diff --git a/helm/cert-manager/values.yaml b/helm/cert-manager/values.yaml new file mode 100644 index 0000000..dbf3773 --- /dev/null +++ b/helm/cert-manager/values.yaml @@ -0,0 +1,19 @@ +--- +image: + repository: quay.io/jetstack/cert-manager-controller + tag: v1.16.0 +webhook: + image: + repository: quay.io/jetstack/cert-manager-webhook + tag: v1.16.0 +cainjector: + image: + repository: quay.io/jetstack/cert-manager-cainjector + tag: v1.16.0 + +crds: + enabled: true + +extraArgs: + - --dns01-recursive-nameservers-only + - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53 diff --git a/helm/longhorn/values.yaml b/helm/longhorn/values.yaml new file mode 100644 index 0000000..934f16c --- /dev/null +++ b/helm/longhorn/values.yaml @@ -0,0 +1,53 @@ +--- +image: + longhorn: + engine: + repository: "longhornio/longhorn-engine" + tag: "v1.7.2" + manager: + repository: "longhornio/longhorn-manager" + tag: "v1.7.2" + ui: + repository: "longhornio/longhorn-ui" + tag: "v1.7.2" + instanceManager: + repository: "longhornio/longhorn-instance-manager" + tag: "v1.7.2" + shareManager: + repository: "longhornio/longhorn-share-manager" + tag: "v1.7.2" + backingImageManager: + repository: "longhornio/backing-image-manager" + tag: "v1.7.2" + supportBundleKit: + repository: "longhornio/support-bundle-kit" + tag: "v0.0.45" + csi: + attacher: + repository: "longhornio/csi-attacher" + tag: "v4.7.0" + provisioner: + repository: "longhornio/csi-provisioner" + tag: "v5.1.0" + nodeDriverRegistrar: + repository: "longhornio/csi-node-driver-registrar" + tag: "v2.12.0" + resizer: + repository: "longhornio/csi-resizer" + tag: "v1.12.0" + snapshotter: + repository: "longhornio/csi-snapshotter" + tag: "v8.1.0" + livenessProbe: + repository: "longhornio/livenessprobe" + tag: "v2.14.0" + +# --> (Optional) Reduce the number of replicas of Longhorn UI +# longhornUI: +# replicas: 1 +# <-- + +# --> (Optional) Change the default settings, like Backup Target here... +# defaultSettings: +# backupTarget: "your-backup-target" # <-- Replace with your backup target +# <-- diff --git a/helm/portainer/values.yaml b/helm/portainer/values.yaml new file mode 100644 index 0000000..ec1a4f4 --- /dev/null +++ b/helm/portainer/values.yaml @@ -0,0 +1,27 @@ +--- +image: + repository: portainer/portainer-ce + tag: 2.22.0 + pullPolicy: IfNotPresent + +service: + type: ClusterIP + +# --> (Optional) When you want to automatically create an Ingress +# ingress: +# enabled: true +# hosts: +# - host: "your-fqdn" # <-- Replace with your FQDN +# paths: +# - path: / +# port: "9000" +# tls: +# - secretName: portainer-certificate-secret +# hosts: +# - "your-fqdn" # <-- Replace with your FQDN +# <-- + +# --> (Optional) When using an existing PVC +# persistence: +# existingClaim: "portainer" +# <-- diff --git a/helm/traefik/values.yaml b/helm/traefik/values.yaml new file mode 100644 index 0000000..ddf4d28 --- /dev/null +++ b/helm/traefik/values.yaml @@ -0,0 +1,19 @@ +image: + repository: traefik + version: v3.1.4 + pullPolicy: IfNotPresent + +# --> (Optional) Change log settings here... +# logs: +# general: +# level: ERROR +# access: +# enabled: false +# <-- + +# --> (Optional) Redirect HTTP to HTTPs by default +# ports: +# web: +# redirectTo: +# port: websecure +# <-- diff --git a/kubernetes/cert-manager/certificate.yaml.example b/kubernetes/cert-manager/certificate.yaml.example new file mode 100644 index 0000000..faa1b3c --- /dev/null +++ b/kubernetes/cert-manager/certificate.yaml.example @@ -0,0 +1,13 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: your-certificate # <-- Replace with your certificate name + namespace: your-namespace # <-- Replace with your namespace +spec: + secretName: your-secret # <-- Replace with your secret name + issuerRef: + name: clusterissuer # <-- Replace with your issuer name + kind: ClusterIssuer + dnsNames: + - your-hostname # <-- Replace with your hostname diff --git a/kubernetes/cert-manager/clusterissuer-secret.yaml b/kubernetes/cert-manager/clusterissuer-secret.yaml new file mode 100644 index 0000000..29a5ee4 --- /dev/null +++ b/kubernetes/cert-manager/clusterissuer-secret.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: cloudflare-api-token-secret + namespace: cert-manager +type: Opaque +data: + api-token: your-api-token # <-- Replace with your Cloudflare API token diff --git a/kubernetes/cert-manager/clusterissuer.yaml b/kubernetes/cert-manager/clusterissuer.yaml new file mode 100644 index 0000000..f1b25af --- /dev/null +++ b/kubernetes/cert-manager/clusterissuer.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: cloudflare-clusterissuer +spec: + acme: + email: your-email@address # <-- Replace with your email address + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: cloudflare-clusterissuer-account-key + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + name: cloudflare-api-token-secret + key: api-token diff --git a/kubernetes/certmanager/README.md b/kubernetes/certmanager/README.md deleted file mode 100644 index 28e8b11..0000000 --- a/kubernetes/certmanager/README.md +++ /dev/null @@ -1,32 +0,0 @@ -# Kubernetes Cert-Manager Installation Guide - -Here is the installation guide for Cert-Manager and the complete configuration. - -## Deployment - -### 1. Add the Helm Repository & Update - -```bash -helm repo add jetstack https://charts.jetstack.io -helm repo update -``` - -### 2. Install Cert-Manager with Helm & CRDs - -```bash -helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true -``` - -## Configuration - -Add your Issuer or ClusterIssuer Objects, Credentails and Certificates. - -_For more info visit:_ [Official Cert-Manager Documentation](https://cert-manager.io/docs/) - -## Best-Practices & Post-Installation - -## Troubleshooting - -You can troubleshoot issues and inspect log entries for the Certificate Objects with the `kubectl describe` command. - -_For more info visit:_ [Official Cert-Manager Troubleshooting Guide](https://cert-manager.io/docs/faq/troubleshooting/) diff --git a/kubernetes/certmanager/default-values.yml b/kubernetes/certmanager/default-values.yml deleted file mode 100644 index 2603de0..0000000 --- a/kubernetes/certmanager/default-values.yml +++ /dev/null @@ -1,516 +0,0 @@ -# Default values for cert-manager. