From 8dd15d834c60c4f4c27d7427467adb7e32c22842 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Sat, 12 Oct 2024 18:24:15 +0200 Subject: [PATCH 1/7] updates --- .../example-certificate.yaml} | 0 .../example-clusterissuer.yaml} | 4 ++ .../example-issuer.yaml} | 4 ++ .../templates/clusterissuer-selfsigned.yml | 6 -- .../templates/issuer-selfsigned.yml | 9 --- .../templates/secret-cloudflare.yml | 14 ---- .../{default-values.yml => values.yaml} | 0 kubernetes/examples/example-configmap.yaml | 0 kubernetes/examples/example-deployment.yaml | 0 kubernetes/examples/example-ingress.yaml | 0 kubernetes/examples/example-namespace.yaml | 0 .../examples/example-peristentvolume.yaml | 0 .../example-persistentvolumeclaim.yaml | 0 kubernetes/examples/example-secret.yaml | 0 kubernetes/examples/example-service.yaml | 0 kubernetes/nginx-http/nginx-http-cm.yml | 28 -------- kubernetes/nginx-http/nginx-http-deploy.yml | 32 --------- kubernetes/nginx-http/nginx-http-svc.yml | 15 ---- .../portainer/templates/portainer-ingress.yml | 17 ----- kubernetes/templates/certificate.yaml | 12 ---- .../templates/cm-and-secrets/mysql-deploy.yml | 33 --------- .../templates/cm-and-secrets/mysql-secret.yml | 7 -- .../cm-and-secrets/nginx-http-cm.yml | 28 -------- .../cm-and-secrets/nginx-http-deploy.yml | 32 --------- .../cm-and-secrets/nginx-http-svc.yml | 15 ---- .../cm-and-secrets/nginx-https-cm.yml | 27 -------- .../cm-and-secrets/nginx-https-deploy.yml | 68 ------------------- .../nginx-https-secret-blank.yml | 12 ---- .../cm-and-secrets/nginx-https-svc.yml | 19 ------ kubernetes/templates/deployment.yaml | 41 ----------- kubernetes/templates/ingress.yaml | 18 ----- kubernetes/templates/namespace.yml | 4 -- .../templates/persistentvolumeclaim.yaml | 29 -------- kubernetes/templates/pv-and-pvc/civo-pvc.yml | 11 --- kubernetes/templates/pv-and-pvc/civo-web.yml | 27 -------- kubernetes/templates/pv-and-pvc/local-web.yml | 27 -------- kubernetes/templates/pv-and-pvc/nfs-pv.yml | 13 ---- kubernetes/templates/pv-and-pvc/nfs-pvc.yml | 11 --- kubernetes/templates/pv-and-pvc/nfs-web.yml | 27 -------- kubernetes/templates/service.yaml | 32 --------- .../example-ingressroutetcp.yml} | 0 kubernetes/traefik/templates/ingress.yml | 35 ---------- 42 files changed, 8 insertions(+), 649 deletions(-) rename kubernetes/certmanager/{templates/certificate.yaml => examples/example-certificate.yaml} (100%) rename kubernetes/certmanager/{templates/clusterissuer-acme.yml => examples/example-clusterissuer.yaml} (92%) rename kubernetes/certmanager/{templates/issuer-acme.yml => examples/example-issuer.yaml} (92%) delete mode 100644 kubernetes/certmanager/templates/clusterissuer-selfsigned.yml delete mode 100644 kubernetes/certmanager/templates/issuer-selfsigned.yml delete mode 100644 kubernetes/certmanager/templates/secret-cloudflare.yml rename kubernetes/certmanager/{default-values.yml => values.yaml} (100%) create mode 100644 kubernetes/examples/example-configmap.yaml create mode 100644 kubernetes/examples/example-deployment.yaml create mode 100644 kubernetes/examples/example-ingress.yaml create mode 100644 kubernetes/examples/example-namespace.yaml create mode 100644 kubernetes/examples/example-peristentvolume.yaml create mode 100644 kubernetes/examples/example-persistentvolumeclaim.yaml create mode 100644 kubernetes/examples/example-secret.yaml create mode 100644 kubernetes/examples/example-service.yaml delete mode 100644 kubernetes/nginx-http/nginx-http-cm.yml delete mode 100644 kubernetes/nginx-http/nginx-http-deploy.yml delete mode 100644 kubernetes/nginx-http/nginx-http-svc.yml delete mode 100644 kubernetes/portainer/templates/portainer-ingress.yml delete mode 100644 kubernetes/templates/certificate.yaml delete mode 100644 kubernetes/templates/cm-and-secrets/mysql-deploy.yml delete mode 100644 kubernetes/templates/cm-and-secrets/mysql-secret.yml delete mode 100644 kubernetes/templates/cm-and-secrets/nginx-http-cm.yml delete mode 100644 kubernetes/templates/cm-and-secrets/nginx-http-deploy.yml delete mode 100644 kubernetes/templates/cm-and-secrets/nginx-http-svc.yml delete mode 100644 kubernetes/templates/cm-and-secrets/nginx-https-cm.yml delete mode 100644 kubernetes/templates/cm-and-secrets/nginx-https-deploy.yml delete mode 100644 kubernetes/templates/cm-and-secrets/nginx-https-secret-blank.yml delete mode 100644 kubernetes/templates/cm-and-secrets/nginx-https-svc.yml delete mode 100644 kubernetes/templates/deployment.yaml delete mode 100644 kubernetes/templates/ingress.yaml delete mode 100644 kubernetes/templates/namespace.yml delete mode 100644 kubernetes/templates/persistentvolumeclaim.yaml delete mode 100644 kubernetes/templates/pv-and-pvc/civo-pvc.yml delete mode 100644 kubernetes/templates/pv-and-pvc/civo-web.yml delete mode 100644 kubernetes/templates/pv-and-pvc/local-web.yml delete mode 100644 kubernetes/templates/pv-and-pvc/nfs-pv.yml delete mode 100644 kubernetes/templates/pv-and-pvc/nfs-pvc.yml delete mode 100644 kubernetes/templates/pv-and-pvc/nfs-web.yml delete mode 100644 kubernetes/templates/service.yaml rename kubernetes/traefik/{templates/ingressroutetcp.yml => examples/example-ingressroutetcp.yml} (100%) delete mode 100644 kubernetes/traefik/templates/ingress.yml diff --git a/kubernetes/certmanager/templates/certificate.yaml b/kubernetes/certmanager/examples/example-certificate.yaml similarity index 100% rename from kubernetes/certmanager/templates/certificate.yaml rename to kubernetes/certmanager/examples/example-certificate.yaml diff --git a/kubernetes/certmanager/templates/clusterissuer-acme.yml b/kubernetes/certmanager/examples/example-clusterissuer.yaml similarity index 92% rename from kubernetes/certmanager/templates/clusterissuer-acme.yml rename to kubernetes/certmanager/examples/example-clusterissuer.yaml index da57efb..63db53c 100644 --- a/kubernetes/certmanager/templates/clusterissuer-acme.yml +++ b/kubernetes/certmanager/examples/example-clusterissuer.yaml @@ -3,6 +3,10 @@ kind: ClusterIssuer metadata: name: acme-issuer spec: + # -- (Choice) Self-signed Issuer + # selfSigned: {} + # -- or -- + # -- (Choice) ACME Issuer acme: # Configure your email here... # --- diff --git a/kubernetes/certmanager/templates/issuer-acme.yml b/kubernetes/certmanager/examples/example-issuer.yaml similarity index 92% rename from kubernetes/certmanager/templates/issuer-acme.yml rename to kubernetes/certmanager/examples/example-issuer.yaml index 359b5bb..403d104 100644 --- a/kubernetes/certmanager/templates/issuer-acme.yml +++ b/kubernetes/certmanager/examples/example-issuer.yaml @@ -6,6 +6,10 @@ metadata: # --- # namespace: your-namespace spec: + # -- (Choice) Self-signed Issuer + # selfSigned: {} + # -- or -- + # -- (Choice) ACME Issuer acme: # Configure your email here... # --- diff --git a/kubernetes/certmanager/templates/clusterissuer-selfsigned.yml b/kubernetes/certmanager/templates/clusterissuer-selfsigned.yml deleted file mode 100644 index 56366fa..0000000 --- a/kubernetes/certmanager/templates/clusterissuer-selfsigned.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: selfsigned-issuer -spec: - selfSigned: {} diff --git a/kubernetes/certmanager/templates/issuer-selfsigned.yml b/kubernetes/certmanager/templates/issuer-selfsigned.yml deleted file mode 100644 index ae1264f..0000000 --- a/kubernetes/certmanager/templates/issuer-selfsigned.yml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: selfsigned-issuer - # (Optional) Metadata - # --- - # namespace: your-namespace -spec: - selfSigned: {} diff --git a/kubernetes/certmanager/templates/secret-cloudflare.yml b/kubernetes/certmanager/templates/secret-cloudflare.yml deleted file mode 100644 index 9601e46..0000000 --- a/kubernetes/certmanager/templates/secret-cloudflare.yml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: cloudflare-api-key-secret - namespace: cert-manager -type: Opaque -stringData: - # Configure your API Key or Credentials here... - # --- - # API Key: - # api-key: your-api-key - # - or - - # Token: - # api-token: your-api-token diff --git a/kubernetes/certmanager/default-values.yml b/kubernetes/certmanager/values.yaml similarity index 100% rename from kubernetes/certmanager/default-values.yml rename to kubernetes/certmanager/values.yaml diff --git a/kubernetes/examples/example-configmap.yaml b/kubernetes/examples/example-configmap.yaml new file mode 100644 index 0000000..e69de29 diff --git a/kubernetes/examples/example-deployment.yaml b/kubernetes/examples/example-deployment.yaml new file mode 100644 index 0000000..e69de29 diff --git a/kubernetes/examples/example-ingress.yaml b/kubernetes/examples/example-ingress.yaml new file mode 100644 index 0000000..e69de29 diff --git a/kubernetes/examples/example-namespace.yaml b/kubernetes/examples/example-namespace.yaml new file mode 100644 index 0000000..e69de29 diff --git a/kubernetes/examples/example-peristentvolume.yaml b/kubernetes/examples/example-peristentvolume.yaml new file mode 100644 index 0000000..e69de29 diff --git a/kubernetes/examples/example-persistentvolumeclaim.yaml b/kubernetes/examples/example-persistentvolumeclaim.yaml new file mode 100644 index 0000000..e69de29 diff --git a/kubernetes/examples/example-secret.yaml b/kubernetes/examples/example-secret.yaml new file mode 100644 index 0000000..e69de29 diff --git a/kubernetes/examples/example-service.yaml b/kubernetes/examples/example-service.yaml new file mode 100644 index 0000000..e69de29 diff --git a/kubernetes/nginx-http/nginx-http-cm.yml b/kubernetes/nginx-http/nginx-http-cm.yml deleted file mode 100644 index 2634376..0000000 --- a/kubernetes/nginx-http/nginx-http-cm.yml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-http-cm -data: - # key: value - # file: | - # content - # --- - nginx.conf: | - user nginx; - worker_processes 1; - events { - worker_connections 10240; - } - http { - server { - listen 80; - server_name _; - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - location /test { - return 401; - } - } - } diff --git a/kubernetes/nginx-http/nginx-http-deploy.yml b/kubernetes/nginx-http/nginx-http-deploy.yml deleted file mode 100644 index 7feca54..0000000 --- a/kubernetes/nginx-http/nginx-http-deploy.yml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx-http -spec: - replicas: 1 - selector: - matchLabels: - app: nginx-http - template: - metadata: - labels: - app: nginx-http - spec: - containers: - - name: nginx-http - image: nginx:1.27.2 - ports: - - name: web - containerPort: 80 - volumeMounts: - - name: nginx-http-cm - mountPath: /etc/nginx - - name: nginx-http-vol - mountPath: /usr/share/nginx/html - volumes: - - name: nginx-http-cm - configMap: - name: nginx-http-cm - - name: nginx-http-vol - hostPath: - path: /var/nginxserver diff --git a/kubernetes/nginx-http/nginx-http-svc.yml b/kubernetes/nginx-http/nginx-http-svc.yml deleted file mode 100644 index bb96e60..0000000 --- a/kubernetes/nginx-http/nginx-http-svc.yml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: nginx-http-svc - labels: - app: nginx-http -spec: - type: LoadBalancer - ports: - - port: 30080 - targetPort: 80 - protocol: TCP - name: http - selector: - app: nginx-http diff --git a/kubernetes/portainer/templates/portainer-ingress.yml b/kubernetes/portainer/templates/portainer-ingress.yml deleted file mode 100644 index 1431341..0000000 --- a/kubernetes/portainer/templates/portainer-ingress.yml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: nginx - namespace: wp-clcreative -spec: - rules: - - host: portainer.your-domain.com - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: portainer - port: - number: 9000 diff --git a/kubernetes/templates/certificate.yaml b/kubernetes/templates/certificate.yaml deleted file mode 100644 index f56d7d5..0000000 --- a/kubernetes/templates/certificate.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: your-certificate - namespace: your-namespace -spec: - secretName: your-secret - issuerRef: - name: ssl-issuer - kind: ClusterIssuer - dnsNames: - - your-hostname diff --git a/kubernetes/templates/cm-and-secrets/mysql-deploy.yml b/kubernetes/templates/cm-and-secrets/mysql-deploy.yml deleted file mode 100644 index dc9a1a9..0000000 --- a/kubernetes/templates/cm-and-secrets/mysql-deploy.yml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mysql -spec: - replicas: 1 - selector: - matchLabels: - app: mysql - template: - metadata: - labels: - app: mysql - spec: - containers: - - image: mysql:5.7 - name: mysql - env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: mysql-secret - key: root-pass - ports: - - name: mysql - containerPort: 3306 -# volumeMounts: -# - name: mysql-vol -# mountPath: /var/lib/mysql -# volumes: -# - name: mysql-vol -# hostPath: -# path: /var/mysql-data diff --git a/kubernetes/templates/cm-and-secrets/mysql-secret.yml b/kubernetes/templates/cm-and-secrets/mysql-secret.yml deleted file mode 100644 index 9c5f7c2..0000000 --- a/kubernetes/templates/cm-and-secrets/mysql-secret.yml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: mysql-secret -type: Opaque -stringData: - root-pass: test123 diff --git a/kubernetes/templates/cm-and-secrets/nginx-http-cm.yml b/kubernetes/templates/cm-and-secrets/nginx-http-cm.yml deleted file mode 100644 index 2634376..0000000 --- a/kubernetes/templates/cm-and-secrets/nginx-http-cm.yml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-http-cm -data: - # key: value - # file: | - # content - # --- - nginx.conf: | - user nginx; - worker_processes 1; - events { - worker_connections 10240; - } - http { - server { - listen 80; - server_name _; - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - location /test { - return 401; - } - } - } diff --git a/kubernetes/templates/cm-and-secrets/nginx-http-deploy.yml b/kubernetes/templates/cm-and-secrets/nginx-http-deploy.yml deleted file mode 100644 index c691685..0000000 --- a/kubernetes/templates/cm-and-secrets/nginx-http-deploy.yml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx-http -spec: - replicas: 1 - selector: - matchLabels: - app: nginx-http - template: - metadata: - labels: - app: nginx-http - spec: - containers: - - name: nginx-http - image: nginx - ports: - - name: web - containerPort: 80 - volumeMounts: - - name: nginx-http-cm - mountPath: /etc/nginx - - name: nginx-http-vol - mountPath: /usr/share/nginx/html - volumes: - - name: nginx-http-cm - configMap: - name: nginx-http-cm - - name: nginx-http-vol - hostPath: - path: /var/nginxserver diff --git a/kubernetes/templates/cm-and-secrets/nginx-http-svc.yml b/kubernetes/templates/cm-and-secrets/nginx-http-svc.yml deleted file mode 100644 index bb96e60..0000000 --- a/kubernetes/templates/cm-and-secrets/nginx-http-svc.yml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: nginx-http-svc - labels: - app: nginx-http -spec: - type: LoadBalancer - ports: - - port: 30080 - targetPort: 80 - protocol: TCP - name: http - selector: - app: nginx-http diff --git a/kubernetes/templates/cm-and-secrets/nginx-https-cm.yml b/kubernetes/templates/cm-and-secrets/nginx-https-cm.yml deleted file mode 100644 index 5f95e5f..0000000 --- a/kubernetes/templates/cm-and-secrets/nginx-https-cm.yml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-https-cm -data: - nginx.conf: | - user nginx; - worker_processes 1; - events { - worker_connections 10240; - } - http { - server { - listen 80; - listen 443 ssl; - - server_name _; - - ssl_certificate /etc/nginx/ssl/server-cert.pem; - ssl_certificate_key /etc/nginx/ssl/server-key.pem; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - } - } diff --git a/kubernetes/templates/cm-and-secrets/nginx-https-deploy.yml b/kubernetes/templates/cm-and-secrets/nginx-https-deploy.yml deleted file mode 100644 index b58b7bb..0000000 --- a/kubernetes/templates/cm-and-secrets/nginx-https-deploy.yml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx-https -spec: - replicas: 1 - selector: - matchLabels: - app: nginx-https - template: - metadata: - labels: - app: nginx-https - spec: - containers: - - name: nginx-https - image: nginx - ports: - - name: web - containerPort: 80 - - name: secureweb - containerPort: 443 - volumeMounts: - - name: nginx-https-cm - mountPath: /etc/nginx - - name: nginx-https-secret - mountPath: /etc/nginx/ssl - readOnly: true - - name: nginx-https-vol - mountPath: /usr/share/nginx/html - volumes: - - name: nginx-https-cm - configMap: - name: nginx-https-cm - - name: nginx-https-secret - secret: - secretName: nginx-https-secret - - name: nginx-https-vol - hostPath: - path: /var/nginxserver ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-https-cm -data: - nginx.conf: | - user nginx; - worker_processes 1; - events { - worker_connections 10240; - } - http { - server { - listen 80; - listen 443 ssl; - - server_name _; - - ssl_certificate /etc/nginx/ssl/server-cert.pem; - ssl_certificate_key /etc/nginx/ssl/server-key.pem; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - } - } diff --git a/kubernetes/templates/cm-and-secrets/nginx-https-secret-blank.yml b/kubernetes/templates/cm-and-secrets/nginx-https-secret-blank.yml deleted file mode 100644 index 105d83f..0000000 --- a/kubernetes/templates/cm-and-secrets/nginx-https-secret-blank.yml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: nginx-https-secret -type: Opaque -stringData: - server-cert.pem: | - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- - server-key.pem: | - diff --git a/kubernetes/templates/cm-and-secrets/nginx-https-svc.yml b/kubernetes/templates/cm-and-secrets/nginx-https-svc.yml deleted file mode 100644 index 96c7134..0000000 --- a/kubernetes/templates/cm-and-secrets/nginx-https-svc.yml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: nginx-https-svc - labels: - app: nginx-https -spec: - type: LoadBalancer - ports: - - port: 31080 - targetPort: 80 - protocol: TCP - name: http - - port: 31443 - targetPort: 443 - protocol: TCP - name: https - selector: - app: nginx-https diff --git a/kubernetes/templates/deployment.yaml b/kubernetes/templates/deployment.yaml deleted file mode 100644 index fb0f46b..0000000 --- a/kubernetes/templates/deployment.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: appname # Name of the deployment - namespace: namespace # Name of the namespace - labels: - app: appname # Name of your application -spec: - selector: - matchLabels: - app: appname # Name of your application - replicas: 1 # Number of replicas - template: - metadata: - labels: - app: appname # Name of your application - spec: - containers: - # Containers are the individual pieces of your application that you want - # to run. - - name: helloworld # Name of the container - image: helloworld:latest # The image you want to run - # resources: - # limits: - # memory: 512Mi - # cpu: "1" - # requests: - # memory: 256Mi - # cpu: "0.2" - ports: - # Ports are the ports that your application uses. - - containerPort: 8080 # The port that your application uses - volumeMounts: - # VolumeMounts are the volumes that your application uses. - - mountPath: /var/www/html # The path that your application uses - name: vol0 # Name of the volume - volumes: - # Volumes are the persistent storage that your application uses. - - name: vol0 # Name of the volume - persistentVolumeClaim: - claimName: pvc0 # Name of the persistent volume claim diff --git a/kubernetes/templates/ingress.yaml b/kubernetes/templates/ingress.yaml deleted file mode 100644 index 124a71c..0000000 --- a/kubernetes/templates/ingress.