + - hosts: + - tandoor.dooplex.hu + secretName: tandoor-tls +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/instance: tandoor + app.kubernetes.io/name: tandoor + name: tandoor-staticfiles + namespace: tandoor-system +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: longhorn +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/instance: tandoor + app.kubernetes.io/name: postgres + name: tandoor-postgres + namespace: tandoor-system +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: longhorn +--- diff --git a/uptimekuma-system/uptimekuma.yaml b/uptimekuma-system/uptimekuma.yaml new file mode 100644 index 0000000..9542e1b --- /dev/null +++ b/uptimekuma-system/uptimekuma.yaml @@ -0,0 +1,154 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: uptimekuma-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: uptimekuma + app.kubernetes.io/name: uptimekuma + app.kubernetes.io/version: 2.0.2 + name: uptimekuma + namespace: uptimekuma-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: uptimekuma + app.kubernetes.io/name: uptimekuma + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: uptimekuma + app.kubernetes.io/name: uptimekuma + app.kubernetes.io/version: 2.0.2 + spec: + containers: + - name: uptimekuma + image: louislam/uptime-kuma:2.0.2 + imagePullPolicy: IfNotPresent + env: + - name: TZ + value: Europe/Budapest + - name: UPTIME_KUMA_PORT + value: "3001" + ports: + - containerPort: 3001 + name: http + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 10 + failureThreshold: 3 + readinessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 50m + memory: 128Mi + volumeMounts: + - name: data + mountPath: /app/data + volumes: + - name: data + persistentVolumeClaim: + claimName: uptimekuma-data +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: uptimekuma + app.kubernetes.io/name: uptimekuma + app.kubernetes.io/version: 2.0.2 + name: uptimekuma + namespace: uptimekuma-system +spec: + type: ClusterIP + ports: + - name: http + port: 3001 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/instance: uptimekuma + app.kubernetes.io/name: uptimekuma +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + external-dns.alpha.kubernetes.io/hostname: uptimekuma.dooplex.hu,uptimekuma.home + nginx.ingress.kubernetes.io/proxy-body-size: 10m + nginx.ingress.kubernetes.io/ssl-redirect: "true" + # WebSocket support for real-time updates + nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" + labels: + app.kubernetes.io/instance: uptimekuma + app.kubernetes.io/name: uptimekuma + name: uptimekuma + namespace: uptimekuma-system +spec: + ingressClassName: nginx-internal + rules: + - host: uptimekuma.dooplex.hu + http: + paths: + - backend: + service: + name: uptimekuma + port: + number: 3001 + path: / + pathType: Prefix + - host: uptimekuma.home + http: + paths: + - backend: + service: + name: uptimekuma + port: + number: 3001 + path: / + pathType: Prefix + tls: + - hosts: + - uptimekuma.dooplex.hu + secretName: uptimekuma-tls +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/instance: uptimekuma + app.kubernetes.io/name: uptimekuma + name: uptimekuma-data + namespace: uptimekuma-system +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: longhorn +--- diff --git a/vaultwarde-system/vaultwarden.yaml b/vaultwarde-system/vaultwarden.yaml new file mode 100644 index 0000000..7f158b4 --- /dev/null +++ b/vaultwarde-system/vaultwarden.yaml @@ -0,0 +1,191 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: vaultwarden-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/version: 1.34.3 + name: vaultwarden + namespace: vaultwarden-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/name: vaultwarden + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/version: 1.34.3 + spec: + containers: + - name: vaultwarden + image: vaultwarden/server:1.34.3 + imagePullPolicy: IfNotPresent + env: + - name: TZ + value: Europe/Budapest + - name: DOMAIN + value: https://vaultwarden.dooplex.hu + - name: SIGNUPS_ALLOWED + value: "false" + - name: INVITATIONS_ALLOWED + value: "true" + - name: ADMIN_TOKEN + valueFrom: + secretKeyRef: + name: vaultwarden-admin + key: admin-token + - name: WEBSOCKET_ENABLED + value: "true" + - name: SMTP_HOST + valueFrom: + secretKeyRef: + name: smtp-credentials + key: host + - name: SMTP_PORT + valueFrom: + secretKeyRef: + name: smtp-credentials + key: port + - name: SMTP_SECURITY + value: starttls + - name: SMTP_USERNAME + valueFrom: + secretKeyRef: + name: smtp-credentials + key: username + - name: SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: smtp-credentials + key: password + - name: SMTP_FROM + valueFrom: + secretKeyRef: + name: smtp-credentials + key: from-address + - name: SMTP_FROM_NAME + value: Vaultwarden + ports: + - containerPort: 80 + name: http + protocol: TCP + livenessProbe: + httpGet: + path: /alive + port: http + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 10 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /alive + port: http + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 50m + memory: 128Mi + volumeMounts: + - name: data + mountPath: /data + volumes: + - name: data + persistentVolumeClaim: + claimName: vaultwarden-data +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/version: 1.34.3 + name: vaultwarden + namespace: vaultwarden-system +spec: + type: ClusterIP + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/name: vaultwarden +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + external-dns.alpha.kubernetes.io/hostname: vaultwarden.dooplex.hu,vaultwarden.home + nginx.ingress.kubernetes.io/proxy-body-size: 100m + nginx.ingress.kubernetes.io/ssl-redirect: "true" + labels: + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/name: vaultwarden + name: vaultwarden + namespace: vaultwarden-system +spec: + ingressClassName: nginx-internal + rules: + - host: vaultwarden.dooplex.hu + http: + paths: + - backend: + service: + name: vaultwarden + port: + number: 80 + path: / + pathType: Prefix + - host: vaultwarden.home + http: + paths: + - backend: + service: + name: vaultwarden + port: + number: 80 + path: / + pathType: Prefix + tls: + - hosts: + - vaultwarden.dooplex.hu + secretName: vaultwarden-tls +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/instance: vaultwarden + app.kubernetes.io/name: vaultwarden + name: vaultwarden-data + namespace: vaultwarden-system +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: longhorn +---