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -global: - ## Reference to one or more secrets to be used when pulling images - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - imagePullSecrets: [] - # - name: "image-pull-secret" - - # Optional priority class to be used for the cert-manager pods - priorityClassName: "" - rbac: - create: true - - podSecurityPolicy: - enabled: false - useAppArmor: true - - # Set the verbosity of cert-manager. Range of 0 - 6 with 6 being the most verbose. - logLevel: 2 - - leaderElection: - # Override the namespace used to store the ConfigMap for leader election - namespace: "kube-system" - - # The duration that non-leader candidates will wait after observing a - # leadership renewal until attempting to acquire leadership of a led but - # unrenewed leader slot. This is effectively the maximum duration that a - # leader can be stopped before it is replaced by another candidate. - # leaseDuration: 60s - - # The interval between attempts by the acting master to renew a leadership - # slot before it stops leading. This must be less than or equal to the - # lease duration. - # renewDeadline: 40s - - # The duration the clients should wait between attempting acquisition and - # renewal of a leadership. - # retryPeriod: 15s - -installCRDs: false - -replicaCount: 1 - -strategy: {} - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 0 - # maxUnavailable: 1 - -# Comma separated list of feature gates that should be enabled on the -# controller pod. -featureGates: "" - -image: - repository: quay.io/jetstack/cert-manager-controller - # You can manage a registry with - # registry: quay.io - # repository: jetstack/cert-manager-controller - - # Override the image tag to deploy by setting this variable. - # If no value is set, the chart's appVersion will be used. - # tag: canary - - # Setting a digest will override any tag - # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 - pullPolicy: IfNotPresent - -# Override the namespace used to store DNS provider credentials etc. for ClusterIssuer -# resources. By default, the same namespace as cert-manager is deployed within is -# used. This namespace will not be automatically created by the Helm chart. -clusterResourceNamespace: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - # name: "" - # Optional additional annotations to add to the controller's ServiceAccount - # annotations: {} - # Automount API credentials for a Service Account. - automountServiceAccountToken: true - -# Additional command line flags to pass to cert-manager controller binary. -# To see all available flags run docker run quay.io/jetstack/cert-manager-controller: --help -extraArgs: [] - # When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted - # - --enable-certificate-owner-ref=true - # Use this flag to enabled or disable arbitrary controllers, for example, disable the CertificiateRequests approver - # - --controllers=*,-certificaterequests-approver - -extraEnv: [] -# - name: SOME_VAR -# value: 'some value' - -resources: {} - # requests: - # cpu: 10m - # memory: 32Mi - -# Pod Security Context -# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -securityContext: - runAsNonRoot: true -# legacy securityContext parameter format: if enabled is set to true, only fsGroup and runAsUser are supported -# securityContext: -# enabled: false -# fsGroup: 1001 -# runAsUser: 1001 -# to support additional securityContext parameters, omit the `enabled` parameter and simply specify the parameters -# you want to set, e.g. -# securityContext: -# fsGroup: 1000 -# runAsUser: 1000 -# runAsNonRoot: true - -# Container Security Context to be set on the controller component container -# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -containerSecurityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - - -volumes: [] - -volumeMounts: [] - -# Optional additional annotations to add to the controller Deployment -# deploymentAnnotations: {} - -# Optional additional annotations to add to the controller Pods -# podAnnotations: {} - -podLabels: {} - -# Optional annotations to add to the controller Service -# serviceAnnotations: {} - -# Optional additional labels to add to the controller Service -# serviceLabels: {} - -# Optional DNS settings, useful if you have a public and private DNS zone for -# the same domain on Route 53. What follows is an example of ensuring -# cert-manager can access an ingress or DNS TXT records at all times. -# NOTE: This requires Kubernetes 1.10 or `CustomPodDNS` feature gate enabled for -# the cluster to work. -# podDnsPolicy: "None" -# podDnsConfig: -# nameservers: -# - "1.1.1.1" -# - "8.8.8.8" - -nodeSelector: {} - -ingressShim: {} - # defaultIssuerName: "" - # defaultIssuerKind: "" - # defaultIssuerGroup: "" - -prometheus: - enabled: true - servicemonitor: - enabled: false - prometheusInstance: default - targetPort: 9402 - path: /metrics - interval: 60s - scrapeTimeout: 30s - labels: {} - honorLabels: false - -# Use these variables to configure the HTTP_PROXY environment variables -# http_proxy: "http://proxy:8080" -# https_proxy: "https://proxy:8080" -# no_proxy: 127.0.0.1,localhost - -# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core -# for example: -# affinity: -# nodeAffinity: -# requiredDuringSchedulingIgnoredDuringExecution: -# nodeSelectorTerms: -# - matchExpressions: -# - key: foo.bar.com/role -# operator: In -# values: -# - master -affinity: {} - -# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core -# for example: -# tolerations: -# - key: foo.bar.com/role -# operator: Equal -# value: master -# effect: NoSchedule -tolerations: [] - -webhook: - replicaCount: 1 - timeoutSeconds: 10 - - # Used to configure options for the webhook pod. - # This allows setting options that'd usually be provided via flags. - # An APIVersion and Kind must be specified in your values.yaml file. - # Flags will override options that are set here. - config: - # apiVersion: webhook.config.cert-manager.io/v1alpha1 - # kind: WebhookConfiguration - - # The port that the webhook should listen on for requests. - # In GKE private clusters, by default kubernetes apiservers are allowed to - # talk to the cluster nodes only on 443 and 10250. so configuring - # securePort: 10250, will work out of the box without needing to add firewall - # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000. - # This should be uncommented and set as a default by