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: ingress # Name of the ingress object - namespace: namespace # Name of the namespace -spec: - rules: - - host: "your-hostname.com" # Your hostname - http: - paths: - # Path-based routing settings: - - path: / - pathType: Prefix - backend: - service: - name: your-service-name # The name of the service - port: - number: 80 # Service Portnumber diff --git a/kubernetes/templates/namespace.yml b/kubernetes/templates/namespace.yml deleted file mode 100644 index 3426e03..0000000 --- a/kubernetes/templates/namespace.yml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: your-namespace diff --git a/kubernetes/templates/persistentvolumeclaim.yaml b/kubernetes/templates/persistentvolumeclaim.yaml deleted file mode 100644 index e352106..0000000 --- a/kubernetes/templates/persistentvolumeclaim.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: pvc0 - namespace: namespace - labels: - app: namespace -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi - # --- - # Digital Ocean - # storageClassName: do-block-storage - # --- - # AWS - # storageClassName: aws-ebs - # --- - # Azure - # storageClassName: azure-disk - # --- - # GCE PD - # storageClassName: gce-pd - # --- - # CIVO - # storageClassName: civo-volume - # --- diff --git a/kubernetes/templates/pv-and-pvc/civo-pvc.yml b/kubernetes/templates/pv-and-pvc/civo-pvc.yml deleted file mode 100644 index 42f1d44..0000000 --- a/kubernetes/templates/pv-and-pvc/civo-pvc.yml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: civo -spec: - accessModes: - - ReadWriteOnce - storageClassName: civo-volume - resources: - requests: - storage: 1Gi diff --git a/kubernetes/templates/pv-and-pvc/civo-web.yml b/kubernetes/templates/pv-and-pvc/civo-web.yml deleted file mode 100644 index 4245ae1..0000000 --- a/kubernetes/templates/pv-and-pvc/civo-web.yml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: civo-web -spec: - replicas: 1 - selector: - matchLabels: - app: civo-web - template: - metadata: - labels: - app: civo-web - spec: - containers: - - name: civo-web - image: nginx - ports: - - name: web - containerPort: 80 - volumeMounts: - - name: civo - mountPath: /usr/share/nginx/html - volumes: - - name: civo - persistentVolumeClaim: - claimName: civo diff --git a/kubernetes/templates/pv-and-pvc/local-web.yml b/kubernetes/templates/pv-and-pvc/local-web.yml deleted file mode 100644 index a841552..0000000 --- a/kubernetes/templates/pv-and-pvc/local-web.yml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: local-web -spec: - replicas: 1 - selector: - matchLabels: - app: local-web - template: - metadata: - labels: - app: local-web - spec: - containers: - - name: local-web - image: nginx - ports: - - name: web - containerPort: 80 - volumeMounts: - - name: local - mountPath: /usr/share/nginx/html - volumes: - - name: local - hostPath: - path: /var/nginxserver diff --git a/kubernetes/templates/pv-and-pvc/nfs-pv.yml b/kubernetes/templates/pv-and-pvc/nfs-pv.yml deleted file mode 100644 index 3276fa9..0000000 --- a/kubernetes/templates/pv-and-pvc/nfs-pv.yml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: nfs -spec: - capacity: - storage: 500Mi - accessModes: - - ReadWriteMany - storageClassName: nfs - nfs: - server: 192.168.1.7 - path: "/srv/nfs" diff --git a/kubernetes/templates/pv-and-pvc/nfs-pvc.yml b/kubernetes/templates/pv-and-pvc/nfs-pvc.yml deleted file mode 100644 index 9315201..0000000 --- a/kubernetes/templates/pv-and-pvc/nfs-pvc.yml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nfs -spec: - accessModes: - - ReadWriteMany - storageClassName: nfs - resources: - requests: - storage: 100Mi diff --git a/kubernetes/templates/pv-and-pvc/nfs-web.yml b/kubernetes/templates/pv-and-pvc/nfs-web.yml deleted file mode 100644 index c51203e..0000000 --- a/kubernetes/templates/pv-and-pvc/nfs-web.yml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nfs-web -spec: - replicas: 1 - selector: - matchLabels: - app: nfs-web - template: - metadata: - labels: - app: nfs-web - spec: - containers: - - name: nfs-web - image: nginx - ports: - - name: web - containerPort: 80 - volumeMounts: - - name: nfs - mountPath: /usr/share/nginx/html - volumes: - - name: nfs - persistentVolumeClaim: - claimName: nfs diff --git a/kubernetes/templates/service.yaml b/kubernetes/templates/service.yaml deleted file mode 100644 index 72a7245..0000000 --- a/kubernetes/templates/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: servicename - namespace: namespace -spec: - selector: - app: appname - # --- - # type: ClusterIP - # ClusterIP means this service can be accessed by any pod in the cluster - # ports: - # - name: http - # port: 8080 - # targetPort: 80 - # protocol: TCP # optional protocol - # --- - # type: NodePort - # NodePort means this service is only accessible by pods in the same namespace - # ports: - # - name: http - # port: 80 - # nodePort: 30001 - # protocol: TCP # optional protocol - # --- - # type: LoadBalancer - # LoadBalancer means this service is load-balanced across all nodes in the cluster - # ports: - # - name: http - # port: 80 - # targetPort: 30001 - # protocol: TCP # optional protocol diff --git a/kubernetes/traefik/templates/ingressroutetcp.yml b/kubernetes/traefik/examples/example-ingressroutetcp.yml similarity index 100% rename from kubernetes/traefik/templates/ingressroutetcp.yml rename to kubernetes/traefik/examples/example-ingressroutetcp.yml diff --git a/kubernetes/traefik/templates/ingress.yml b/kubernetes/traefik/templates/ingress.yml deleted file mode 100644 index 4f4f8d6..0000000 --- a/kubernetes/traefik/templates/ingress.yml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: wp-clcreative - namespace: wp-clcreative - annotations: - # (Optional): Annotations for the Ingress Controller - # -- ingress class is needed when traefik is not the default - # kubernetes.io/ingress.class: traefik - # --- - # -- entrypoint and tls configurations - # traefik.ingress.kubernetes.io/router.entrypoints: web, websecure - # traefik.ingress.kubernetes.io/router.tls: "true" - # --- - # -- optional middlewares - # traefik.ingress.kubernetes.io/router.middlewares:your-middleware@kubernetescrd - # --- -spec: - rules: - - host: "your-hostname" - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: your-service-name - port: - number: 80 - # (Optional) TLS settings - # tls: - # - hosts: - # - your-hostname.com # Your hostname - # secretName: your-secret # Your TLS Secret - # --- From efc2d235a3e7d620862db67047cc67dff0c0ac11 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Mon, 14 Oct 2024 10:58:32 +0200 Subject: [PATCH 2/7] update portainer helm values --- kubernetes/certmanager/README.md | 32 -------------------------------- kubernetes/portainer/README.md | 3 --- kubernetes/portainer/values.yml | 28 ++++++++++++++++++++++++++++ kubernetes/traefik/README.md | 5 ----- 4 files changed, 28 insertions(+), 40 deletions(-) delete mode 100644 kubernetes/certmanager/README.md delete mode 100644 kubernetes/portainer/README.md delete mode 100644 kubernetes/traefik/README.md diff --git a/kubernetes/certmanager/README.md b/kubernetes/certmanager/README.md deleted file mode 100644 index 28e8b11..0000000 --- a/kubernetes/certmanager/README.md +++ /dev/null @@ -1,32 +0,0 @@ -# Kubernetes Cert-Manager Installation Guide - -Here is the installation guide for Cert-Manager and the complete configuration. - -## Deployment - -### 1. Add the Helm Repository & Update - -```bash -helm repo add jetstack https://charts.jetstack.io -helm repo update -``` - -### 2. Install Cert-Manager with Helm & CRDs - -```bash -helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true -``` - -## Configuration - -Add your Issuer or ClusterIssuer Objects, Credentails and Certificates. - -_For more info visit:_ [Official Cert-Manager Documentation](https://cert-manager.io/docs/) - -## Best-Practices & Post-Installation - -## Troubleshooting - -You can troubleshoot issues and inspect log entries for the Certificate Objects with the `kubectl describe` command. - -_For more info visit:_ [Official Cert-Manager Troubleshooting Guide](https://cert-manager.io/docs/faq/troubleshooting/) diff --git a/kubernetes/portainer/README.md b/kubernetes/portainer/README.md deleted file mode 100644 index 3aa8104..0000000 --- a/kubernetes/portainer/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Kubernetes Portainer - -You can add an additional description here. diff --git a/kubernetes/portainer/values.yml b/kubernetes/portainer/values.yml index 8b13789..8f0d09d 100644 --- a/kubernetes/portainer/values.yml +++ b/kubernetes/portainer/values.yml @@ -1 +1,29 @@ +# Portainer Helm Chart Template +# --- +replicas: 1 # Number of replicas +image: + repository: portainer/portainer-ce + tag: 2.22.0 + pullPolicy: IfNotPresent + +# (Choice) LoadBalancer or ClusterIP with optional Ingress +service: + type: LoadBalancer + # -- or -- + # type: ClusterIP + +# (Optional) Add Ingress, when using ClusterIP +# ingress: +# enabled: true +# hosts: +# - host: "portainer-test-1.kube-prod-2.home.clcreative.de" +# paths: +# - path: "/" +# port: "9000" +# -- end + +persistence: + enabled: true + # (Optional) Use an existing PVC + # existingClaim: portainer diff --git a/kubernetes/traefik/README.md b/kubernetes/traefik/README.md deleted file mode 100644 index de6a9cf..0000000 --- a/kubernetes/traefik/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Kubernetes Traefik Helm Deployment - -This Deployment uses the official Helm Chart from [traefik](https://github.com/traefik/traefik-helm-chart) repository. - -These are templates to modify the deployment. From 3456dd6c3a13da4bfd2a94e677d54ed1a50e7fd1 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Mon, 14 Oct 2024 11:12:17 +0200 Subject: [PATCH 3/7] update traefik values --- kubernetes/portainer/values.yml | 6 +- kubernetes/traefik/values.yml | 125 +++++++++++--------------------- 2 files changed, 44 insertions(+), 87 deletions(-) diff --git a/kubernetes/portainer/values.yml b/kubernetes/portainer/values.yml index 8f0d09d..96208b0 100644 --- a/kubernetes/portainer/values.yml +++ b/kubernetes/portainer/values.yml @@ -1,12 +1,12 @@ -# Portainer Helm Chart Template +# Portainer Helm Chart Values Template # --- -replicas: 1 # Number of replicas - image: repository: portainer/portainer-ce tag: 2.22.0 pullPolicy: IfNotPresent +replicas: 1 # Number of replicas + # (Choice) LoadBalancer or ClusterIP with optional Ingress service: type: LoadBalancer diff --git a/kubernetes/traefik/values.yml b/kubernetes/traefik/values.yml index a110fea..24aebd1 100644 --- a/kubernetes/traefik/values.yml +++ b/kubernetes/traefik/values.yml @@ -1,97 +1,54 @@ -additionalArguments: -# Configure your CertificateResolver here... -# -# HTTP Challenge +# Traefik Helm Chart Values Template # --- -# Generic Example: -# - --certificatesresolvers.generic.acme.email=your-email@example.com -# - --certificatesresolvers.generic.acme.caServer=https://acme-v02.api.letsencrypt.org/directory -# - --certificatesresolvers.generic.acme.httpChallenge.entryPoint=web -# - --certificatesresolvers.generic.acme.storage=/ssl-certs/acme-generic.json -# -# Prod / Staging Example: -# - --certificatesresolvers.staging.acme.email=your-email@example.com -# - --certificatesresolvers.staging.