From 689b516d77282b89c6525a0d5aae6ba931f2d401 Mon Sep 17 00:00:00 2001 From: Daniele De Lorenzi Date: Fri, 24 May 2024 09:11:55 +0200 Subject: [PATCH] chore(kubenuc,k8s-vms-daniele): Remove old apps folder Signed-off-by: Daniele De Lorenzi --- .../old_k8s-vms-daniele/awx/backup/backup.yml | 61 --- apps/old_k8s-vms-daniele/awx/release.yml | 64 --- apps/old_k8s-vms-daniele/awx/secrets.yml | 13 - .../awx/secrets/awx-secret.yml | 20 - .../awx/secrets/kustomization.yaml | 5 - apps/old_k8s-vms-daniele/blackbox/release.yml | 28 -- .../fluxcd/kustomization.yaml | 5 - .../fluxcd/notifications.yaml | 35 -- apps/old_k8s-vms-daniele/fluxcd/secrets.yaml | 12 - .../fluxcd/secrets/kustomization.yaml | 5 - .../fluxcd/secrets/slack-secret.yml | 6 - .../sysdig-agent/kustomization.yaml | 8 - .../sysdig-agent/release.yml | 159 -------- .../sysdig-agent/secrets.yaml | 12 - .../sysdig-agent/secrets/agent-secret.yml | 20 - .../sysdig-agent/secrets/kustomization.yaml | 5 - .../system-upgrade-controller/deploy-app.yaml | 12 - .../manifests/kustomization.yaml | 5 - .../manifests/plan.yml | 42 -- .../teleport-agent/release.yml | 30 -- .../teleport-agent/secrets.yaml | 12 - .../teleport-agent/secrets/kustomization.yaml | 5 - .../secrets/teleport-agent-secret.yml | 6 - apps/old_kubenuc/bareos/deploy-app.yaml | 12 - .../bareos/manifests/deployment.yml | 219 ----------- .../bareos/manifests/kustomization.yaml | 11 - .../bareos/manifests/namespace.yml | 6 - apps/old_kubenuc/bareos/manifests/pvc.yml | 87 ----- apps/old_kubenuc/bareos/manifests/secret.yml | 7 - apps/old_kubenuc/bareos/manifests/service.yml | 37 -- .../bareos/manifests/serviceaccount.yml | 5 - .../bareos/manifests/statefulset.yml | 52 --- apps/old_kubenuc/cloudflare/cloudflared.yml | 125 ------ apps/old_kubenuc/film-tv-exporter/deploy.yaml | 13 - .../manifests/deployment.yaml | 192 --------- .../manifests/kustomization.yaml | 9 - .../film-tv-exporter/manifests/namespace.yaml | 5 - .../film-tv-exporter/manifests/secret.yaml | 7 - .../manifests/serviceaccount.yaml | 5 - apps/old_kubenuc/fluxcd/notifications.yaml | 35 -- apps/old_kubenuc/fluxcd/secrets.yaml | 12 - .../fluxcd/secrets/kustomization.yaml | 5 - .../fluxcd/secrets/slack-secret.yml | 6 - apps/old_kubenuc/harbor/release.yml | 75 ---- apps/old_kubenuc/harbor/secrets.yaml | 12 - .../harbor/secrets/harbor-secret.yml | 6 - .../harbor/secrets/kustomization.yaml | 5 - apps/old_kubenuc/intel-gpu-plugin/release.yml | 31 -- apps/old_kubenuc/jellyfin/release.yml | 56 --- apps/old_kubenuc/jenkins/release.yml | 43 -- apps/old_kubenuc/longhorn/release.yml | 51 --- apps/old_kubenuc/mediaserver/deploy-app.yaml | 12 - .../mediaserver/manifests/operator-crds.yml | 369 ------------------ .../mediaserver/manifests/release.yml | 109 ------ apps/old_kubenuc/minio/release.yml | 79 ---- apps/old_kubenuc/net-mon/deploy.yaml | 13 - .../net-mon/manifests/configmap.yaml | 63 --- .../net-mon/manifests/deployment.yaml | 56 --- .../net-mon/manifests/kustomization.yaml | 9 - .../net-mon/manifests/namespace.yaml | 5 - .../net-mon/manifests/serviceaccount.yaml | 5 - apps/old_kubenuc/nextcloud/release.yml | 165 -------- apps/old_kubenuc/nextcloud/secrets.yaml | 12 - .../nextcloud/secrets/kustomization.yaml | 7 - .../nextcloud/secrets/nextcloud-db-secret.yml | 6 - .../secrets/nextcloud-mariadb-secret.yml | 6 - .../nextcloud/secrets/nextcloud-secret.yml | 6 - apps/old_kubenuc/nfs-sc/kustomization.yaml | 7 - apps/old_kubenuc/nfs-sc/namespace.yml | 4 - apps/old_kubenuc/nfs-sc/release.yml | 34 -- apps/old_kubenuc/nginx-ingress/release.yml | 104 ----- apps/old_kubenuc/nut/deploy.yaml | 13 - .../old_kubenuc/nut/manifests/deployment.yaml | 56 --- .../nut/manifests/kustomization.yaml | 8 - apps/old_kubenuc/nut/manifests/namespace.yaml | 5 - .../nut/manifests/serviceaccount.yaml | 5 - apps/old_kubenuc/portainer/release.yml | 63 --- apps/old_kubenuc/postgresql/deploy.yaml | 13 - apps/old_kubenuc/postgresql/manifests/db.yaml | 13 - apps/old_kubenuc/postgresql/release.yml | 28 -- apps/old_kubenuc/sendgrid/deploy.yaml | 13 - .../sendgrid/manifests/deployment.yaml | 58 --- .../sendgrid/manifests/kustomization.yaml | 9 - .../sendgrid/manifests/namespace.yaml | 5 - .../sendgrid/manifests/secret.yaml | 7 - .../sendgrid/manifests/serviceaccount.yaml | 5 - apps/old_kubenuc/sso/release.yml | 137 ------- apps/old_kubenuc/sso/secrets.yaml | 12 - .../sso/secrets/kustomization.yaml | 5 - apps/old_kubenuc/sso/secrets/sso-secret.yml | 6 - .../sysdig-agent/kustomization.yaml | 8 - apps/old_kubenuc/sysdig-agent/release.yml | 122 ------ apps/old_kubenuc/sysdig-agent/secrets.yaml | 12 - .../sysdig-agent/secrets/agent-secret.yml | 20 - .../sysdig-agent/secrets/kustomization.yaml | 5 - .../sysdig-harbor-scanner/release.yml | 32 -- .../sysdig-harbor-scanner/secrets.yaml | 12 - .../secrets/harbor-scanner-secret.yml | 6 - .../secrets/kustomization.yaml | 5 - .../system-upgrade-controller/deploy-app.yaml | 12 - .../manifests/kustomization.yaml | 5 - .../manifests/plan.yml | 42 -- apps/old_kubenuc/unifi/release-poller.yml | 45 --- apps/old_kubenuc/unifi/release-unifi.yml | 56 --- apps/old_kubenuc/unifi/secrets.yaml | 12 - .../unifi/secrets/kustomization.yaml | 5 - .../unifi/secrets/unifi-poller-secret.yml | 6 - apps/old_kubenuc/zabbix/release.yml | 70 ---- 108 files changed, 3706 deletions(-) delete mode 100644 apps/old_k8s-vms-daniele/awx/backup/backup.yml delete mode 100644 apps/old_k8s-vms-daniele/awx/release.yml delete mode 100644 apps/old_k8s-vms-daniele/awx/secrets.yml delete mode 100644 apps/old_k8s-vms-daniele/awx/secrets/awx-secret.yml delete mode 100644 apps/old_k8s-vms-daniele/awx/secrets/kustomization.yaml delete mode 100644 apps/old_k8s-vms-daniele/blackbox/release.yml delete mode 100644 apps/old_k8s-vms-daniele/fluxcd/kustomization.yaml delete mode 100644 apps/old_k8s-vms-daniele/fluxcd/notifications.yaml delete mode 100644 apps/old_k8s-vms-daniele/fluxcd/secrets.yaml delete mode 100644 apps/old_k8s-vms-daniele/fluxcd/secrets/kustomization.yaml delete mode 100644 apps/old_k8s-vms-daniele/fluxcd/secrets/slack-secret.yml delete mode 100644 apps/old_k8s-vms-daniele/sysdig-agent/kustomization.yaml delete mode 100644 apps/old_k8s-vms-daniele/sysdig-agent/release.yml delete mode 100644 apps/old_k8s-vms-daniele/sysdig-agent/secrets.yaml delete mode 100644 apps/old_k8s-vms-daniele/sysdig-agent/secrets/agent-secret.yml delete mode 100644 apps/old_k8s-vms-daniele/sysdig-agent/secrets/kustomization.yaml delete mode 100644 apps/old_k8s-vms-daniele/system-upgrade-controller/deploy-app.yaml delete mode 100644 apps/old_k8s-vms-daniele/system-upgrade-controller/manifests/kustomization.yaml delete mode 100644 apps/old_k8s-vms-daniele/system-upgrade-controller/manifests/plan.yml delete mode 100644 apps/old_k8s-vms-daniele/teleport-agent/release.yml delete mode 100644 apps/old_k8s-vms-daniele/teleport-agent/secrets.yaml delete mode 100644 apps/old_k8s-vms-daniele/teleport-agent/secrets/kustomization.yaml delete mode 100644 apps/old_k8s-vms-daniele/teleport-agent/secrets/teleport-agent-secret.yml delete mode 100644 apps/old_kubenuc/bareos/deploy-app.yaml delete mode 100644 apps/old_kubenuc/bareos/manifests/deployment.yml delete mode 100644 apps/old_kubenuc/bareos/manifests/kustomization.yaml delete mode 100644 apps/old_kubenuc/bareos/manifests/namespace.yml delete mode 100644 apps/old_kubenuc/bareos/manifests/pvc.yml delete mode 100644 apps/old_kubenuc/bareos/manifests/secret.yml delete mode 100644 apps/old_kubenuc/bareos/manifests/service.yml delete mode 100644 apps/old_kubenuc/bareos/manifests/serviceaccount.yml delete mode 100644 apps/old_kubenuc/bareos/manifests/statefulset.yml delete mode 100644 apps/old_kubenuc/cloudflare/cloudflared.yml delete mode 100644 apps/old_kubenuc/film-tv-exporter/deploy.yaml delete mode 100644 apps/old_kubenuc/film-tv-exporter/manifests/deployment.yaml delete mode 100644 apps/old_kubenuc/film-tv-exporter/manifests/kustomization.yaml delete mode 100644 apps/old_kubenuc/film-tv-exporter/manifests/namespace.yaml delete mode 100644 apps/old_kubenuc/film-tv-exporter/manifests/secret.yaml delete mode 100644 apps/old_kubenuc/film-tv-exporter/manifests/serviceaccount.yaml delete mode 100644 apps/old_kubenuc/fluxcd/notifications.yaml delete mode 100644 apps/old_kubenuc/fluxcd/secrets.yaml delete mode 100644 apps/old_kubenuc/fluxcd/secrets/kustomization.yaml delete mode 100644 apps/old_kubenuc/fluxcd/secrets/slack-secret.yml delete mode 100644 apps/old_kubenuc/harbor/release.yml delete mode 100644 apps/old_kubenuc/harbor/secrets.yaml delete mode 100644 apps/old_kubenuc/harbor/secrets/harbor-secret.yml delete mode 100644 apps/old_kubenuc/harbor/secrets/kustomization.yaml delete mode 100644 apps/old_kubenuc/intel-gpu-plugin/release.yml delete mode 100644 apps/old_kubenuc/jellyfin/release.yml delete mode 100644 apps/old_kubenuc/jenkins/release.yml delete mode 100644 apps/old_kubenuc/longhorn/release.yml delete mode 100644 apps/old_kubenuc/mediaserver/deploy-app.yaml delete mode 100644 apps/old_kubenuc/mediaserver/manifests/operator-crds.yml delete mode 100644 apps/old_kubenuc/mediaserver/manifests/release.yml delete mode 100644 apps/old_kubenuc/minio/release.yml delete mode 100644 apps/old_kubenuc/net-mon/deploy.yaml delete mode 100644 apps/old_kubenuc/net-mon/manifests/configmap.yaml delete mode 100644 apps/old_kubenuc/net-mon/manifests/deployment.yaml delete mode 100644 apps/old_kubenuc/net-mon/manifests/kustomization.yaml delete mode 100644 apps/old_kubenuc/net-mon/manifests/namespace.yaml delete mode 100644 apps/old_kubenuc/net-mon/manifests/serviceaccount.yaml delete mode 100644 apps/old_kubenuc/nextcloud/release.yml delete mode 100644 apps/old_kubenuc/nextcloud/secrets.yaml delete mode 100644 apps/old_kubenuc/nextcloud/secrets/kustomization.yaml delete mode 100644 apps/old_kubenuc/nextcloud/secrets/nextcloud-db-secret.yml delete mode 100644 apps/old_kubenuc/nextcloud/secrets/nextcloud-mariadb-secret.yml delete mode 100644 apps/old_kubenuc/nextcloud/secrets/nextcloud-secret.yml delete mode 