the chart once we graduate - # the apiVersion of WebhookConfiguration past v1alpha1. - # securePort: 10250 - - strategy: {} - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 0 - # maxUnavailable: 1 - - # Pod Security Context to be set on the webhook component Pod - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - securityContext: - runAsNonRoot: true - - # Container Security Context to be set on the webhook component container - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - containerSecurityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - - # Optional additional annotations to add to the webhook Deployment - # deploymentAnnotations: {} - - # Optional additional annotations to add to the webhook Pods - # podAnnotations: {} - - # Optional additional annotations to add to the webhook Service - # serviceAnnotations: {} - - # Optional additional annotations to add to the webhook MutatingWebhookConfiguration - # mutatingWebhookConfigurationAnnotations: {} - - # Optional additional annotations to add to the webhook ValidatingWebhookConfiguration - # validatingWebhookConfigurationAnnotations: {} - - # Additional command line flags to pass to cert-manager webhook binary. - # To see all available flags run docker run quay.io/jetstack/cert-manager-webhook: --help - extraArgs: [] - # Path to a file containing a WebhookConfiguration object used to configure the webhook - # - --config= - - resources: {} - # requests: - # cpu: 10m - # memory: 32Mi - - ## Liveness and readiness probe values - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - - nodeSelector: {} - - affinity: {} - - tolerations: [] - - # Optional additional labels to add to the Webhook Pods - podLabels: {} - - # Optional additional labels to add to the Webhook Service - serviceLabels: {} - - image: - repository: quay.io/jetstack/cert-manager-webhook - # You can manage a registry with - # registry: quay.io - # repository: jetstack/cert-manager-webhook - - # Override the image tag to deploy by setting this variable. - # If no value is set, the chart's appVersion will be used. - # tag: canary - - # Setting a digest will override any tag - # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 - - pullPolicy: IfNotPresent - - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - # name: "" - # Optional additional annotations to add to the controller's ServiceAccount - # annotations: {} - # Automount API credentials for a Service Account. - automountServiceAccountToken: true - - # The port that the webhook should listen on for requests. - # In GKE private clusters, by default kubernetes apiservers are allowed to - # talk to the cluster nodes only on 443 and 10250. so configuring - # securePort: 10250, will work out of the box without needing to add firewall - # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000 - securePort: 10250 - - # Specifies if the webhook should be started in hostNetwork mode. - # - # Required for use in some managed kubernetes clusters (such as AWS EKS) with custom - # CNI (such as calico), because control-plane managed by AWS cannot communicate - # with pods' IP CIDR and admission webhooks are not working - # - # Since the default port for the webhook conflicts with kubelet on the host - # network, `webhook.securePort` should be changed to an available port if - # running in hostNetwork mode. - hostNetwork: false - - # Specifies how the service should be handled. Useful if you want to expose the - # webhook to outside of the cluster. In some cases, the control plane cannot - # reach internal services. - serviceType: ClusterIP - # loadBalancerIP: - - # Overrides the mutating webhook and validating webhook so they reach the webhook - # service using the `url` field instead of a service. - url: {} - # host: - -cainjector: - enabled: true - replicaCount: 1 - - strategy: {} - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 0 - # maxUnavailable: 1 - - # Pod Security Context to be set on the cainjector component Pod - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - securityContext: - runAsNonRoot: true - - # Container Security Context to be set on the cainjector component container - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - containerSecurityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - - - # Optional additional annotations to add to the cainjector Deployment - # deploymentAnnotations: {} - - # Optional additional annotations to add to the cainjector Pods - # podAnnotations: {} - - # Additional command line flags to pass to cert-manager cainjector binary. - # To see all available flags run docker run quay.io/jetstack/cert-manager-cainjector: --help - extraArgs: [] - # Enable profiling for cainjector - # - --enable-profiling=true - - resources: {} - # requests: - # cpu: 10m - # memory: 32Mi - - nodeSelector: {} - - affinity: {} - - tolerations: [] - - # Optional additional labels to add to the CA Injector Pods - podLabels: {} - - image: - repository: quay.io/jetstack/cert-manager-cainjector - # You can manage a registry with - # registry: quay.io - # repository: jetstack/cert-manager-cainjector - - # Override the image tag to deploy by setting this variable. - # If no value is set, the chart's appVersion will be used. - # tag: canary - - # Setting a digest will override any tag - # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 - - pullPolicy: IfNotPresent - - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - # name: "" - # Optional additional annotations to add to the controller's ServiceAccount - # annotations: {} - # Automount API credentials for a Service Account. - automountServiceAccountToken: true - -# This startupapicheck is a Helm post-install hook that waits for the webhook -# endpoints to become available. -# The check is implemented using a Kubernetes Job- if you are injecting mesh -# sidecar proxies into cert-manager pods, you probably want to ensure that they -# are not injected into this Job's pod. Otherwise the installation may time out -# due to the Job never being completed because the sidecar proxy does not exit. -# See https://github.com/jetstack/cert-manager/pull/4414 for context. -startupapicheck: - enabled: true - - # Pod Security Context to be set on the startupapicheck component Pod - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - securityContext: - runAsNonRoot: true - - # Timeout for 'kubectl check api' command - timeout: 1m - - # Job backoffLimit - backoffLimit: 4 - - # Optional additional annotations to add to the startupapicheck Job - jobAnnotations: - helm.sh/hook: post-install - helm.sh/hook-weight: "1" - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - - # Optional additional annotations to add to the startupapicheck Pods - # podAnnotations: {} - - # Additional command line flags to pass to startupapicheck binary. - # To see all available flags run docker run quay.io/jetstack/cert-manager-ctl: --help - extraArgs: [] - - resources: {} - # requests: - # cpu: 10m - # memory: 32Mi - - nodeSelector: {} - - affinity: {} - - tolerations: [] - - # Optional additional labels to add to the startupapicheck Pods - podLabels: {} - - image: - repository: quay.io/jetstack/cert-manager-ctl - # You can manage a registry with - # registry: quay.io - # repository: jetstack/cert-manager-ctl - - # Override the image tag to deploy by setting this variable. - # If no value is set, the chart's appVersion will be used. - # tag: canary - - # Setting a digest will override any tag - # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 - - pullPolicy: IfNotPresent - - rbac: - # annotations for the startup API Check job RBAC and PSP resources - annotations: - helm.sh/hook: post-install - helm.sh/hook-weight: "-5" - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - - serviceAccount: - # Specifies whether a service account should be created - create: true - - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - # name: "" - - # Optional additional annotations to add to the Job's ServiceAccount - annotations: - helm.sh/hook: post-install - helm.sh/hook-weight: "-5" - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - - # Automount API credentials for a Service Account. - automountServiceAccountToken: true diff --git a/kubernetes/certmanager/templates/certificate.yaml b/kubernetes/certmanager/templates/certificate.yaml deleted file mode 100644 index f56d7d5..0000000 --- a/kubernetes/certmanager/templates/certificate.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: your-certificate - namespace: your-namespace -spec: - secretName: your-secret - issuerRef: - name: ssl-issuer - kind: ClusterIssuer - dnsNames: - - your-hostname diff --git a/kubernetes/certmanager/templates/clusterissuer-acme.yml b/kubernetes/certmanager/templates/clusterissuer-acme.yml deleted file mode 100644 index da57efb..0000000 --- a/kubernetes/certmanager/templates/clusterissuer-acme.yml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: acme-issuer -spec: - acme: - # Configure your email here... - # --- - # email: your-email@address - - # Configure your server here... - # --- - # Letsencrypt Production - # server: https://acme-v02.api.letsencrypt.org/directory - # - or - - # Letsencrypt Staging - # server: https://acme-staging-v02.api.letsencrypt.org/directory - - privateKeySecretRef: - name: example-issuer-account-key - solvers: - # Configure DNS or HTTP Challenge here... - # --- - # DNS Challenge: - # - dns01: - # Configure your DNS Provider here... - # --- - # cloudflare: - # email: your-email@address - # API Key: - # apiKeySecretRef: - # name: cloudflare-api-key-secret - # key: api-key - # - or - - # API Token: - # apiTokenSecretRef: - # name: cloudflare-api-token-secret - # key: api-token - # (Optional) Add DNS selectors - # --- - # selector: - # dnsZones: - # - 'your-domain' - - # HTTP Challenge: - # - http01: - # ingress: - # class: traefik diff --git a/kubernetes/certmanager/templates/clusterissuer-selfsigned.yml b/kubernetes/certmanager/templates/clusterissuer-selfsigned.yml deleted file mode 100644 index 56366fa..0000000 --- a/kubernetes/certmanager/templates/clusterissuer-selfsigned.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: selfsigned-issuer -spec: - selfSigned: {} diff --git a/kubernetes/certmanager/templates/issuer-acme.yml b/kubernetes/certmanager/templates/issuer-acme.yml deleted file mode 100644 index 359b5bb..0000000 --- a/kubernetes/certmanager/templates/issuer-acme.yml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: acme-issuer - # (Optional) Metadata - # --- - # namespace: your-namespace -spec: - acme: - # Configure your email here... - # --- - # email: your-email@address - - # Configure your server here... - # --- - # Letsencrypt Production - # server: https://acme-v02.api.letsencrypt.org/directory - # - or - - # Letsencrypt Staging - # server: https://acme-staging-v02.api.letsencrypt.org/directory - - privateKeySecretRef: - name: example-issuer-account-key - solvers: - # Configure DNS or HTTP Challenge here... - # --- - # DNS Challenge: - # - dns01: - # Configure your DNS Provider here... - # --- - # cloudflare: - # email: your-email@address - # API Key: - # apiKeySecretRef: - # name: cloudflare-api-key-secret - # key: api-key - # - or - - # API Token: - # apiTokenSecretRef: - # name: cloudflare-api-token-secret - # key: api-token - # (Optional) Add DNS selectors - # --- - # selector: - # dnsZones: - # - 'your-domain' - - # HTTP Challenge: - # - http01: - # ingress: - # class: traefik diff --git a/kubernetes/certmanager/templates/issuer-selfsigned.yml b/kubernetes/certmanager/templates/issuer-selfsigned.yml deleted file mode 100644 index ae1264f..0000000 --- a/kubernetes/certmanager/templates/issuer-selfsigned.yml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: selfsigned-issuer - # (Optional) Metadata - # --- - # namespace: your-namespace -spec: - selfSigned: {} diff --git a/kubernetes/certmanager/templates/secret-cloudflare.yml b/kubernetes/certmanager/templates/secret-cloudflare.yml deleted file mode 100644 index 9601e46..0000000 --- a/kubernetes/certmanager/templates/secret-cloudflare.yml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: cloudflare-api-key-secret - namespace: cert-manager -type: Opaque -stringData: - # Configure your API Key or Credentials here... - # --- - # API Key: - # api-key: your-api-key - # - or - - # Token: - # api-token: your-api-token diff --git a/kubernetes/longhorn/certificate.yaml b/kubernetes/longhorn/certificate.yaml new file mode 100644 index 0000000..0efedb7 --- /dev/null +++ b/kubernetes/longhorn/certificate.