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory -# - --certificatesresolvers.staging.acme.httpChallenge.entryPoint=web -# - --certificatesresolvers.staging.acme.storage=/ssl-certs/acme-staging.json -# - --certificatesresolvers.production.acme.email=your-email@example.com -# - --certificatesresolvers.production.acme.caServer=https://acme-v02.api.letsencrypt.org/directory -# - --certificatesresolvers.production.acme.httpChallenge.entryPoint=web -# - --certificatesresolvers.production.acme.storage=/ssl-certs/acme-production.json -# -# DNS Challenge -# --- -# Cloudflare Example: -# - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare -# - --certificatesresolvers.cloudflare.acme.email=your-email@example.com -# - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1 -# - --certificatesresolvers.cloudflare.acme.storage=/ssl-certs/acme-cloudflare.json -# -# Generic (replace with your DNS provider): -# - --certificatesresolvers.generic.acme.dnschallenge.provider=generic -# - --certificatesresolvers.generic.acme.email=your-email@example.com -# - --certificatesresolvers.generic.acme.storage=/ssl-certs/acme-generic.json +image: + repository: traefik + version: v3.1.4 + pullPolicy: IfNotPresent -logs: -# Configure log settings here... - general: - level: ERROR +# (Optional) Log settings +# logs: +# general: +# level: ERROR +# access: +# enabled: false +# (Optional) Change number of replicas +# deployment: +# replicas: 1 + +# (Optional) Enable Prometheus Metrics, requires metrics port to be exposed! +# metrics: +# prometheus: +# entryPoint: metrics + +# Configure EntryPoints ports: -# Configure your entrypoints here... web: - # (optional) Permanent Redirect to HTTPS - # redirectTo: + # StandardHTTP + port: 8000 + exposed: true + exposedPort: 80 + # (Optional) Redirect HTTP to HTTPs by default + # redirectTo: # port: websecure websecure: + # Standard HTTPS + port: 8443 + exposed: true + exposedPort: 443 tls: enabled: true - # (optional) Set a Default CertResolver - # certResolver: cloudflare - + # (Optional) Enable HTTP3 + # http3: + # enabled: false + # (Optional) When enabled Prometheus Metrics will be exposed on this port + # metrics: + # Prometheus Metrics + # port: 9100 + # exposed: false + # exposedPort: 9100 -env: -# Set your environment variables here... -# -# DNS Challenge Credentials -# --- -# Cloudflare Example: -# - name: CF_API_EMAIL -# valueFrom: -# secretKeyRef: -# key: email -# name: cloudflare-credentials -# - name: CF_API_KEY -# valueFrom: -# secretKeyRef: -# key: apiKey -# name: cloudflare-credentials - -# Disable Dashboard -ingressRoute: - dashboard: - enabled: false - -# Persistent Storage -persistence: - enabled: true - name: ssl-certs - size: 1Gi - path: /ssl-certs - -deployment: - initContainers: - # The "volume-permissions" init container is required if you run into permission issues. - # Related issue: https://github.com/containous/traefik/issues/6972 - - name: volume-permissions - image: busybox:1.37.0 - command: ["sh", "-c", "chmod -Rv 600 /ssl-certs/*"] - volumeMounts: - - name: ssl-certs - mountPath: /ssl-certs - -# Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes. +# Create a default IngressClass ingressClass: enabled: true isDefaultClass: true - From 30db37aec2d8c79f4008f36c886d9fa6cdff180d Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Mon, 14 Oct 2024 11:13:51 +0200 Subject: [PATCH 4/7] certmanager helm values --- kubernetes/certmanager/values.yaml | 516 +---------------------------- 1 file changed, 11 insertions(+), 505 deletions(-) diff --git a/kubernetes/certmanager/values.yaml b/kubernetes/certmanager/values.yaml index 2603de0..991c9b9 100644 --- a/kubernetes/certmanager/values.yaml +++ b/kubernetes/certmanager/values.yaml @@ -1,516 +1,22 @@ -# Default values for cert-manager. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -global: - ## Reference to one or more secrets to be used when pulling images - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - imagePullSecrets: [] - # - name: "image-pull-secret" - - # Optional priority class to be used for the cert-manager pods - priorityClassName: "" - rbac: - create: true - - podSecurityPolicy: - enabled: false - useAppArmor: true - - # Set the verbosity of cert-manager. Range of 0 - 6 with 6 being the most verbose. - logLevel: 2 - - leaderElection: - # Override the namespace used to store the ConfigMap for leader election - namespace: "kube-system" - - # The duration that non-leader candidates will wait after observing a - # leadership renewal until attempting to acquire leadership of a led but - # unrenewed leader slot. This is effectively the maximum duration that a - # leader can be stopped before it is replaced by another candidate. - # leaseDuration: 60s - - # The interval between attempts by the acting master to renew a leadership - # slot before it stops leading. This must be less than or equal to the - # lease duration. - # renewDeadline: 40s - - # The duration the clients should wait between attempting acquisition and - # renewal of a leadership. - # retryPeriod: 15s - -installCRDs: false - -replicaCount: 1 - -strategy: {} - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 0 - # maxUnavailable: 1 - -# Comma separated list of feature gates that should be enabled on the -# controller pod. -featureGates: "" - +# Cert-Manager Helm Chart Values Template +# --- image: repository: quay.io/jetstack/cert-manager-controller - # You can manage a registry with - # registry: quay.io - # repository: jetstack/cert-manager-controller - - # Override the image tag to deploy by setting this variable. - # If no value is set, the chart's appVersion will be used. - # tag: canary - - # Setting a digest will override any tag - # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 - pullPolicy: IfNotPresent - -# Override the namespace used to store DNS provider credentials etc. for ClusterIssuer -# resources. By default, the same namespace as cert-manager is deployed within is -# used. This namespace will not be automatically created by the Helm chart. -clusterResourceNamespace: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - # name: "" - # Optional additional annotations to add to the controller's ServiceAccount - # annotations: {} - # Automount API credentials for a Service Account. - automountServiceAccountToken: true - -# Additional command line flags to pass to cert-manager controller binary. -# To see all available flags run docker run quay.io/jetstack/cert-manager-controller: --help -extraArgs: [] - # When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted - # - --enable-certificate-owner-ref=true - # Use this flag to enabled or disable arbitrary controllers, for example, disable the CertificiateRequests approver - # - --controllers=*,-certificaterequests-approver - -extraEnv: [] -# - name: SOME_VAR -# value: 'some value' - -resources: {} - # requests: - # cpu: 10m - # memory: 32Mi - -# Pod Security Context -# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -securityContext: - runAsNonRoot: true -# legacy securityContext parameter format: if enabled is set to true, only fsGroup and runAsUser are supported -# securityContext: -# enabled: false -# fsGroup: 1001 -# runAsUser: 1001 -# to support additional securityContext parameters, omit the `enabled` parameter and simply specify the parameters -# you want to set, e.g. -# securityContext: -# fsGroup: 1000 -# runAsUser: 1000 -# runAsNonRoot: true - -# Container Security Context to be set on the controller component container -# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -containerSecurityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - - -volumes: [] - -volumeMounts: [] - -# Optional additional annotations to add to the controller Deployment -# deploymentAnnotations: {} - -# Optional additional annotations to add to the controller Pods -# podAnnotations: {} - -podLabels: {} - -# Optional annotations to add to the controller Service -# serviceAnnotations: {} - -# Optional additional labels to add to the controller Service -# serviceLabels: {} - -# Optional DNS settings, useful if you have a public and private DNS zone for -# the same domain on Route 53. What follows is an example of ensuring -# cert-manager can access an ingress or DNS TXT records at all times. -# NOTE: This requires Kubernetes 1.10 or `CustomPodDNS` feature gate enabled for -# the cluster to work. -# podDnsPolicy: "None" -# podDnsConfig: -# nameservers: -# - "1.1.1.1" -# - "8.8.8.8" - -nodeSelector: {} - -ingressShim: {} - # defaultIssuerName: "" - # defaultIssuerKind: "" - # defaultIssuerGroup: "" - -prometheus: - enabled: true - servicemonitor: - enabled: false - prometheusInstance: default - targetPort: 9402 - path: /metrics - interval: 60s - scrapeTimeout: 30s - labels: {} - honorLabels: false - -# Use these variables to configure the HTTP_PROXY environment variables -# http_proxy: "http://proxy:8080" -# https_proxy: "https://proxy:8080" -# no_proxy: 127.0.0.1,localhost - -# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core -# for example: -# affinity: -# nodeAffinity: -# requiredDuringSchedulingIgnoredDuringExecution: -# nodeSelectorTerms: -# - matchExpressions: -# - key: foo.bar.com/role -# operator: In -# values: -# - master -affinity: {} - -# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core -# for example: -# tolerations: -# - key: foo.bar.com/role -# operator: Equal -# value: master -# effect: NoSchedule -tolerations: [] - + tag: v1.16.0 webhook: - replicaCount: 1 - timeoutSeconds: 10 - - # Used to configure options for the webhook pod. - # This allows setting options that'd usually be provided via flags. - # An APIVersion and Kind must be specified in your values.yaml file. - # Flags will override options that are set here. - config: - # apiVersion: webhook.config.cert-manager.io/v1alpha1 - # kind: WebhookConfiguration - - # The port that the webhook should listen on for requests. - # In GKE private clusters, by default kubernetes apiservers are allowed to - # talk to the cluster nodes only on 443 and 10250. so configuring - # securePort: 10250, will work out of the box without needing to add firewall - # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000. - # This should be uncommented and set as a default by the chart once we graduate - # the apiVersion of WebhookConfiguration past v1alpha1. - # securePort: 10250 - - strategy: {} - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 0 - # maxUnavailable: 1 - - # Pod Security Context to be set on the webhook component Pod - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - securityContext: - runAsNonRoot: true - - # Container Security Context to be set on the webhook component container - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - containerSecurityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - - # Optional additional annotations to add to the webhook Deployment - # deploymentAnnotations: {} - - # Optional additional annotations to add to the webhook Pods - # podAnnotations: {} - - # Optional additional annotations to add to the webhook Service - # serviceAnnotations: {} - - # Optional additional annotations to add to the webhook MutatingWebhookConfiguration - # mutatingWebhookConfigurationAnnotations: {} - - # Optional additional annotations to add to the webhook ValidatingWebhookConfiguration - # validatingWebhookConfigurationAnnotations: {} - - # Additional command line flags to pass to cert-manager webhook binary. - # To see all available flags run docker run quay.io/jetstack/cert-manager-webhook: --help - extraArgs: [] - # Path to a file containing a WebhookConfiguration object used to configure the webhook - # - --config= - - resources: {} - # requests: - # cpu: 10m - # memory: 32Mi - - ## Liveness and readiness probe values - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - - nodeSelector: {} - - affinity: {} - - tolerations: [] - - # Optional additional labels to add to the Webhook Pods - podLabels: {} - - # Optional additional labels to add to the Webhook Service - serviceLabels: {} - image: repository: quay.io/jetstack/cert-manager-webhook - # You can manage a registry with - # registry: quay.io - # repository: jetstack/cert-manager-webhook - - # Override the image tag to deploy by setting this variable. - # If no value is set, the chart's appVersion will be used. - # tag: canary - - # Setting a digest will override any tag - # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 - - pullPolicy: IfNotPresent - - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - # name: "" - # Optional additional annotations to add to the controller's ServiceAccount - # annotations: {} - # Automount API credentials for a Service Account. - automountServiceAccountToken: true - - # The port that the webhook should listen on for requests. - # In GKE private clusters, by default kubernetes apiservers are allowed to - # talk to the cluster nodes only on 443 and 10250. so configuring - # securePort: 10250, will work out of the box without needing to add firewall - # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000 - securePort: 10250 - - # Specifies if the webhook should be started in hostNetwork mode. - # - # Required for use in some managed kubernetes clusters (such as AWS EKS) with custom - # CNI (such as calico), because control-plane managed by AWS cannot communicate - # with pods' IP CIDR and admission webhooks are not working - # - # Since the default port for the webhook conflicts with kubelet on the host - # network, `webhook.securePort` should be changed to an available port if - # running in hostNetwork mode. - hostNetwork: false - - # Specifies how the service should be handled. Useful if you want to expose the - # webhook to outside of the cluster. In some cases, the control plane cannot - # reach internal services. - serviceType: ClusterIP - # loadBalancerIP: - - # Overrides the mutating webhook and validating webhook so they reach the webhook - # service using the `url` field instead of a service. - url: {} - # host: - + tag: v1.16.0 cainjector: - enabled: true - replicaCount: 1 - - strategy: {} - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 0 - # maxUnavailable: 1 - - # Pod Security Context to be set on the cainjector component Pod - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - securityContext: - runAsNonRoot: true - - # Container Security Context to be set on the cainjector component container - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - containerSecurityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - - - # Optional additional annotations to add to the cainjector Deployment - # deploymentAnnotations: {} - - # Optional additional annotations to add to the cainjector Pods - # podAnnotations: {} - - # Additional command line flags to pass to cert-manager cainjector binary. - # To see all available flags run docker run quay.io/jetstack/cert-manager-cainjector: --help - extraArgs: [] - # Enable profiling for cainjector - # - --enable-profiling=true - - resources: {} - # requests: - # cpu: 10m - # memory: 32Mi - - nodeSelector: {} - - affinity: {} - - tolerations: [] - - # Optional additional labels to add to the CA Injector Pods - podLabels: {} - image: repository: quay.io/jetstack/cert-manager-cainjector - # You can manage a registry with - # registry: quay.io - # repository: jetstack/cert-manager-cainjector + tag: v1.16.0 - # Override the image tag to deploy by setting this variable. - # If no value is set, the chart's appVersion will be used. - # tag: canary - - # Setting a digest will override any tag - # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 - - pullPolicy: IfNotPresent - - serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - # name: "" - # Optional additional annotations to add to the controller's ServiceAccount - # annotations: {} - # Automount API credentials for a Service Account. - automountServiceAccountToken: true - -# This startupapicheck is a Helm post-install hook that waits for the webhook -# endpoints to become available. -# The check is implemented using a Kubernetes Job- if you are injecting mesh -# sidecar proxies into cert-manager pods, you probably want to ensure that they -# are not injected into this Job's pod. Otherwise the installation may time out -# due to the Job never being completed because the sidecar proxy does not exit. -# See https://github.com/jetstack/cert-manager/pull/4414 for context. -startupapicheck: +# Enable the CRD install job +crds: enabled: true - # Pod Security Context to be set on the startupapicheck component Pod - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - securityContext: - runAsNonRoot: true - - # Timeout for 'kubectl check api' command - timeout: 1m - - # Job backoffLimit - backoffLimit: 4 - - # Optional additional annotations to add to the startupapicheck Job - jobAnnotations: - helm.sh/hook: post-install - helm.sh/hook-weight: "1" - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - - # Optional additional annotations to add to the startupapicheck Pods - # podAnnotations: {} - - # Additional command line flags to pass to startupapicheck binary. - # To see all available flags run docker run quay.io/jetstack/cert-manager-ctl: --help - extraArgs: [] - - resources: {} - # requests: - # cpu: 10m - # memory: 32Mi - - nodeSelector: {} - - affinity: {} - - tolerations: [] - - # Optional additional labels to add to the startupapicheck Pods - podLabels: {} - - image: - repository: quay.io/jetstack/cert-manager-ctl - # You can manage a registry with - # registry: quay.io - # repository: jetstack/cert-manager-ctl - - # Override the image tag to deploy by setting this variable. - # If no value is set, the chart's appVersion will be used. - # tag: canary - - # Setting a digest will override any tag - # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 - - pullPolicy: IfNotPresent - - rbac: - # annotations for the startup API Check job RBAC and PSP resources - annotations: - helm.sh/hook: post-install - helm.sh/hook-weight: "-5" - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - - serviceAccount: - # Specifies whether a service account should be created - create: true - - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - # name: "" - - # Optional additional annotations to add to the Job's ServiceAccount - annotations: - helm.sh/hook: post-install - helm.sh/hook-weight: "-5" - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - - # Automount API credentials for a