diff options
| author | Xe Iaso <me@xeiaso.net> | 2024-09-02 08:59:28 -0400 |
|---|---|---|
| committer | Xe Iaso <me@xeiaso.net> | 2024-09-02 09:00:31 -0400 |
| commit | 8a1fd98925fe1a1c93c1173cdafa71dd0d7cbef9 (patch) | |
| tree | 365ee4f7f3325da68e59bb4ef42c31acab4ea15d | |
| parent | 7b0d95abc8bc4222b25d2b21db8dc4bc359a156b (diff) | |
| download | x-8a1fd98925fe1a1c93c1173cdafa71dd0d7cbef9.tar.xz x-8a1fd98925fe1a1c93c1173cdafa71dd0d7cbef9.zip | |
kube/alrest: move stuff to kustomize
Signed-off-by: Xe Iaso <me@xeiaso.net>
20 files changed, 315 insertions, 42 deletions
diff --git a/kube/alrest/core/external-dns/1password.yaml b/kube/alrest/core/external-dns/1password.yaml new file mode 100644 index 0000000..ead83ea --- /dev/null +++ b/kube/alrest/core/external-dns/1password.yaml @@ -0,0 +1,7 @@ +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: aws-creds + namespace: external-dns +spec: + itemPath: "vaults/lc5zo4zjz3if3mkeuhufjmgmui/items/3xn7uf73xnzholrfk6tla5rhpa"
\ No newline at end of file diff --git a/kube/alrest/core/external-dns/clusterrole.yaml b/kube/alrest/core/external-dns/clusterrole.yaml new file mode 100644 index 0000000..d0278b3 --- /dev/null +++ b/kube/alrest/core/external-dns/clusterrole.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: external-dns +rules: +- apiGroups: [""] + resources: ["services","endpoints","pods"] + verbs: ["get","watch","list"] +- apiGroups: ["extensions","networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get","watch","list"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["list"] +- apiGroups: ["externaldns.k8s.io"] + resources: ["dnsendpoints"] + verbs: ["get","watch","list"] +- apiGroups: ["externaldns.k8s.io"] + resources: ["dnsendpoints/status"] + verbs: ["*"]
\ No newline at end of file diff --git a/kube/alrest/core/external-dns/clusterrolebinding.yaml b/kube/alrest/core/external-dns/clusterrolebinding.yaml new file mode 100644 index 0000000..186feec --- /dev/null +++ b/kube/alrest/core/external-dns/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: external-dns-viewer +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-dns +subjects: +- kind: ServiceAccount + name: external-dns + namespace: external-dns
\ No newline at end of file diff --git a/kube/alrest/core/external-dns/crd.yaml b/kube/alrest/core/external-dns/crd.yaml new file mode 100644 index 0000000..8d17ed3 --- /dev/null +++ b/kube/alrest/core/external-dns/crd.yaml @@ -0,0 +1,91 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + api-approved.kubernetes.io: "https://github.com/kubernetes-sigs/external-dns/pull/2007" + name: dnsendpoints.externaldns.k8s.io +spec: + group: externaldns.k8s.io + names: + kind: DNSEndpoint + listKind: DNSEndpointList + plural: dnsendpoints + singular: dnsendpoint + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DNSEndpointSpec defines the desired state of DNSEndpoint + properties: + endpoints: + items: + description: Endpoint is a high-level way of a connection between a service and an IP + properties: + dnsName: + description: The hostname of the DNS record + type: string + labels: + additionalProperties: + type: string + description: Labels stores labels defined for the Endpoint + type: object + providerSpecific: + description: ProviderSpecific stores provider specific config + items: + description: ProviderSpecificProperty holds the name and value of a configuration which is specific to individual DNS providers + properties: + name: + type: string + value: + type: string + type: object + type: array + recordTTL: + description: TTL for the record + format: int64 + type: integer + recordType: + description: RecordType type of record, e.g. CNAME, A, SRV, TXT etc + type: string + setIdentifier: + description: Identifier to distinguish multiple records with the same name and type (e.g. Route53 records with routing policies other than 'simple') + type: string + targets: + description: The targets the DNS record points to + items: + type: string + type: array + type: object + type: array + type: object + status: + description: DNSEndpointStatus defines the observed state of DNSEndpoint + properties: + observedGeneration: + description: The generation observed by the external-dns controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: []