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: longhorn-certificate + namespace: longhorn-system +spec: + secretName: longhorn-certificate-secret + dnsNames: + - your-fqdn # <-- Replace with your FQDN + issuerRef: + name: cloudflare-clusterissuer + kind: ClusterIssuer diff --git a/kubernetes/longhorn/ingressroute.yaml b/kubernetes/longhorn/ingressroute.yaml new file mode 100644 index 0000000..e530a02 --- /dev/null +++ b/kubernetes/longhorn/ingressroute.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: longhorn-ingressroute + namespace: longhorn-system +spec: + entryPoints: + - websecure + routes: + - match: Host(`your-fqdn`) # <-- Replace with your FQDN + kind: Rule + services: + - name: longhorn-frontend + port: 80 + tls: + secretName: longhorn-certificate-secret diff --git a/kubernetes/nginx-http/nginx-http-cm.yml b/kubernetes/nginx-http/nginx-http-cm.yml deleted file mode 100644 index 2634376..0000000 --- a/kubernetes/nginx-http/nginx-http-cm.yml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-http-cm -data: - # key: value - # file: | - # content - # --- - nginx.conf: | - user nginx; - worker_processes 1; - events { - worker_connections 10240; - } - http { - server { - listen 80; - server_name _; - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - location /test { - return 401; - } - } - } diff --git a/kubernetes/nginx-http/nginx-http-deploy.yml b/kubernetes/nginx-http/nginx-http-deploy.yml deleted file mode 100644 index 7feca54..0000000 --- a/kubernetes/nginx-http/nginx-http-deploy.yml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx-http -spec: - replicas: 1 - selector: - matchLabels: - app: nginx-http - template: - metadata: - labels: - app: nginx-http - spec: - containers: - - name: nginx-http - image: nginx:1.27.2 - ports: - - name: web - containerPort: 80 - volumeMounts: - - name: nginx-http-cm - mountPath: /etc/nginx - - name: nginx-http-vol - mountPath: /usr/share/nginx/html - volumes: - - name: nginx-http-cm - configMap: - name: nginx-http-cm - - name: nginx-http-vol - hostPath: - path: /var/nginxserver diff --git a/kubernetes/nginx-http/nginx-http-svc.yml b/kubernetes/nginx-http/nginx-http-svc.yml deleted file mode 100644 index bb96e60..0000000 --- a/kubernetes/nginx-http/nginx-http-svc.yml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: nginx-http-svc - labels: - app: nginx-http -spec: - type: LoadBalancer - ports: - - port: 30080 - targetPort: 80 - protocol: TCP - name: http - selector: - app: nginx-http diff --git a/kubernetes/portainer/README.md b/kubernetes/portainer/README.md deleted file mode 100644 index 3aa8104..0000000 --- a/kubernetes/portainer/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Kubernetes Portainer - -You can add an additional description here. diff --git a/kubernetes/portainer/certificate.yaml b/kubernetes/portainer/certificate.yaml new file mode 100644 index 0000000..85e23f3 --- /dev/null +++ b/kubernetes/portainer/certificate.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: portainer-ingressroute-certificate + namespace: portainer +spec: + secretName: portainer-certificate-secret + issuerRef: + name: cloudflare-clusterissuer + kind: ClusterIssuer + dnsNames: + - your-fqdn # <-- Replace with your FQDN diff --git a/kubernetes/portainer/ingressroute.yaml b/kubernetes/portainer/ingressroute.yaml new file mode 100644 index 0000000..757128b --- /dev/null +++ b/kubernetes/portainer/ingressroute.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: portainer-ingressroute + namespace: portainer +spec: + entryPoints: + - websecure + routes: + - match: Host(`your-fqdn`) # <-- Replace with your FQDN + kind: Rule + services: + - name: portainer + port: 9000 + tls: + secretName: portainer-certificate-secret diff --git a/kubernetes/portainer/templates/portainer-ingress.yml b/kubernetes/portainer/templates/portainer-ingress.yml deleted file mode 100644 index 1431341..0000000 --- a/kubernetes/portainer/templates/portainer-ingress.yml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: nginx - namespace: wp-clcreative -spec: - rules: - - host: portainer.your-domain.com - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: portainer - port: - number: 9000 diff --git a/kubernetes/portainer/values.yml b/kubernetes/portainer/values.yml deleted file mode 100644 index 8b13789..0000000 --- a/kubernetes/portainer/values.yml +++ /dev/null @@ -1 +0,0 @@ - diff --git a/kubernetes/templates/certificate.yaml b/kubernetes/templates/certificate.yaml deleted file mode 100644 index f56d7d5..0000000 --- a/kubernetes/templates/certificate.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: your-certificate - namespace: your-namespace -spec: - secretName: your-secret - issuerRef: - name: ssl-issuer - kind: ClusterIssuer - dnsNames: - - your-hostname diff --git a/kubernetes/templates/cm-and-secrets/mysql-deploy.yml b/kubernetes/templates/cm-and-secrets/mysql-deploy.yml deleted file mode 100644 index dc9a1a9..0000000 --- a/kubernetes/templates/cm-and-secrets/mysql-deploy.yml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mysql -spec: - replicas: 1 - selector: - matchLabels: - app: mysql - template: - metadata: - labels: - app: mysql - spec: - containers: - - image: mysql:5.7 - name: mysql - env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: mysql-secret - key: root-pass - ports: - - name: mysql - containerPort: 3306 -# volumeMounts: -# - name: mysql-vol -# mountPath: /var/lib/mysql -# volumes: -# - name: mysql-vol -# hostPath: -# path: /var/mysql-data diff --git a/kubernetes/templates/cm-and-secrets/mysql-secret.yml b/kubernetes/templates/cm-and-secrets/mysql-secret.yml deleted file mode 100644 index 9c5f7c2..0000000 --- a/kubernetes/templates/cm-and-secrets/mysql-secret.yml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: mysql-secret -type: Opaque -stringData: - root-pass: test123 diff --git a/kubernetes/templates/cm-and-secrets/nginx-http-cm.yml b/kubernetes/templates/cm-and-secrets/nginx-http-cm.yml deleted file mode 100644 index 2634376..0000000 --- a/kubernetes/templates/cm-and-secrets/nginx-http-cm.yml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-http-cm -data: - # key: value - # file: | - # content - # --- - nginx.conf: | - user nginx; - worker_processes 1; - events { - worker_connections 10240; - } - http { - server { - listen 80; - server_name _; - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - location /test { - return 401; - } - } - } diff --git a/kubernetes/templates/cm-and-secrets/nginx-http-deploy.yml b/kubernetes/templates/cm-and-secrets/nginx-http-deploy.yml deleted file mode 100644 index c691685..0000000 --- a/kubernetes/templates/cm-and-secrets/nginx-http-deploy.yml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx-http -spec: - replicas: 1 - selector: - matchLabels: - app: nginx-http - template: - metadata: - labels: - app: nginx-http - spec: - containers: - - name: nginx-http - image: nginx - ports: - - name: web - containerPort: 80 - volumeMounts: - - name: nginx-http-cm - mountPath: /etc/nginx - - name: nginx-http-vol - mountPath: /usr/share/nginx/html - volumes: - - name: nginx-http-cm - configMap: - name: nginx-http-cm - - name: nginx-http-vol - hostPath: - path: /var/nginxserver diff --git a/kubernetes/templates/cm-and-secrets/nginx-http-svc.yml b/kubernetes/templates/cm-and-secrets/nginx-http-svc.yml deleted file mode 100644 index bb96e60..0000000 --- a/kubernetes/templates/cm-and-secrets/nginx-http-svc.yml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: nginx-http-svc - labels: - app: nginx-http -spec: - type: LoadBalancer - ports: - - port: 30080 - targetPort: 80 - protocol: TCP - name: http - selector: - app: nginx-http diff --git a/kubernetes/templates/cm-and-secrets/nginx-https-cm.yml b/kubernetes/templates/cm-and-secrets/nginx-https-cm.yml deleted file mode 100644 index 5f95e5f..0000000 --- a/kubernetes/templates/cm-and-secrets/nginx-https-cm.yml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-https-cm -data: - nginx.conf: | - user nginx; - worker_processes 1; - events { - worker_connections 10240; - } - http { - server { - listen 80; - listen 443 ssl; - - server_name _; - - ssl_certificate /etc/nginx/ssl/server-cert.pem; - ssl_certificate_key /etc/nginx/ssl/server-key.pem; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - } - } diff --git a/kubernetes/templates/cm-and-secrets/nginx-https-deploy.yml b/kubernetes/templates/cm-and-secrets/nginx-https-deploy.yml deleted file mode 100644 index b58b7bb..0000000 --- a/kubernetes/templates/cm-and-secrets/nginx-https-deploy.yml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx-https -spec: - replicas: 1 - selector: - matchLabels: - app: nginx-https - template: - metadata: - labels: - app: nginx-https - spec: - containers: - - name: nginx-https - image: nginx - ports: - - name: web - containerPort: 80 - - name: secureweb - containerPort: 443 - volumeMounts: - - name: nginx-https-cm - mountPath: /etc/nginx - - name: nginx-https-secret - mountPath: /etc/nginx/ssl - readOnly: true - - name: nginx-https-vol - mountPath: /usr/share/nginx/html - volumes: - - name: nginx-https-cm - configMap: - name: nginx-https-cm - - name: nginx-https-secret - secret: - secretName: nginx-https-secret - - name: nginx-https-vol - hostPath: - path: /var/nginxserver ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-https-cm -data: - nginx.conf: | - user nginx; - worker_processes 1; - events { - worker_connections 10240; - } - http { - server { - listen 80; - listen 443 ssl; - - server_name _; - - ssl_certificate /etc/nginx/ssl/server-cert.pem; - ssl_certificate_key /etc/nginx/ssl/server-key.pem; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - } - } diff --git a/kubernetes/templates/cm-and-secrets/nginx-https-secret-blank.yml b/kubernetes/templates/cm-and-secrets/nginx-https-secret-blank.yml deleted file mode 100644 index 105d83f..0000000 --- a/kubernetes/templates/cm-and-secrets/nginx-https-secret-blank.yml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: nginx-https-secret -type: Opaque -stringData: - server-cert.pem: | - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- - server-key.pem: | - diff --git a/kubernetes/templates/cm-and-secrets/nginx-https-svc.yml b/kubernetes/templates/cm-and-secrets/nginx-https-svc.yml deleted file mode 100644 index 96c7134..0000000 --- a/kubernetes/templates/cm-and-secrets/nginx-https-svc.yml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: nginx-https-svc - labels: - app: nginx-https -spec: - type: LoadBalancer - ports: - - port: 31080 - targetPort: 80 - protocol: TCP - name: http - - port: 31443 - targetPort: 443 - protocol: TCP - name: https - selector: - app: nginx-https diff --git a/kubernetes/templates/deployment.yaml b/kubernetes/templates/deployment.yaml deleted file mode 100644 index fb0f46b..0000000 --- a/kubernetes/templates/deployment.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: appname # Name of the deployment - namespace: namespace # Name of the namespace - labels: - app: appname # Name of your application -spec: - selector: - matchLabels: - app: appname # Name of your application - replicas: 1 # Number of replicas - template: - metadata: - labels: - app: appname # Name of your application - spec: - containers: - # Containers are the individual pieces of your application that you want - # to run. - - name: helloworld # Name of the container - image: helloworld:latest # The image you want to run - # resources: - # limits: - # memory: 512Mi - # cpu: "1" - # requests: - # memory: 256Mi - # cpu: "0.2" - ports: - # Ports are the ports that your application uses. - - containerPort: 8080 # The port that your application uses - volumeMounts: - # VolumeMounts are the volumes that your application uses. - - mountPath: /var/www/html # The path that your application uses - name: vol0 # Name of the volume - volumes: - # Volumes are the persistent storage that your application uses. - - name: vol0 # Name of the volume - persistentVolumeClaim: - claimName: pvc0 # Name of the persistent volume claim diff --git a/kubernetes/templates/ingress.yaml b/kubernetes/templates/ingress.yaml deleted file mode 100644 index 124a71c..0000000 --- a/kubernetes/templates/ingress.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: ingress # Name of the ingress object - namespace: namespace # Name of the namespace -spec: - rules: - - host: "your-hostname.com" # Your hostname - http: - paths: - # Path-based routing settings: - - path: / - pathType: Prefix - backend: - service: - name: your-service-name # The name of the service - port: - number: 80 # Service Portnumber diff --git a/kubernetes/templates/namespace.yml b/kubernetes/templates/namespace.yml deleted file mode 100644 index 3426e03..0000000 --- a/kubernetes/templates/namespace.yml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: your-namespace diff --git a/kubernetes/templates/persistentvolumeclaim.yaml b/kubernetes/templates/persistentvolumeclaim.yaml deleted file mode 100644 index e352106..0000000 --- a/kubernetes/templates/persistentvolumeclaim.