100644 apps/old_kubenuc/nfs-sc/kustomization.yaml delete mode 100644 apps/old_kubenuc/nfs-sc/namespace.yml delete mode 100644 apps/old_kubenuc/nfs-sc/release.yml delete mode 100644 apps/old_kubenuc/nginx-ingress/release.yml delete mode 100644 apps/old_kubenuc/nut/deploy.yaml delete mode 100644 apps/old_kubenuc/nut/manifests/deployment.yaml delete mode 100644 apps/old_kubenuc/nut/manifests/kustomization.yaml delete mode 100644 apps/old_kubenuc/nut/manifests/namespace.yaml delete mode 100644 apps/old_kubenuc/nut/manifests/serviceaccount.yaml delete mode 100644 apps/old_kubenuc/portainer/release.yml delete mode 100644 apps/old_kubenuc/postgresql/deploy.yaml delete mode 100644 apps/old_kubenuc/postgresql/manifests/db.yaml delete mode 100644 apps/old_kubenuc/postgresql/release.yml delete mode 100644 apps/old_kubenuc/sendgrid/deploy.yaml delete mode 100644 apps/old_kubenuc/sendgrid/manifests/deployment.yaml delete mode 100644 apps/old_kubenuc/sendgrid/manifests/kustomization.yaml delete mode 100644 apps/old_kubenuc/sendgrid/manifests/namespace.yaml delete mode 100644 apps/old_kubenuc/sendgrid/manifests/secret.yaml delete mode 100644 apps/old_kubenuc/sendgrid/manifests/serviceaccount.yaml delete mode 100644 apps/old_kubenuc/sso/release.yml delete mode 100644 apps/old_kubenuc/sso/secrets.yaml delete mode 100644 apps/old_kubenuc/sso/secrets/kustomization.yaml delete mode 100644 apps/old_kubenuc/sso/secrets/sso-secret.yml delete mode 100644 apps/old_kubenuc/sysdig-agent/kustomization.yaml delete mode 100644 apps/old_kubenuc/sysdig-agent/release.yml delete mode 100644 apps/old_kubenuc/sysdig-agent/secrets.yaml delete mode 100644 apps/old_kubenuc/sysdig-agent/secrets/agent-secret.yml delete mode 100644 apps/old_kubenuc/sysdig-agent/secrets/kustomization.yaml delete mode 100644 apps/old_kubenuc/sysdig-harbor-scanner/release.yml delete mode 100644 apps/old_kubenuc/sysdig-harbor-scanner/secrets.yaml delete mode 100644 apps/old_kubenuc/sysdig-harbor-scanner/secrets/harbor-scanner-secret.yml delete mode 100644 apps/old_kubenuc/sysdig-harbor-scanner/secrets/kustomization.yaml delete mode 100644 apps/old_kubenuc/system-upgrade-controller/deploy-app.yaml delete mode 100644 apps/old_kubenuc/system-upgrade-controller/manifests/kustomization.yaml delete mode 100644 apps/old_kubenuc/system-upgrade-controller/manifests/plan.yml delete mode 100644 apps/old_kubenuc/unifi/release-poller.yml delete mode 100644 apps/old_kubenuc/unifi/release-unifi.yml delete mode 100644 apps/old_kubenuc/unifi/secrets.yaml delete mode 100644 apps/old_kubenuc/unifi/secrets/kustomization.yaml delete mode 100644 apps/old_kubenuc/unifi/secrets/unifi-poller-secret.yml delete mode 100644 apps/old_kubenuc/zabbix/release.yml diff --git a/apps/old_k8s-vms-daniele/awx/backup/backup.yml b/apps/old_k8s-vms-daniele/awx/backup/backup.yml deleted file mode 100644 index 20fb25cc..00000000 --- a/apps/old_k8s-vms-daniele/awx/backup/backup.yml +++ /dev/null @@ -1,61 +0,0 @@ ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: awx-backup - namespace: awx -spec: - schedule: "0 0 * * 0" - jobTemplate: - spec: - template: - spec: - containers: - - name: pgbackup - image: schickling/postgres-backup-s3 - imagePullPolicy: IfNotPresent - env: - - name: S3_REGION - value: "eu-south-1" - - name: POSTGRES_BACKUP_ALL - value: "false" - - name: POSTGRES_EXTRA_OPTS - value: "--schema=public --blobs" - - name: S3_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: awx-backup - key: S3_ACCESS_KEY_ID - - name: S3_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: awx-backup - key: S3_SECRET_ACCESS_KEY - - name: S3_BUCKET - valueFrom: - secretKeyRef: - name: awx-backup - key: S3_BUCKET - - name: S3_PREFIX - value: "awx-backup" - - name: POSTGRES_HOST - valueFrom: - secretKeyRef: - name: awx-postgres-configuration - key: host - - name: POSTGRES_DATABASE - valueFrom: - secretKeyRef: - name: awx-postgres-configuration - key: database - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: awx-postgres-configuration - key: username - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: awx-postgres-configuration - key: password - restartPolicy: OnFailure diff --git a/apps/old_k8s-vms-daniele/awx/release.yml b/apps/old_k8s-vms-daniele/awx/release.yml deleted file mode 100644 index 0d63be64..00000000 --- a/apps/old_k8s-vms-daniele/awx/release.