\ No newline at end of file diff --git a/kube/alrest/core/external-dns/deployment-crd.yaml b/kube/alrest/core/external-dns/deployment-crd.yaml new file mode 100644 index 0000000..1392d8e --- /dev/null +++ b/kube/alrest/core/external-dns/deployment-crd.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: external-dns-crd + namespace: external-dns +spec: + strategy: + type: Recreate + selector: + matchLabels: + app: external-dns + template: + metadata: + labels: + app: external-dns + spec: + serviceAccountName: external-dns + containers: + - name: crd + image: registry.k8s.io/external-dns/external-dns:v0.14.0 + args: + - --source=crd # ingress is also possible + - --crd-source-apiversion=externaldns.k8s.io/v1alpha1 + - --crd-source-kind=DNSEndpoint + - --provider=aws + - --registry=dynamodb + - --dynamodb-region=ca-central-1 + env: + - name: AWS_REGION + value: us-east-1 + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-creds + key: AWS_ACCESS_KEY_ID + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-creds + key: AWS_SECRET_ACCESS_KEY
\ No newline at end of file diff --git a/kube/alrest/core/external-dns/deployment-ingress.yaml b/kube/alrest/core/external-dns/deployment-ingress.yaml new file mode 100644 index 0000000..ff4b5fa --- /dev/null +++ b/kube/alrest/core/external-dns/deployment-ingress.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: external-dns-ingress + namespace: external-dns +spec: + strategy: + type: Recreate + selector: + matchLabels: + app: external-dns + template: + metadata: + labels: + app: external-dns + spec: + serviceAccountName: external-dns + containers: + - name: ingress + image: registry.k8s.io/external-dns/external-dns:v0.14.0 + args: + - --source=ingress + - --default-targets=155.138.132.228 + - --provider=aws + - --registry=dynamodb + - --dynamodb-region=ca-central-1 + env: + - name: AWS_REGION + value: us-east-1 + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-creds + key: AWS_ACCESS_KEY_ID + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-creds + key: AWS_SECRET_ACCESS_KEY
\ No newline at end of file diff --git a/kube/alrest/core/external-dns/kustomization.yaml b/kube/alrest/core/external-dns/kustomization.yaml new file mode 100644 index 0000000..ce39287 --- /dev/null +++ b/kube/alrest/core/external-dns/kustomization.yaml @@ -0,0 +1,12 @@ +namespace: external-dns +resources: + - 1password.yaml + - clusterrole.yaml + - clusterrolebinding.yaml + - crd.yaml + - deployment-crd.yaml + - deployment-ingress.yaml + - namespace.yaml + - prod-issuer.yaml + - staging-issuer.yaml + - serviceaccount.yaml
\ No newline at end of file diff --git a/kube/alrest/core/external-dns/namespace.yaml b/kube/alrest/core/external-dns/namespace.yaml new file mode 100644 index 0000000..027e0af --- /dev/null +++ b/kube/alrest/core/external-dns/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: external-dns + annotations: + operator.1password.io/auto-restart: "true"
\ No newline at end of file diff --git a/kube/alrest/core/external-dns/prod-issuer.yaml b/kube/alrest/core/external-dns/prod-issuer.yaml new file mode 100644 index 0000000..d8eeaf9 --- /dev/null +++ b/kube/alrest/core/external-dns/prod-issuer.yaml @@ -0,0 +1,18 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod +spec: + acme: + # The ACME server URL + server: https://acme-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: me@xeiaso.net + # Name of a secret used to store the ACME account private key + privateKeySecretRef: + name: letsencrypt-prod + # Enable the HTTP-01 challenge provider + solvers: + - http01: + ingress: + ingressClassName: nginx
\ No newline at end of file diff --git a/kube/alrest/core/external-dns/serviceaccount.yaml b/kube/alrest/core/external-dns/serviceaccount.yaml new file mode 100644 index 0000000..479610c --- /dev/null +++ b/kube/alrest/core/external-dns/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: external-dns + namespace: external-dns