Service Account. - automountServiceAccountToken: true +# Add DNS01 recursive nameserver configuration +extraArgs: + - --dns01-recursive-nameservers-only + - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53 From 6288d0faa2c7e532846a85fcc941b6f020744b6f Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Fri, 8 Nov 2024 10:29:27 +0100 Subject: [PATCH 5/7] update traefik kubernetes templates --- kubernetes/examples/example-deployment.yaml | 22 +++++++++++++++++++ kubernetes/examples/example-service.yaml | 12 ++++++++++ kubernetes/portainer/values.yml | 14 ++++++------ .../examples/example-ingressroute.yaml | 20 +++++++++++++++++ .../examples/example-ingressroutetcp.yml | 2 +- 5 files changed, 62 insertions(+), 8 deletions(-) create mode 100644 kubernetes/traefik/examples/example-ingressroute.yaml diff --git a/kubernetes/examples/example-deployment.yaml b/kubernetes/examples/example-deployment.yaml index e69de29..b7d6417 100644 --- a/kubernetes/examples/example-deployment.yaml +++ b/kubernetes/examples/example-deployment.yaml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: example-deployment + namespace: your-namespace + labels: + app: example-app +spec: + replicas: 3 # how many pods? + selector: + matchLabels: + app: example-app + template: + metadata: + labels: + app: example-app + spec: + containers: + - name: nginx + image: nginx:latest + ports: + - containerPort: 80 diff --git a/kubernetes/examples/example-service.yaml b/kubernetes/examples/example-service.yaml index e69de29..dece911 100644 --- a/kubernetes/examples/example-service.yaml +++ b/kubernetes/examples/example-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: example-service + namespace: your-namespace +spec: + selector: + app.kubernetes.io/name: MyApp + ports: + - protocol: TCP + port: 80 + targetPort: 9376 diff --git a/kubernetes/portainer/values.yml b/kubernetes/portainer/values.yml index 96208b0..bf758e1 100644 --- a/kubernetes/portainer/values.yml +++ b/kubernetes/portainer/values.yml @@ -14,13 +14,13 @@ service: # type: ClusterIP # (Optional) Add Ingress, when using ClusterIP -# ingress: -# enabled: true -# hosts: -# - host: "portainer-test-1.kube-prod-2.home.clcreative.de" -# paths: -# - path: "/" -# port: "9000" +ingress: + enabled: true + hosts: + - host: "portainer-test-1.kube-prod-2.home.clcreative.de" + paths: + - path: "/" + port: "9000" # -- end persistence: diff --git a/kubernetes/traefik/examples/example-ingressroute.yaml b/kubernetes/traefik/examples/example-ingressroute.yaml new file mode 100644 index 0000000..4825788 --- /dev/null +++ b/kubernetes/traefik/examples/example-ingressroute.yaml @@ -0,0 +1,20 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: ingressroute + # (Optional) Namespace + # namespace: your-namespace + # --- +spec: + entryPoints: + - web + - websecure + routes: + - match: Host(`your-hostname`) + kind: Rule + services: + - name: your-service + port: 80 + # (Optional) TLS + # tls: + # secretName: your-tls-secret diff --git a/kubernetes/traefik/examples/example-ingressroutetcp.yml b/kubernetes/traefik/examples/example-ingressroutetcp.yml index cd9752b..5bb0ab4 100644 --- a/kubernetes/traefik/examples/example-ingressroutetcp.yml +++ b/kubernetes/traefik/examples/example-ingressroutetcp.yml @@ -1,4 +1,4 @@ -apiVersion: traefik.containo.us/v1alpha1 +apiVersion: traefik.io/v1alpha1 kind: IngressRouteTCP metadata: name: ingressroutetcp From 3d55786e361d0ec6ed7beddb9d48bb3f5c9b7ff3 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Fri, 8 Nov 2024 12:06:13 +0100 Subject: [PATCH 6/7] cert-manager update --- .../examples/certificate.yaml.example | 13 +++++ .../examples/clusterissuer.yaml.example | 17 ++++++ .../examples/example-certificate.yaml | 12 ---- .../examples/example-clusterissuer.yaml | 52 ------------------ .../certmanager/examples/example-issuer.yaml | 55 ------------------- .../examples/issuer-secret.yaml.example | 9 +++ .../certmanager/examples/issuer.yaml.example | 18 ++++++ kubernetes/certmanager/values.yaml | 7 +-- 8 files changed, 58 insertions(+), 125 deletions(-) create mode 100644 kubernetes/certmanager/examples/certificate.yaml.example create mode 100644 kubernetes/certmanager/examples/clusterissuer.yaml.example delete mode 100644 kubernetes/certmanager/examples/example-certificate.yaml delete mode 100644 kubernetes/certmanager/examples/example-clusterissuer.yaml delete mode 100644 kubernetes/certmanager/examples/example-issuer.yaml create mode 100644 kubernetes/certmanager/examples/issuer-secret.yaml.example create mode 100644 kubernetes/certmanager/examples/issuer.yaml.example diff --git a/kubernetes/certmanager/examples/certificate.yaml.example b/kubernetes/certmanager/examples/certificate.yaml.example new file mode 100644 index 0000000..faa1b3c --- /dev/null +++ b/kubernetes/certmanager/examples/certificate.yaml.example @@ -0,0 +1,13 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: your-certificate # <-- Replace with your certificate name + namespace: your-namespace # <-- Replace with your namespace +spec: + secretName: your-secret # <-- Replace with your secret name + issuerRef: + name: clusterissuer # <-- Replace with your issuer name + kind: ClusterIssuer + dnsNames: + - your-hostname # <-- Replace with your hostname diff --git a/kubernetes/certmanager/examples/clusterissuer.yaml.example b/kubernetes/certmanager/examples/clusterissuer.yaml.example new file mode 100644 index 0000000..29f1b2a --- /dev/null +++ b/kubernetes/certmanager/examples/clusterissuer.yaml.example @@ -0,0 +1,17 @@ +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: clusterissuer # <-- Replace with your clsuterissuer name +spec: + acme: + email: your-email@address # <-- Replace with your email address + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: example-clusterissuer-account-key # <-- Replace with your secret name + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + name: cloudflare-api-token-secret # <-- Replace with your secret name + key: api-token diff --git a/kubernetes/certmanager/examples/example-certificate.yaml b/kubernetes/certmanager/examples/example-certificate.yaml deleted file mode 100644 index f56d7d5..0000000 --- a/kubernetes/certmanager/examples/example-certificate.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: your-certificate - namespace: your-namespace -spec: - secretName: your-secret - issuerRef: - name: ssl-issuer - kind: ClusterIssuer - dnsNames: - - your-hostname diff --git a/kubernetes/certmanager/examples/example-clusterissuer.yaml b/kubernetes/certmanager/examples/example-clusterissuer.yaml deleted file mode 100644 index 63db53c..0000000 --- a/kubernetes/certmanager/examples/example-clusterissuer.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: acme-issuer -spec: - # -- (Choice) Self-signed Issuer - # selfSigned: {} - # -- or -- - # -- (Choice) ACME Issuer - acme: - # Configure your email here... - # --- - # email: your-email@address - - # Configure your server here... - # --- - # Letsencrypt Production - # server: https://acme-v02.api.letsencrypt.org/directory - # - or - - # Letsencrypt Staging - # server: https://acme-staging-v02.api.letsencrypt.org/directory - - privateKeySecretRef: - name: example-issuer-account-key - solvers: - # Configure DNS or HTTP Challenge here... - # --- - # DNS Challenge: - # - dns01: - # Configure your DNS Provider here... - # --- - # cloudflare: - # email: your-email@address - # API Key: - # apiKeySecretRef: - # name: cloudflare-api-key-secret - # key: api-key - # - or - - # API Token: - # apiTokenSecretRef: - # name: cloudflare-api-token-secret - # key: api-token - # (Optional) Add DNS selectors - # --- - # selector: - # dnsZones: - # - 'your-domain' - - # HTTP Challenge: - # - http01: - # ingress: - # class: traefik diff --git a/kubernetes/certmanager/examples/example-issuer.yaml b/kubernetes/certmanager/examples/example-issuer.yaml deleted file mode 100644 index 403d104..0000000 --- a/kubernetes/certmanager/examples/example-issuer.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: acme-issuer - # (Optional) Metadata - # --- - # namespace: your-namespace -spec: - # -- (Choice) Self-signed Issuer - # selfSigned: {} - # -- or -- - # -- (Choice) ACME Issuer - acme: - # Configure your email here... - # --- - # email: your-email@address - - # Configure your server here... - # --- - # Letsencrypt Production - # server: https://acme-v02.api.letsencrypt.org/directory - # - or - - # Letsencrypt Staging - # server: https://acme-staging-v02.api.letsencrypt.org/directory - - privateKeySecretRef: - name: example-issuer-account-key - solvers: - # Configure DNS or HTTP Challenge here... - # --- - # DNS Challenge: - # - dns01: - # Configure your DNS Provider here... - # --- - # cloudflare: - # email: your-email@address - # API Key: - # apiKeySecretRef: - # name: cloudflare-api-key-secret - # key: api-key - # - or - - # API Token: - # apiTokenSecretRef: - # name: cloudflare-api-token-secret - # key: api-token - # (Optional) Add DNS selectors - # --- - # selector: - # dnsZones: - # - 'your-domain' - - # HTTP Challenge: - # - http01: - # ingress: - # class: traefik diff --git a/kubernetes/certmanager/examples/issuer-secret.yaml.example b/kubernetes/certmanager/examples/issuer-secret.yaml.example new file mode 100644 index 0000000..29a5ee4 --- /dev/null +++ b/kubernetes/certmanager/examples/issuer-secret.yaml.example @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: cloudflare-api-token-secret + namespace: cert-manager +type: Opaque +data: + api-token: your-api-token # <-- Replace with your Cloudflare API token diff --git a/kubernetes/certmanager/examples/issuer.yaml.example b/kubernetes/certmanager/examples/issuer.yaml.example new file mode 100644 index 0000000..e7129a4 --- /dev/null +++ b/kubernetes/certmanager/examples/issuer.yaml.example @@ -0,0 +1,18 