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: pvc0 - namespace: namespace - labels: - app: namespace -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - # --- - # Digital Ocean - # storageClassName: do-block-storage - # --- - # AWS - # storageClassName: aws-ebs - # --- - # Azure - # storageClassName: azure-disk - # --- - # GCE PD - # storageClassName: gce-pd - # --- - # CIVO - # storageClassName: civo-volume - # --- diff --git a/kubernetes/templates/pv-and-pvc/civo-pvc.yml b/kubernetes/templates/pv-and-pvc/civo-pvc.yml deleted file mode 100644 index 42f1d44..0000000 --- a/kubernetes/templates/pv-and-pvc/civo-pvc.yml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: civo -spec: - accessModes: - - ReadWriteOnce - storageClassName: civo-volume - resources: - requests: - storage: 1Gi diff --git a/kubernetes/templates/pv-and-pvc/civo-web.yml b/kubernetes/templates/pv-and-pvc/civo-web.yml deleted file mode 100644 index 4245ae1..0000000 --- a/kubernetes/templates/pv-and-pvc/civo-web.yml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: civo-web -spec: - replicas: 1 - selector: - matchLabels: - app: civo-web - template: - metadata: - labels: - app: civo-web - spec: - containers: - - name: civo-web - image: nginx - ports: - - name: web - containerPort: 80 - volumeMounts: - - name: civo - mountPath: /usr/share/nginx/html - volumes: - - name: civo - persistentVolumeClaim: - claimName: civo diff --git a/kubernetes/templates/pv-and-pvc/local-web.yml b/kubernetes/templates/pv-and-pvc/local-web.yml deleted file mode 100644 index a841552..0000000 --- a/kubernetes/templates/pv-and-pvc/local-web.yml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: local-web -spec: - replicas: 1 - selector: - matchLabels: - app: local-web - template: - metadata: - labels: - app: local-web - spec: - containers: - - name: local-web - image: nginx - ports: - - name: web - containerPort: 80 - volumeMounts: - - name: local - mountPath: /usr/share/nginx/html - volumes: - - name: local - hostPath: - path: /var/nginxserver diff --git a/kubernetes/templates/pv-and-pvc/nfs-pv.yml b/kubernetes/templates/pv-and-pvc/nfs-pv.yml deleted file mode 100644 index 3276fa9..0000000 --- a/kubernetes/templates/pv-and-pvc/nfs-pv.yml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: nfs -spec: - capacity: - storage: 500Mi - accessModes: - - ReadWriteMany - storageClassName: nfs - nfs: - server: 192.168.1.7 - path: "/srv/nfs" diff --git a/kubernetes/templates/pv-and-pvc/nfs-pvc.yml b/kubernetes/templates/pv-and-pvc/nfs-pvc.yml deleted file mode 100644 index 9315201..0000000 --- a/kubernetes/templates/pv-and-pvc/nfs-pvc.yml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nfs -spec: - accessModes: - - ReadWriteMany - storageClassName: nfs - resources: - requests: - storage: 100Mi diff --git a/kubernetes/templates/pv-and-pvc/nfs-web.yml b/kubernetes/templates/pv-and-pvc/nfs-web.yml deleted file mode 100644 index c51203e..0000000 --- a/kubernetes/templates/pv-and-pvc/nfs-web.yml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nfs-web -spec: - replicas: 1 - selector: - matchLabels: - app: nfs-web - template: - metadata: - labels: - app: nfs-web - spec: - containers: - - name: nfs-web - image: nginx - ports: - - name: web - containerPort: 80 - volumeMounts: - - name: nfs - mountPath: /usr/share/nginx/html - volumes: - - name: nfs - persistentVolumeClaim: - claimName: nfs diff --git a/kubernetes/templates/service.yaml b/kubernetes/templates/service.yaml deleted file mode 100644 index 72a7245..0000000 --- a/kubernetes/templates/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: servicename - namespace: namespace -spec: - selector: - app: appname - # --- - # type: ClusterIP - # ClusterIP means this service can be accessed by any pod in the cluster - # ports: - # - name: http - # port: 8080 - # targetPort: 80 - # protocol: TCP # optional protocol - # --- - # type: NodePort - # NodePort means this service is only accessible by pods in the same namespace - # ports: - # - name: http - # port: 80 - # nodePort: 30001 - # protocol: TCP # optional protocol - # --- - # type: LoadBalancer - # LoadBalancer means this service is load-balanced across all nodes in the cluster - # ports: - # - name: http - # port: 80 - # targetPort: 30001 - # protocol: TCP # optional protocol diff --git a/kubernetes/traefik/README.md b/kubernetes/traefik/README.md deleted file mode 100644 index de6a9cf..0000000 --- a/kubernetes/traefik/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Kubernetes Traefik Helm Deployment - -This Deployment uses the official Helm Chart from [traefik](https://github.com/traefik/traefik-helm-chart) repository. - -These are templates to modify the deployment. diff --git a/kubernetes/traefik/ingressroute.yaml.example b/kubernetes/traefik/ingressroute.yaml.example new file mode 100644 index 0000000..36f0da4 --- /dev/null +++ b/kubernetes/traefik/ingressroute.yaml.example @@ -0,0 +1,19 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: your-ingressroute # <-- Replace with your IngressRoute name + namespace: your-namespace # <-- Replace with your namespace +spec: + entryPoints: + - web + - websecure + routes: + - match: Host(`your-fqdn`) # <-- Replace with your FQDN + kind: Rule + services: + - name: your-service # <-- Replace with your service name + port: 80 + # --> (Optional) Add certificate secret + # tls: + # secretName: your-certificate-secret + # <-- diff --git a/kubernetes/traefik/ingressroutetcp.yaml.example b/kubernetes/traefik/ingressroutetcp.yaml.example new file mode 100644 index 0000000..55178e4 --- /dev/null +++ b/kubernetes/traefik/ingressroutetcp.yaml.example @@ -0,0 +1,19 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRouteTCP +metadata: + name: your-ingressroutetcp # <-- Replace with your IngressRouteTCP name + namespace: your-namespace # <-- Replace with your namespace +spec: + entryPoints: + - web + - websecure + routes: + - match: HostSNI(`your-sni`) # <-- Replace with your SNI + priority: 10 # <-- (Optional) change