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: ansible-awx - namespace: awx -spec: - interval: 5m - chart: - spec: - chart: awx-operator - version: ">=0.25.0" - sourceRef: - kind: HelmRepository - name: awx-chart - namespace: flux-system - interval: 5m - install: - createNamespace: true - crds: CreateReplace - remediation: - retries: 10 - upgrade: - crds: CreateReplace - remediation: - retries: 10 - values: - AWX: - enabled: true - name: awx - spec: - ingress_type: ingress - hostname: ansible.fastnetserv.net - secret_key_secret: custom-awx-secret-key - projects_persistence: true - projects_storage_class: local-path - projects_storage_size: 8Gi - projects_storage_access_mode: ReadWriteOnce - extra_settings: - - setting: CSRF_TRUSTED_ORIGINS - value: - - https://localhost:3001 - - https://ansible.fastnetserv.net - web_resource_requirements: - requests: - cpu: 200m - memory: 512Mi - limits: - cpu: 500m - memory: 2Gi - task_resource_requirements: - requests: - cpu: 200m - memory: 512Mi - limits: - cpu: 300m - memory: 2Gi - ee_resource_requirements: - requests: - cpu: 200m - memory: 128Mi - limits: - cpu: 300m - memory: 256Mi diff --git a/apps/old_k8s-vms-daniele/awx/secrets.yml b/apps/old_k8s-vms-daniele/awx/secrets.yml deleted file mode 100644 index 4f8c383a..00000000 --- a/apps/old_k8s-vms-daniele/awx/secrets.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: awx-secrets - namespace: flux-system -spec: - interval: 1m - sourceRef: - kind: GitRepository - name: flux-system - path: ./apps/k8s-vms-daniele/awx/secrets - prune: true diff --git a/apps/old_k8s-vms-daniele/awx/secrets/awx-secret.yml b/apps/old_k8s-vms-daniele/awx/secrets/awx-secret.yml deleted file mode 100644 index 47a0f2fa..00000000 --- a/apps/old_k8s-vms-daniele/awx/secrets/awx-secret.yml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: awx-admin-secret -spec: - itemPath: "vaults/k8s_secrets/items/awx_admin" ---- -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: custom-awx-secret-key -spec: - itemPath: "vaults/k8s_secrets/items/awx_secret_key" ---- -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: awx-backup -spec: - itemPath: "vaults/k8s_secrets/items/awx_backup_key" diff --git a/apps/old_k8s-vms-daniele/awx/secrets/kustomization.yaml b/apps/old_k8s-vms-daniele/awx/secrets/kustomization.yaml deleted file mode 100644 index 62bd8993..00000000 --- a/apps/old_k8s-vms-daniele/awx/secrets/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: awx -resources: -- awx-secret.yml diff --git a/apps/old_k8s-vms-daniele/blackbox/release.yml b/apps/old_k8s-vms-daniele/blackbox/release.yml deleted file mode 100644 index ed3b12db..00000000 --- a/apps/old_k8s-vms-daniele/blackbox/release.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: blackbox - namespace: monitoring -spec: - interval: 5m - chart: - spec: - interval: 5m - chart: prometheus-blackbox-exporter - version: ">=7.1.0 <7.2.0" - sourceRef: - kind: HelmRepository - name: prometheus-community-charts - namespace: flux-system - values: - podAnnotations: {} - config: - modules: - http_2xx: - prober: http - timeout: 5s - http: - valid_http_versions: ["HTTP/1.1", "HTTP/2.0"] - follow_redirects: true - preferred_ip_protocol: "ip4" diff --git a/apps/old_k8s-vms-daniele/fluxcd/kustomization.yaml b/apps/old_k8s-vms-daniele/fluxcd/kustomization.yaml deleted file mode 100644 index 5fa6b657..00000000 --- a/apps/old_k8s-vms-daniele/fluxcd/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: flux-system -resources: -- notifications.yaml \ No newline at end of file diff --git a/apps/old_k8s-vms-daniele/fluxcd/notifications.yaml b/apps/old_k8s-vms-daniele/fluxcd/notifications.yaml deleted file mode 100644 index 20491e6c..00000000 --- a/apps/old_k8s-vms-daniele/fluxcd/notifications.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -apiVersion: notification.toolkit.fluxcd.io/v1beta3 -kind: Provider -metadata: - name: slack - namespace: flux-system -spec: - type: slack - channel: infrastructure - secretRef: - name: slack-url ---- -apiVersion: notification.toolkit.fluxcd.io/v1beta3 -kind: Alert -metadata: - name: fluxcd-notifications - namespace: flux-system -spec: - summary: "cluster status" - providerRef: - name: slack - eventMetadata: - env: "production" - cluster: "k8s-vms-daniele" - region: "switzerland" - eventSeverity: info - eventSources: - - kind: GitRepository - name: '*' - - kind: Kustomization - name: charts - - kind: HelmRelease - name: '*' -# - kind: Kustomization -# name: '*' diff --git a/apps/old_k8s-vms-daniele/fluxcd/secrets.yaml b/apps/old_k8s-vms-daniele/fluxcd/secrets.yaml deleted file mode 100644 index 60c29727..00000000 --- a/apps/old_k8s-vms-daniele/fluxcd/secrets.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: slack-secrets - namespace: flux-system -spec: - interval: 5m - sourceRef: - kind: GitRepository - name: flux-system - path: ./apps/k8s-vms-daniele/fluxcd/secrets - prune: true diff --git a/apps/old_k8s-vms-daniele/fluxcd/secrets/kustomization.yaml b/apps/old_k8s-vms-daniele/fluxcd/secrets/kustomization.yaml deleted file mode 100644 index 7f211358..00000000 --- a/apps/old_k8s-vms-daniele/fluxcd/secrets/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: flux-system -resources: -- slack-secret.yml diff --git a/apps/old_k8s-vms-daniele/fluxcd/secrets/slack-secret.yml b/apps/old_k8s-vms-daniele/fluxcd/secrets/slack-secret.yml deleted file mode 100644 index b9085ffa..00000000 --- a/apps/old_k8s-vms-daniele/fluxcd/secrets/slack-secret.