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: issuer # <-- Replace with your issuer name + namespace: your-namespace # <-- Replace with your namespace +spec: + acme: + email: your-email@address # <-- Replace with your email address + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: example-issuer-account-key # <-- Replace with your secret name + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + name: cloudflare-api-token-secret # <-- Replace with your secret name + key: api-token diff --git a/kubernetes/certmanager/values.yaml b/kubernetes/certmanager/values.yaml index 991c9b9..750e019 100644 --- a/kubernetes/certmanager/values.yaml +++ b/kubernetes/certmanager/values.yaml @@ -1,5 +1,4 @@ -# Cert-Manager Helm Chart Values Template -# --- +--- image: repository: quay.io/jetstack/cert-manager-controller tag: v1.16.0 @@ -11,12 +10,8 @@ cainjector: image: repository: quay.io/jetstack/cert-manager-cainjector tag: v1.16.0 - -# Enable the CRD install job crds: enabled: true - -# Add DNS01 recursive nameserver configuration extraArgs: - --dns01-recursive-nameservers-only - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53 From e3bf953cf7772c8c8262ccb3559aaba9dfd07ca7 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Fri, 8 Nov 2024 12:34:10 +0100 Subject: [PATCH 7/7] big update for kubernetes and helm templates --- .../cert-manager}/values.yaml | 2 + helm/longhorn/values.yaml | 53 ++++++++++++++++++ helm/portainer/values.yaml | 27 ++++++++++ helm/traefik/values.yaml | 19 +++++++ .../certificate.yaml.example | 0 .../clusterissuer-secret.yaml} | 0 .../clusterissuer.yaml} | 6 +-- .../certmanager/examples/issuer.yaml.example | 18 ------- kubernetes/examples/example-configmap.yaml | 0 kubernetes/examples/example-deployment.yaml | 22 -------- kubernetes/examples/example-ingress.yaml | 0 kubernetes/examples/example-namespace.yaml | 0 .../examples/example-peristentvolume.yaml | 0 .../example-persistentvolumeclaim.yaml | 0 kubernetes/examples/example-secret.yaml | 0 kubernetes/examples/example-service.yaml | 12 ----- kubernetes/longhorn/certificate.yaml | 13 +++++ kubernetes/longhorn/ingressroute.yaml | 17 ++++++ kubernetes/portainer/certificate.yaml | 13 +++++ kubernetes/portainer/ingressroute.yaml | 17 ++++++ kubernetes/portainer/values.yml | 29 ---------- .../examples/example-ingressroute.yaml | 20 ------- .../examples/example-ingressroutetcp.yml | 21 -------- kubernetes/traefik/ingressroute.yaml.example | 19 +++++++ .../traefik/ingressroutetcp.yaml.example | 19 +++++++ kubernetes/traefik/values.yml | 54 ------------------- renovate.json | 23 ++++++++ 27 files changed, 225 insertions(+), 179 deletions(-) rename {kubernetes/certmanager => helm/cert-manager}/values.yaml (99%) create mode 100644 helm/longhorn/values.yaml create mode 100644 helm/portainer/values.yaml create mode 100644 helm/traefik/values.yaml rename kubernetes/{certmanager/examples => cert-manager}/certificate.yaml.example (100%) rename kubernetes/{certmanager/examples/issuer-secret.yaml.example => cert-manager/clusterissuer-secret.yaml} (100%) rename kubernetes/{certmanager/examples/clusterissuer.yaml.example => cert-manager/clusterissuer.yaml} (59%) delete mode 100644 kubernetes/certmanager/examples/issuer.yaml.example delete mode 100644 kubernetes/examples/example-configmap.yaml delete mode 100644 kubernetes/examples/example-deployment.yaml delete mode 100644 kubernetes/examples/example-ingress.yaml delete mode 100644 kubernetes/examples/example-namespace.yaml delete mode 100644 kubernetes/examples/example-peristentvolume.yaml delete mode 100644 kubernetes/examples/example-persistentvolumeclaim.yaml delete mode 100644 kubernetes/examples/example-secret.yaml delete mode 100644 kubernetes/examples/example-service.yaml create mode 100644 kubernetes/longhorn/certificate.yaml create mode 100644 kubernetes/longhorn/ingressroute.yaml create mode 100644 kubernetes/portainer/certificate.yaml create mode 100644 kubernetes/portainer/ingressroute.yaml delete mode 100644 kubernetes/portainer/values.yml delete mode 100644 kubernetes/traefik/examples/example-ingressroute.yaml delete mode 100644 kubernetes/traefik/examples/example-ingressroutetcp.yml create mode 100644 kubernetes/traefik/ingressroute.yaml.example create mode 100644 kubernetes/traefik/ingressroutetcp.yaml.example delete mode 100644 kubernetes/traefik/values.yml diff --git a/kubernetes/certmanager/values.yaml b/helm/cert-manager/values.yaml similarity index 99% rename from kubernetes/certmanager/values.yaml rename to helm/cert-manager/values.yaml index 750e019..dbf3773 100644 --- a/kubernetes/certmanager/values.yaml +++ b/helm/cert-manager/values.yaml @@ -10,8 +10,10 @@ cainjector: image: repository: quay.io/jetstack/cert-manager-cainjector tag: v1.16.0 + crds: enabled: true + extraArgs: - --dns01-recursive-nameservers-only - --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53 diff --git a/helm/longhorn/values.yaml b/helm/longhorn/values.yaml new file mode 100644 index 0000000..934f16c --- /dev/null +++ b/helm/longhorn/values.yaml @@ -0,0 +1,53 @@ +--- +image: + longhorn: + engine: + repository: "longhornio/longhorn-engine" + tag: "v1.7.2" + manager: + repository: "longhornio/longhorn-manager" + tag: "v1.7.2" + ui: + repository: "longhornio/longhorn-ui" + tag: "v1.7.2" + instanceManager: + repository: "longhornio/longhorn-instance-manager" + tag: "v1.7.2" + shareManager: + repository: "longhornio/longhorn-share-manager" + tag: "v1.7.2" + backingImageManager: + repository: "longhornio/backing-image-manager" + tag: "v1.7.2" + supportBundleKit: + repository: "longhornio/support-bundle-kit" + tag: "v0.0.45" + csi: + attacher: + repository: "longhornio/csi-attacher" + tag: "v4.7.0" + provisioner: + repository: "longhornio/csi-provisioner" + tag: "v5.1.0" + nodeDriverRegistrar: + repository: "longhornio/csi-node-driver-registrar" + tag: "v2.12.0" + resizer: + repository: "longhornio/csi-resizer" + tag: "v1.12.0" + snapshotter: + repository: "longhornio/csi-snapshotter" + tag: "v8.1.0" + livenessProbe: + repository: "longhornio/livenessprobe" + tag: "v2.14.0" + +# --> (Optional) Reduce the number of replicas of Longhorn UI +# longhornUI: +# replicas: 1 +# <-- + +# --> (Optional) Change the default settings, like Backup Target here... +# defaultSettings: +# backupTarget: "your-backup-target" # <-- Replace with your backup target +# <-- diff --git a/helm/portainer/values.yaml b/helm/portainer/values.yaml new file mode 100644 index 0000000..ec1a4f4 --- /dev/null +++ b/helm/portainer/values.yaml @@ -0,0 +1,27 @@ +--- +image: + repository: portainer/portainer-ce + tag: 2.22.0 + pullPolicy: IfNotPresent + +service: + type: ClusterIP + +# --> (Optional) When you want to automatically create an Ingress +# ingress: +# enabled: true +# hosts: +# - host: "your-fqdn" # <-- Replace with your FQDN +# paths: +# - path: / +# port: "9000" +# tls: +# - secretName: portainer-certificate-secret +# hosts: +# - "your-fqdn" # <-- Replace with your FQDN +# <-- + +# --> (Optional) When using an existing PVC +# persistence: +# existingClaim: "portainer" +# <-- diff --git a/helm/traefik/values.yaml b/helm/traefik/values.yaml new file mode 100644 index 0000000..ddf4d28 --- /dev/null +++ b/helm/traefik/values.yaml @@ -0,0 +1,19 @@ +image: + repository: traefik + version: v3.1.4 + pullPolicy: IfNotPresent + +# --> (Optional) Change log settings here... +# logs: +# general: +# level: ERROR +# access: +# enabled: false +# <-- + +# --> (Optional) Redirect HTTP to HTTPs by default +# ports: +# web: +# redirectTo: +# port: websecure +# <-- diff --git a/kubernetes/certmanager/examples/certificate.yaml.example b/kubernetes/cert-manager/certificate.yaml.example similarity index 100% rename from kubernetes/certmanager/examples/certificate.yaml.example rename to kubernetes/cert-manager/certificate.yaml.example diff --git a/kubernetes/certmanager/examples/issuer-secret.yaml.example b/kubernetes/cert-manager/clusterissuer-secret.yaml similarity index 100% rename from kubernetes/certmanager/examples/issuer-secret.yaml.example rename to kubernetes/cert-manager/clusterissuer-secret.yaml diff --git a/kubernetes/certmanager/examples/clusterissuer.yaml.example b/kubernetes/cert-manager/clusterissuer.yaml similarity index 59% rename from kubernetes/certmanager/examples/clusterissuer.yaml.example rename to kubernetes/cert-manager/clusterissuer.yaml index 29f1b2a..f1b25af 100644 --- a/kubernetes/certmanager/examples/clusterissuer.yaml.example +++ b/kubernetes/cert-manager/clusterissuer.yaml @@ -2,16 +2,16 @@ apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: - name: clusterissuer # <-- Replace with your clsuterissuer name + name: cloudflare-clusterissuer spec: acme: email: your-email@address # <-- Replace with your email address server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: - name: example-clusterissuer-account-key # <-- Replace with your secret name + name: cloudflare-clusterissuer-account-key solvers: - dns01: cloudflare: apiTokenSecretRef: - name: cloudflare-api-token-secret # <-- Replace with your secret name + name: cloudflare-api-token-secret key: api-token diff --git a/kubernetes/certmanager/examples/issuer.yaml.example b/kubernetes/certmanager/examples/issuer.yaml.example deleted file mode 100644 index e7129a4..0000000 --- a/kubernetes/certmanager/examples/issuer.yaml.example +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: issuer # <-- Replace with your issuer name - namespace: your-namespace # <-- Replace with your namespace -spec: - acme: - email: your-email@address # <-- Replace with your email address - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - name: example-issuer-account-key # <-- Replace with your secret name - solvers: - - dns01: - cloudflare: - apiTokenSecretRef: - name: cloudflare-api-token-secret # <-- Replace with your secret name - key: api-token diff --git a/kubernetes/examples/example-configmap.yaml b/kubernetes/examples/example-configmap.