rule priority + services: + - name: your-service # <-- Replace with your service name + port: 80 + # --> (Optional) Enable TLS Passthrough + # tls: + # passthrough: true + # <-- diff --git a/kubernetes/traefik/templates/ingress.yml b/kubernetes/traefik/templates/ingress.yml deleted file mode 100644 index 4f4f8d6..0000000 --- a/kubernetes/traefik/templates/ingress.yml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: wp-clcreative - namespace: wp-clcreative - annotations: - # (Optional): Annotations for the Ingress Controller - # -- ingress class is needed when traefik is not the default - # kubernetes.io/ingress.class: traefik - # --- - # -- entrypoint and tls configurations - # traefik.ingress.kubernetes.io/router.entrypoints: web, websecure - # traefik.ingress.kubernetes.io/router.tls: "true" - # --- - # -- optional middlewares - # traefik.ingress.kubernetes.io/router.middlewares:your-middleware@kubernetescrd - # --- -spec: - rules: - - host: "your-hostname" - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: your-service-name - port: - number: 80 - # (Optional) TLS settings - # tls: - # - hosts: - # - your-hostname.com # Your hostname - # secretName: your-secret # Your TLS Secret - # --- diff --git a/kubernetes/traefik/templates/ingressroutetcp.yml b/kubernetes/traefik/templates/ingressroutetcp.yml deleted file mode 100644 index cd9752b..0000000 --- a/kubernetes/traefik/templates/ingressroutetcp.yml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRouteTCP -metadata: - name: ingressroutetcp - # (Optional) Namespace - # namespace: your-namespace - # --- -spec: - entryPoints: - - web - - websecure - routes: - - match: HostSNI(`your-hostname-sni`) - priority: 10 - services: - - name: your-service - port: 80 - # (Optional) TLS Passthrough - # tls: - # passthrough: true - # --- diff --git a/kubernetes/traefik/values.yml b/kubernetes/traefik/values.yml deleted file mode 100644 index a110fea..0000000 --- a/kubernetes/traefik/values.yml +++ /dev/null @@ -1,97 +0,0 @@ -additionalArguments: -# Configure your CertificateResolver here... -# -# HTTP Challenge -# --- -# Generic Example: -# - --certificatesresolvers.generic.acme.email=your-email@example.com -# - --certificatesresolvers.generic.acme.caServer=https://acme-v02.api.letsencrypt.org/directory -# - --certificatesresolvers.generic.acme.httpChallenge.entryPoint=web -# - --certificatesresolvers.generic.acme.storage=/ssl-certs/acme-generic.json -# -# Prod / Staging Example: -# - --certificatesresolvers.staging.acme.email=your-email@example.com -# - --certificatesresolvers.staging.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory -# - --certificatesresolvers.staging.acme.httpChallenge.entryPoint=web -# - --certificatesresolvers.staging.acme.storage=/ssl-certs/acme-staging.json -# - --certificatesresolvers.production.acme.email=your-email@example.com -# - --certificatesresolvers.production.acme.caServer=https://acme-v02.api.letsencrypt.org/directory -# - --certificatesresolvers.production.acme.httpChallenge.entryPoint=web -# - --certificatesresolvers.production.acme.storage=/ssl-certs/acme-production.json -# -# DNS Challenge -# --- -# Cloudflare Example: -# - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare -# - --certificatesresolvers.cloudflare.acme.email=your-email@example.com -# - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1 -# - --certificatesresolvers.cloudflare.acme.storage=/ssl-certs/acme-cloudflare.json -# -# Generic (replace with your DNS provider): -# - --certificatesresolvers.generic.acme.dnschallenge.provider=generic -# - --certificatesresolvers.generic.acme.email=your-email@example.com -# - --certificatesresolvers.generic.acme.storage=/ssl-certs/acme-generic.json - -logs: -# Configure log settings here... - general: - level: ERROR - -ports: -# Configure your entrypoints here... - web: - # (optional) Permanent Redirect to HTTPS - # redirectTo: - # port: websecure - websecure: - tls: - enabled: true - # (optional) Set a Default CertResolver - # certResolver: cloudflare - - -env: -# Set your environment variables here... -# -# DNS Challenge Credentials -# --- -# Cloudflare Example: -# - name: CF_API_EMAIL -# valueFrom: -# secretKeyRef: -# key: email -# name: cloudflare-credentials -# - name: CF_API_KEY -# valueFrom: -# secretKeyRef: -# key: apiKey -# name: cloudflare-credentials - -# Disable Dashboard -ingressRoute: - dashboard: - enabled: false - -# Persistent Storage -persistence: - enabled: true - name: ssl-certs - size: 1Gi - path: /ssl-certs - -deployment: - initContainers: - # The "volume-permissions" init container is required if you run into permission issues. - # Related issue: https://github.com/containous/traefik/issues/6972 - - name: volume-permissions - image: busybox:1.37.0 - command: ["sh", "-c", "chmod -Rv 600 /ssl-certs/*"] - volumeMounts: - - name: ssl-certs - mountPath: /ssl-certs - -# Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes. -ingressClass: - enabled: true - isDefaultClass: true - diff --git a/renovate.json b/renovate.json index cadb229..1b1347e 100644 --- a/renovate.json +++ b/renovate.json @@ -110,6 +110,29 @@ "allowedVersions": "!/^v?2\\.19\\.10$/" } ], + "customManagers": [ + { + "customType": "regex", + "description": "Update Longhorn images in Helm", + "fileMatch": ["(^|/)helm/longhorn/.+\\.yaml$"], + "matchStrings": [ + "engine:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "manager:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "ui:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "instanceManager:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "shareManager:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "backingImageManager:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "supportBundleKit:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "attacher:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "provisioner:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "nodeDriverRegistrar:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "resizer:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "snapshotter:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "livenessProbe:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?" + ], + "datasourceTemplate": "docker" + } + ], "separateMinorPatch": true, "stopUpdatingLabel": "renovate/stop_updating" }