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: slack-url -spec: - itemPath: "vaults/k8s_secrets/items/slack-url" diff --git a/apps/old_k8s-vms-daniele/sysdig-agent/kustomization.yaml b/apps/old_k8s-vms-daniele/sysdig-agent/kustomization.yaml deleted file mode 100644 index dcd1c030..00000000 --- a/apps/old_k8s-vms-daniele/sysdig-agent/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: sysdig-agent -resources: - - ../../common/sysdig-agent -patchesStrategicMerge: - - release.yml diff --git a/apps/old_k8s-vms-daniele/sysdig-agent/release.yml b/apps/old_k8s-vms-daniele/sysdig-agent/release.yml deleted file mode 100644 index c9739fdc..00000000 --- a/apps/old_k8s-vms-daniele/sysdig-agent/release.yml +++ /dev/null @@ -1,159 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: sysdig-deploy - namespace: sysdig-agent -spec: - chart: - spec: - chart: sysdig-deploy - version: ">=1.3.29" - values: - global: - clusterConfig: - name: "k8s-daniele-vms" - sysdig: - region: "us1" - kspm: - deploy: true - - kspmCollector: - probes: - initialDelay: 30 - - agent: - slim: - resources: - requests: - cpu: 300m - memory: 600Mi - limits: - cpu: 500m - memory: 1Gi - resourceProfile: custom - resources: - requests: - cpu: 300m - memory: 600Mi - limits: - cpu: 500m - memory: 1Gi - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - effect: "NoSchedule" - key: "CriticalAddonsOnly" - operator: "Equal" - value: "true" - sysdig: - settings: - tags: cluster:k8s-daniele-vms,location:Swiss - cri: - socket_path: /run/k3s/containerd/containerd.sock - log: - file_priority: warning - console_priority: info - event_priority: warning - prometheus: - file: true - yaml: - global: - scrape_interval: 10s - scrape_configs: - - job_name: blackbox - metrics_path: /probe - params: - module: - - http_2xx - relabel_configs: - - source_labels: - - __address__ - target_label: __param_target - - source_labels: - - __param_target - target_label: instance - - replacement: blackbox-prometheus-blackbox-exporter.monitoring.svc.cluster.local:9115 # Blackbox hostname:port - target_label: __address__ - static_configs: - - targets: - - https://harbor.ddlns.net - labels: - kube_namespace_name: 'ciccio' - - job_name: kubernetes-blackbox-services - kubernetes_sd_configs: - - role: service - metrics_path: /probe - params: - module: - - http_2xx - relabel_configs: - - action: keep - regex: true - source_labels: - - __meta_kubernetes_service_annotation_prometheus_io_probe - - source_labels: - - __address__ - target_label: __param_target - - replacement: blackbox-prometheus-blackbox-exporter.monitoring.svc.cluster.local:9115 # Blackbox hostname:port - target_label: __address__ - - source_labels: - - __param_target - target_label: instance - - action: labelmap - regex: __meta_kubernetes_service_label_(.+) - - source_labels: - - __meta_kubernetes_namespace - target_label: kube_namespace_name - - source_labels: - - __meta_kubernetes_service_name - target_label: kube_service_name - - nodeAnalyzer: - nodeAnalyzer: - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - effect: "NoSchedule" - key: "CriticalAddonsOnly" - operator: "Equal" - value: "true" - imageAnalyzer: - extraVolumes: - volumes: - - name: socketpath - hostPath: - path: /run/k3s/containerd/containerd.sock - type: "" - benchmarkRunner: - deploy: false - runtimeScanner: - deploy: false - resources: - limits: - cpu: 300m - settings: - eveEnabled: true - extraMounts: - - name: socketpath - mountPath: /var/run/containerd/containerd.sock - hostScanner: - deploy: true - secure: - vulnerabilityManagement: - newEngineOnly: true - - rapidResponse: - enabled: true - - clusterScanner: - enabled: true - eveEnabled: true - scannerMode: "local" - replicaCount: 1 - runtimeStatusIntegrator: - env: - USE_MAINDB_V2: "true" - imageSbomExtractor: - env: - USE_MAINDB_V2: "true" diff --git a/apps/old_k8s-vms-daniele/sysdig-agent/secrets.yaml b/apps/old_k8s-vms-daniele/sysdig-agent/secrets.yaml deleted file mode 100644 index 1f56200d..00000000 --- a/apps/old_k8s-vms-daniele/sysdig-agent/secrets.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: sysdig-agent-secrets - namespace: flux-system -spec: - interval: 1m - sourceRef: - kind: GitRepository - name: flux-system - path: ./apps/k8s-vms-daniele/sysdig-agent/secrets - prune: true diff --git a/apps/old_k8s-vms-daniele/sysdig-agent/secrets/agent-secret.yml b/apps/old_k8s-vms-daniele/sysdig-agent/secrets/agent-secret.yml deleted file mode 100644 index 71448cab..00000000 --- a/apps/old_k8s-vms-daniele/sysdig-agent/secrets/agent-secret.yml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: sysdig-agent -spec: - itemPath: "vaults/k8s_secrets/items/Agent_US-East" ---- -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: sysdig-rapid-response -spec: - itemPath: "vaults/k8s_secrets/items/Rapid_Response_US-East" ---- -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: sysdig-agent-api -spec: - itemPath: "vaults/k8s_secrets/items/API_Secure_US-East" diff --git a/apps/old_k8s-vms-daniele/sysdig-agent/secrets/kustomization.yaml b/apps/old_k8s-vms-daniele/sysdig-agent/secrets/kustomization.yaml deleted file mode 100644 index c2943496..00000000 --- a/apps/old_k8s-vms-daniele/sysdig-agent/secrets/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: sysdig-agent -resources: -- agent-secret.yml diff --git a/apps/old_k8s-vms-daniele/system-upgrade-controller/deploy-app.yaml b/apps/old_k8s-vms-daniele/system-upgrade-controller/deploy-app.yaml deleted file mode 100644 index 3bdfe58a..00000000 --- a/apps/old_k8s-vms-daniele/system-upgrade-controller/deploy-app.