\ No newline at end of file diff --git a/kube/alrest/core/external-dns/staging-issuer.yaml b/kube/alrest/core/external-dns/staging-issuer.yaml new file mode 100644 index 0000000..6d015ac --- /dev/null +++ b/kube/alrest/core/external-dns/staging-issuer.yaml @@ -0,0 +1,18 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + # You must replace this email address with your own. + # Let's Encrypt will use this to contact you about expiring + # certificates, and issues related to your account. + email: me@xeiaso.net + server: https://acme-staging-v02.api.letsencrypt.org/directory + privateKeySecretRef: + # Secret resource that will be used to store the account's private key. + name: letsencrypt-staging-acme-key + solvers: + - http01: + ingress: + ingressClassName: nginx
\ No newline at end of file diff --git a/kube/alrest/core/kustomization.yaml b/kube/alrest/core/kustomization.yaml new file mode 100644 index 0000000..34d0ca3 --- /dev/null +++ b/kube/alrest/core/kustomization.yaml @@ -0,0 +1,3 @@ +resources: + - external-dns + - nfs-provisioner
\ No newline at end of file diff --git a/kube/alrest/nfs-provisioner/kustomization.yaml b/kube/alrest/core/nfs-provisioner/kustomization.yaml index 91e28f4..91e28f4 100644 --- a/kube/alrest/nfs-provisioner/kustomization.yaml +++ b/kube/alrest/core/nfs-provisioner/kustomization.yaml diff --git a/kube/alrest/nfs-provisioner/namespace.yaml b/kube/alrest/core/nfs-provisioner/namespace.yaml index ff60d7d..ff60d7d 100644 --- a/kube/alrest/nfs-provisioner/namespace.yaml +++ b/kube/alrest/core/nfs-provisioner/namespace.yaml diff --git a/kube/alrest/nfs-provisioner/patch_nfs_details.yaml b/kube/alrest/core/nfs-provisioner/patch_nfs_details.yaml index 1d4cbb5..1d4cbb5 100644 --- a/kube/alrest/nfs-provisioner/patch_nfs_details.yaml +++ b/kube/alrest/core/nfs-provisioner/patch_nfs_details.yaml diff --git a/kube/alrest/ollama/ollama.yaml b/kube/alrest/ollama/deployment.yaml index 2ebb38b..4168722 100644 --- a/kube/alrest/ollama/ollama.yaml +++ b/kube/alrest/ollama/deployment.yaml @@ -1,26 +1,3 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: ollama - labels: - xeiaso.net/project: ollama ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: ollama - namespace: ollama - labels: - xeiaso.net/project: ollama -spec: - accessModes: - - ReadWriteOnce - storageClassName: "longhorn" - resources: - requests: - storage: 64Gi ---- apiVersion: apps/v1 kind: Deployment metadata: @@ -87,22 +64,4 @@ spec: periodSeconds: 5 timeoutSeconds: 5 successThreshold: 1 - failureThreshold: 5 ---- -apiVersion: v1 -kind: Service -metadata: - name: ollama - namespace: ollama - labels: - xeiaso.net/project: ollama - annotations: {} -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: ollama
\ No newline at end of file + failureThreshold: 5
\ No newline at end of file diff --git a/kube/alrest/ollama/kustomization.yaml b/kube/alrest/ollama/kustomization.yaml new file mode 100644 index 0000000..ec31c78 --- /dev/null +++ b/kube/alrest/ollama/kustomization.yaml @@ -0,0 +1,6 @@ +namespace: ollama +resources: + - namespace.yaml + - pvc.yaml + - deployment.yaml + - service.yaml
\ No newline at end of file diff --git a/kube/alrest/ollama/namespace.yaml b/kube/alrest/ollama/namespace.yaml new file mode 100644 index 0000000..0d547a4 --- /dev/null +++ b/kube/alrest/ollama/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: ollama + labels: + xeiaso.net/project: ollama
\ No newline at end of file diff --git a/kube/alrest/ollama/pvc.yaml b/kube/alrest/ollama/pvc.yaml new file mode 100644 index 0000000..f23364c --- /dev/null +++ b/kube/alrest/ollama/pvc.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: ollama + namespace: ollama + labels: + xeiaso.net/project: ollama +spec: + accessModes: + - ReadWriteOnce + storageClassName: "longhorn" + resources: + requests: + storage: 64Gi
\ No newline at end of file diff --git a/kube/alrest/ollama/service.yaml b/kube/alrest/ollama/service.yaml new file mode 100644 index 0000000..afb4c7d --- /dev/null +++ b/kube/alrest/ollama/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: ollama + namespace: ollama + labels: + xeiaso.net/project: ollama + annotations: {} +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: ollama
\ No newline at end of file |