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/kubernetes/examples/example-deployment.yaml b/kubernetes/examples/example-deployment.yaml deleted file mode 100644 index b7d6417..0000000 --- a/kubernetes/examples/example-deployment.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: example-deployment - namespace: your-namespace - labels: - app: example-app -spec: - replicas: 3 # how many pods? - selector: - matchLabels: - app: example-app - template: - metadata: - labels: - app: example-app - spec: - containers: - - name: nginx - image: nginx:latest - ports: - - containerPort: 80 diff --git a/kubernetes/examples/example-ingress.yaml b/kubernetes/examples/example-ingress.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/kubernetes/examples/example-namespace.yaml b/kubernetes/examples/example-namespace.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/kubernetes/examples/example-peristentvolume.yaml b/kubernetes/examples/example-peristentvolume.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/kubernetes/examples/example-persistentvolumeclaim.yaml b/kubernetes/examples/example-persistentvolumeclaim.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/kubernetes/examples/example-secret.yaml b/kubernetes/examples/example-secret.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/kubernetes/examples/example-service.yaml b/kubernetes/examples/example-service.yaml deleted file mode 100644 index dece911..0000000 --- a/kubernetes/examples/example-service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: example-service - namespace: your-namespace -spec: - selector: - app.kubernetes.io/name: MyApp - ports: - - protocol: TCP - port: 80 - targetPort: 9376 diff --git a/kubernetes/longhorn/certificate.yaml b/kubernetes/longhorn/certificate.yaml new file mode 100644 index 0000000..0efedb7 --- /dev/null +++ b/kubernetes/longhorn/certificate.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: longhorn-certificate + namespace: longhorn-system +spec: + secretName: longhorn-certificate-secret + dnsNames: + - your-fqdn # <-- Replace with your FQDN + issuerRef: + name: cloudflare-clusterissuer + kind: ClusterIssuer diff --git a/kubernetes/longhorn/ingressroute.yaml b/kubernetes/longhorn/ingressroute.yaml new file mode 100644 index 0000000..e530a02 --- /dev/null +++ b/kubernetes/longhorn/ingressroute.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: longhorn-ingressroute + namespace: longhorn-system +spec: + entryPoints: + - websecure + routes: + - match: Host(`your-fqdn`) # <-- Replace with your FQDN + kind: Rule + services: + - name: longhorn-frontend + port: 80 + tls: + secretName: longhorn-certificate-secret diff --git a/kubernetes/portainer/certificate.yaml b/kubernetes/portainer/certificate.yaml new file mode 100644 index 0000000..85e23f3 --- /dev/null +++ b/kubernetes/portainer/certificate.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: portainer-ingressroute-certificate + namespace: portainer +spec: + secretName: portainer-certificate-secret + issuerRef: + name: cloudflare-clusterissuer + kind: ClusterIssuer + dnsNames: + - your-fqdn # <-- Replace with your FQDN diff --git a/kubernetes/portainer/ingressroute.yaml b/kubernetes/portainer/ingressroute.yaml new file mode 100644 index 0000000..757128b --- /dev/null +++ b/kubernetes/portainer/ingressroute.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: portainer-ingressroute + namespace: portainer +spec: + entryPoints: + - websecure + routes: + - match: Host(`your-fqdn`) # <-- Replace with your FQDN + kind: Rule + services: + - name: portainer + port: 9000 + tls: + secretName: portainer-certificate-secret diff --git a/kubernetes/portainer/values.yml b/kubernetes/portainer/values.yml deleted file mode 100644 index bf758e1..0000000 --- a/kubernetes/portainer/values.yml +++ /dev/null @@ -1,29 +0,0 @@ -# Portainer Helm Chart Values Template -# --- -image: - repository: portainer/portainer-ce - tag: 2.22.0 - pullPolicy: IfNotPresent - -replicas: 1 # Number of replicas - -# (Choice) LoadBalancer or ClusterIP with optional Ingress -service: - type: LoadBalancer - # -- or -- - # type: ClusterIP - -# (Optional) Add Ingress, when using ClusterIP -ingress: - enabled: true - hosts: - - host: "portainer-test-1.kube-prod-2.home.clcreative.de" - paths: - - path: "/" - port: "9000" -# -- end - -persistence: - enabled: true - # (Optional) Use an existing PVC - # existingClaim: portainer diff --git a/kubernetes/traefik/examples/example-ingressroute.yaml b/kubernetes/traefik/examples/example-ingressroute.yaml deleted file mode 100644 index 4825788..0000000 --- a/kubernetes/traefik/examples/example-ingressroute.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: ingressroute - # (Optional) Namespace - # namespace: your-namespace - # --- -spec: - entryPoints: - - web - - websecure - routes: - - match: Host(`your-hostname`) - kind: Rule - services: - - name: your-service - port: 80 - # (Optional) TLS - # tls: - # secretName: your-tls-secret diff --git a/kubernetes/traefik/examples/example-ingressroutetcp.yml b/kubernetes/traefik/examples/example-ingressroutetcp.yml deleted file mode 100644 index 5bb0ab4..0000000 --- a/kubernetes/traefik/examples/example-ingressroutetcp.yml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: traefik.io/v1alpha1 -kind: IngressRouteTCP -metadata: - name: ingressroutetcp - # (Optional) Namespace - # namespace: your-namespace - # --- -spec: - entryPoints: - - web - - websecure - routes: - - match: HostSNI(`your-hostname-sni`) - priority: 10 - services: - - name: your-service - port: 80 - # (Optional) TLS Passthrough - # tls: - # passthrough: true - # --- diff --git a/kubernetes/traefik/ingressroute.yaml.example b/kubernetes/traefik/ingressroute.yaml.example new file mode 100644 index 0000000..36f0da4 --- /dev/null +++ b/kubernetes/traefik/ingressroute.yaml.example @@ -0,0 +1,19 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: your-ingressroute # <-- Replace with your IngressRoute name + namespace: your-namespace # <-- Replace with your namespace +spec: + entryPoints: + - web + - websecure + routes: + - match: Host(`your-fqdn`) # <-- Replace with your FQDN + kind: Rule + services: + - name: your-service # <-- Replace with your service name + port: 80 + # --> (Optional) Add certificate secret + # tls: + # secretName: your-certificate-secret + # <-- diff --git a/kubernetes/traefik/ingressroutetcp.yaml.example b/kubernetes/traefik/ingressroutetcp.yaml.example new file mode 100644 index 0000000..55178e4 --- /dev/null +++ b/kubernetes/traefik/ingressroutetcp.yaml.example @@ -0,0 +1,19 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRouteTCP +metadata: + name: your-ingressroutetcp # <-- Replace with your IngressRouteTCP name + namespace: your-namespace # <-- Replace with your namespace +spec: + entryPoints: + - web + - websecure + routes: + - match: HostSNI(`your-sni`) # <-- Replace with your SNI + priority: 10 # <-- (Optional) change rule priority + services: + - name: your-service # <-- Replace with your service name + port: 80 + # --> (Optional) Enable TLS Passthrough + # tls: + # passthrough: true + # <-- diff --git a/kubernetes/traefik/values.yml b/kubernetes/traefik/values.yml deleted file mode 100644 index 24aebd1..0000000 --- a/kubernetes/traefik/values.yml +++ /dev/null @@ -1,54 +0,0 @@ -# Traefik Helm Chart Values Template -# --- -image: - repository: traefik - version: v3.1.4 - pullPolicy: IfNotPresent - -# (Optional) Log settings -# logs: -# general: -# level: ERROR -# access: -# enabled: false - -# (Optional) Change number of replicas -# deployment: -# replicas: 1 - -# (Optional) Enable Prometheus Metrics, requires metrics port to be exposed! -# metrics: -# prometheus: -# entryPoint: metrics - -# Configure EntryPoints -ports: - web: - # StandardHTTP - port: 8000 - exposed: true - exposedPort: 80 - # (Optional) Redirect HTTP to HTTPs by default - # redirectTo: - # port: websecure - websecure: - # Standard HTTPS - port: 8443 - exposed: true - exposedPort: 443 - tls: - enabled: true - # (Optional) Enable HTTP3 - # http3: - # enabled: false - # (Optional) When enabled Prometheus Metrics will be exposed on this port - # metrics: - # Prometheus Metrics - # port: 9100 - # exposed: false - # exposedPort: 9100 - -# Create a default IngressClass -ingressClass: - enabled: true - isDefaultClass: true diff --git a/renovate.json b/renovate.json index cadb229..1b1347e 100644 --- a/renovate.json +++ b/renovate.json @@ -110,6 +110,29 @@ "allowedVersions": "!/^v?2\\.19\\.10$/" } ], + "customManagers": [ + { + "customType": "regex", + "description": "Update Longhorn images in Helm", + "fileMatch": ["(^|/)helm/longhorn/.+\\.yaml$"], + "matchStrings": [ + "engine:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "manager:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "ui:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "instanceManager:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "shareManager:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "backingImageManager:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "supportBundleKit:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "attacher:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "provisioner:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "nodeDriverRegistrar:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "resizer:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "snapshotter:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?", + "livenessProbe:\\s*repository:\\s*\"?(?[^\"]+)\"?\\s*tag:\\s*\"?(?[^\"]+)\"?" + ], + "datasourceTemplate": "docker" + } + ], "separateMinorPatch": true, "stopUpdatingLabel": "renovate/stop_updating" }