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: system-upgrade - namespace: flux-system -spec: - interval: 15m - sourceRef: - kind: GitRepository - name: flux-system - path: ./apps/k8s-vms-daniele/system-upgrade-controller/manifests - prune: true diff --git a/apps/old_k8s-vms-daniele/system-upgrade-controller/manifests/kustomization.yaml b/apps/old_k8s-vms-daniele/system-upgrade-controller/manifests/kustomization.yaml deleted file mode 100644 index 33cb262c..00000000 --- a/apps/old_k8s-vms-daniele/system-upgrade-controller/manifests/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: system-upgrade -resources: -- plan.yml diff --git a/apps/old_k8s-vms-daniele/system-upgrade-controller/manifests/plan.yml b/apps/old_k8s-vms-daniele/system-upgrade-controller/manifests/plan.yml deleted file mode 100644 index 9a86c15f..00000000 --- a/apps/old_k8s-vms-daniele/system-upgrade-controller/manifests/plan.yml +++ /dev/null @@ -1,42 +0,0 @@ -# Server plan -apiVersion: upgrade.cattle.io/v1 -kind: Plan -metadata: - name: server-plan - namespace: system-upgrade -spec: - concurrency: 1 - cordon: true - nodeSelector: - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: In - values: - - "true" - serviceAccountName: system-upgrade - upgrade: - image: rancher/k3s-upgrade - version: v1.27.8+k3s2 ---- -# Agent plan -apiVersion: upgrade.cattle.io/v1 -kind: Plan -metadata: - name: agent-plan - namespace: system-upgrade -spec: - concurrency: 1 - cordon: true - nodeSelector: - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: DoesNotExist - prepare: - args: - - prepare - - server-plan - image: rancher/k3s-upgrade - serviceAccountName: system-upgrade - upgrade: - image: rancher/k3s-upgrade - version: v1.27.8+k3s2 diff --git a/apps/old_k8s-vms-daniele/teleport-agent/release.yml b/apps/old_k8s-vms-daniele/teleport-agent/release.yml deleted file mode 100644 index 84c8edfa..00000000 --- a/apps/old_k8s-vms-daniele/teleport-agent/release.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: teleport-agent - namespace: teleport-agent -spec: - interval: 5m - chart: - spec: - chart: teleport-kube-agent - version: ">=12.0.0" - sourceRef: - kind: HelmRepository - name: teleport-charts - namespace: flux-system - interval: 5m - install: - createNamespace: true - remediation: - retries: 6 - upgrade: - remediation: - retries: 6 - values: - proxyAddr: teleport.fastnetserv.cloud:443 - kubeClusterName: "k8s-vms-daniele" - joinTokenSecret: - create: false - name: "teleport-kube-agent-join-token" diff --git a/apps/old_k8s-vms-daniele/teleport-agent/secrets.yaml b/apps/old_k8s-vms-daniele/teleport-agent/secrets.yaml deleted file mode 100644 index 8899ce69..00000000 --- a/apps/old_k8s-vms-daniele/teleport-agent/secrets.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: teleport-kube-agent-join-token - namespace: flux-system -spec: - interval: 5m - sourceRef: - kind: GitRepository - name: flux-system - path: ./apps/k8s-vms-daniele/awx/secrets - prune: true diff --git a/apps/old_k8s-vms-daniele/teleport-agent/secrets/kustomization.yaml b/apps/old_k8s-vms-daniele/teleport-agent/secrets/kustomization.yaml deleted file mode 100644 index 6d926170..00000000 --- a/apps/old_k8s-vms-daniele/teleport-agent/secrets/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: teleport-agent -resources: -- teleport-agent-secret.yml diff --git a/apps/old_k8s-vms-daniele/teleport-agent/secrets/teleport-agent-secret.yml b/apps/old_k8s-vms-daniele/teleport-agent/secrets/teleport-agent-secret.yml deleted file mode 100644 index b602bf7b..00000000 --- a/apps/old_k8s-vms-daniele/teleport-agent/secrets/teleport-agent-secret.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: teleport-kube-agent-join-token -spec: - itemPath: "vaults/k8s_secrets/items/teleport-k3s-agent-token" diff --git a/apps/old_kubenuc/bareos/deploy-app.yaml b/apps/old_kubenuc/bareos/deploy-app.yaml deleted file mode 100644 index 111b0001..00000000 --- a/apps/old_kubenuc/bareos/deploy-app.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: bareos-app - namespace: flux-system -spec: - interval: 15m - sourceRef: - kind: GitRepository - name: flux-system - path: ./apps/kubenuc/bareos/manifests - prune: true diff --git a/apps/old_kubenuc/bareos/manifests/deployment.yml b/apps/old_kubenuc/bareos/manifests/deployment.yml deleted file mode 100644 index b0e74947..00000000 --- a/apps/old_kubenuc/bareos/manifests/deployment.yml +++ /dev/null @@ -1,219 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - io.kompose.service: bareos-sd-infra-local - name: bareos-sd-infra-local - namespace: bareos -spec: - progressDeadlineSeconds: 600 - replicas: 1 - selector: - matchLabels: - io.kompose.service: bareos-sd-infra-local - strategy: - type: Recreate - template: - metadata: - labels: - io.kompose.service: bareos-sd-infra-local - spec: - nodeSelector: - kubernetes.io/hostname: "kubenuc" - containers: - - env: - - name: BAREOS_SD_PASSWORD - valueFrom: - secretKeyRef: - name: bareos-secret - key: bareos_sd_password - - name: TZ - value: Europe/Rome - image: barcus/bareos-storage:21-ubuntu - imagePullPolicy: Always - name: bareos-sd-infra-local - ports: - - containerPort: 9103 - name: 9103tcp02 - protocol: TCP - resources: - requests: - cpu: 10m - memory: 32Mi - limits: - cpu: 10m - memory: 32Mi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /etc/bareos - name: bareos-sd-infra-local-claim0 - - mountPath: /var/lib/bareos/storage - name: bareos-sd-infra-local-claim1 - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - serviceAccount: bareos-sa - serviceAccountName: bareos-sa - terminationGracePeriodSeconds: 30 - volumes: - - name: bareos-sd-infra-local-claim0 - persistentVolumeClaim: - claimName: bareos-sd-infra-local-claim0 - - name: bareos-sd-infra-local-claim1 - persistentVolumeClaim: - claimName: bareos-sd-infra-local-claim1 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: bareos - role: aio - name: bareos-aio - namespace: bareos -spec: - progressDeadlineSeconds: 600 - replicas: 0 - selector: - matchLabels: - app: bareos - role: aio - strategy: - type: Recreate - template: - metadata: - labels: - app: bareos - role: aio - spec: - containers: - - env: - - name: TZ - value: Europe/Rome - - name: DB_INIT - value: "false" #should be 'true' if bareos db does not exist - - name: DB_UPDATE - value: "false" - - name: DB_HOST - value: bareos-db-svc - - name: DB_PORT - value: "5432" - - name: DB_USER - value: bareos - - name: BAREOS_SD_HOST - value: bareos-sd.infra.local - - name: BAREOS_FD_HOST - value: bareos-fd - - name: SMTP_HOST - value: "" - # name: Optional you can gets backup notification via Slack or Telegram - - name: WEBHOOK_NOTIFICATION - value: "true" # true or false if set to true email notification gets disabled - - name: WEBHOOK_TYPE - value: slack # choose slack or telegram - #- name: WEBHOOK_CHAT_ID= # for telegram only set the - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: bareos-secret - key: db_password - - name: DB_ADMIN_USER - valueFrom: - secretKeyRef: - name: bareos-secret - key: db_admin_user - - name: DB_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: bareos-secret - key: db_admin_password - - name: BAREOS_SD_PASSWORD - valueFrom: - secretKeyRef: - name: bareos-secret - key: bareos_sd_password - - name: BAREOS_FD_PASSWORD - valueFrom: - secretKeyRef: - name: bareos-secret - key: bareos_fd_password - - name: BAREOS_WEBUI_PASSWORD - valueFrom: - secretKeyRef: - name: bareos-secret - key: bareos_webui_password - - name: ADMIN_MAIL - valueFrom: - secretKeyRef: - name: bareos-secret - key: admin_mail - - name: WEBHOOK_URL - valueFrom: - secretKeyRef: - name: bareos-secret - key: webhook_url - image: barcus/bareos-director:21-ubuntu-pgsql - imagePullPolicy: Always - name: bareos-dir - ports: - - containerPort: 9101 - name: 9101tcp - protocol: TCP - resources: - requests: - cpu: 10m - memory: 16Mi - limits: - cpu: 10m - memory: 16Mi - securityContext: {} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /etc/bareos - name: bareos-dir-config - - mountPath: /var/lib/bareos - name: bareos-dir-catalog - - name: bareos-fd - image: barcus/bareos-client:21-ubuntu - imagePullPolicy: Always - env: - - name: TZ - value: Europe/Rome - - name: BAREOS_FD_PASSWORD - valueFrom: - secretKeyRef: - name: bareos-secret - key: bareos_fd_password - resources: - requests: - cpu: 10m - memory: 16Mi - limits: - cpu: 10m - memory: 16Mi - volumeMounts: - - mountPath: /etc/bareos - name: bareos-client-config - - mountPath: /var/lib/bareos-director - name: bareos-dir-catalog - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - serviceAccount: bareos-sa - serviceAccountName: bareos-sa - terminationGracePeriodSeconds: 30 - volumes: - - name: bareos-dir-config - persistentVolumeClaim: - claimName: bareos-dir-config-vol - - name: bareos-dir-catalog - persistentVolumeClaim: - claimName: bareos-dir-catalog-vol - - name: bareos-client-config - persistentVolumeClaim: - claimName: bareos-client-config-vol diff --git a/apps/old_kubenuc/bareos/manifests/kustomization.yaml b/apps/old_kubenuc/bareos/manifests/kustomization.yaml deleted file mode 100644 index 0a0b57dd..00000000 --- a/apps/old_kubenuc/bareos/manifests/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: bareos -resources: -- namespace.yml -- deployment.yml -- service.yml -- secret.yml -- serviceaccount.yml -- statefulset.yml -- pvc.yml diff --git a/apps/old_kubenuc/bareos/manifests/namespace.yml b/apps/old_kubenuc/bareos/manifests/namespace.yml deleted file mode 100644 index edb55225..00000000 --- a/apps/old_kubenuc/bareos/manifests/namespace.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: bareos -spec: {} -status: {} diff --git a/apps/old_kubenuc/bareos/manifests/pvc.yml b/apps/old_kubenuc/bareos/manifests/pvc.yml deleted file mode 100644 index bd83e94d..00000000 --- a/apps/old_kubenuc/bareos/manifests/pvc.yml +++ /dev/null @@ -1,87 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - io.kompose.service: bareos-sd-infra-local-claim0 - name: bareos-sd-infra-local-claim0 -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Mi - storageClassName: local-hostpath - volumeMode: Filesystem ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - io.kompose.service: bareos-sd-infra-local-claim1 - name: bareos-sd-infra-local-claim1 -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Ti - storageClassName: backup-hostpath - volumeMode: Filesystem - volumeName: pvc-64e73745-c6da-41c8-829e-6af3f38e8988 ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: bareos-dir-config-vol - namespace: bareos -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Mi - storageClassName: local-hostpath - volumeMode: Filesystem ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: bareos-dir-catalog-vol - namespace: bareos -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Mi - storageClassName: local-hostpath - volumeMode: Filesystem ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: bareos-client-config-vol - namespace: bareos -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Mi - storageClassName: local-hostpath - volumeMode: Filesystem ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: bareos-db-vol - namespace: bareos -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Mi - storageClassName: local-hostpath - volumeMode: Filesystem diff --git a/apps/old_kubenuc/bareos/manifests/secret.yml b/apps/old_kubenuc/bareos/manifests/secret.yml deleted file mode 100644 index 2c318014..00000000 --- a/apps/old_kubenuc/bareos/manifests/secret.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: bareos-secret -spec: - itemPath: "vaults/k8s_secrets/items/bareos_secret" diff --git a/apps/old_kubenuc/bareos/manifests/service.yml b/apps/old_kubenuc/bareos/manifests/service.yml deleted file mode 100644 index abfb4517..00000000 --- a/apps/old_kubenuc/bareos/manifests/service.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: bareos-sd-infra-local - namespace: bareos -spec: - externalTrafficPolicy: Cluster - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - name: "9103" - nodePort: 30000 - port: 9103 - protocol: TCP - targetPort: 9103 - selector: - io.kompose.service: bareos-sd-infra-local - sessionAffinity: None - type: NodePort -status: - loadBalancer: {} ---- -apiVersion: v1 -kind: Service -metadata: - name: bareos-db-svc - namespace: bareos -spec: - ports: - - port: 5432 - name: psql - clusterIP: None - selector: - app: bareos - role: db diff --git a/apps/old_kubenuc/bareos/manifests/serviceaccount.yml b/apps/old_kubenuc/bareos/manifests/serviceaccount.yml deleted file mode 100644 index 2017f4f5..00000000 --- a/apps/old_kubenuc/bareos/manifests/serviceaccount.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: bareos-sa diff --git a/apps/old_kubenuc/bareos/manifests/statefulset.yml b/apps/old_kubenuc/bareos/manifests/statefulset.yml deleted file mode 100644 index 746fb86c..00000000 --- a/apps/old_kubenuc/bareos/manifests/statefulset.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - app: bareos - role: db - name: bareos-db - namespace: bareos -spec: - selector: - matchLabels: - app: bareos - role: db - serviceName: "bareos-db-svc" - replicas: 1 - minReadySeconds: 10 - template: - metadata: - labels: - app: bareos - role: db - spec: - terminationGracePeriodSeconds: 10 - containers: - - name: bareos-db - image: postgres:12 - ports: - - containerPort: 5432 - name: psql - volumeMounts: - - name: data - mountPath: /var/lib/postgresql/data - env: - - name: TZ - value: Europe/Rome - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: bareos-secret - key: db_admin_user - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: bareos-secret - key: db_admin_password - - name: POSTGRES_INITDB_ARGS - value: --encoding=SQL_ASCII - volumes: - - name: data - persistentVolumeClaim: - claimName: bareos-db-vol diff --git a/apps/old_kubenuc/cloudflare/cloudflared.yml b/apps/old_kubenuc/cloudflare/cloudflared.yml deleted file mode 100644 index de90f580..00000000 --- a/apps/old_kubenuc/cloudflare/cloudflared.yml +++ /dev/null @@ -1,125 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: cloudflared - namespace: cloudflare - labels: - group: cloudflare -spec: - selector: - matchLabels: - app: cloudflared - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - template: - metadata: - labels: - app: cloudflared - group: cloudflare - spec: - tolerations: - - key: node-role.kubernetes.io/control-plane - operator: "Exists" - effect: "NoSchedule" - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/master - operator: In - values: - - "true" - containers: - - name: cloudflared - image: cloudflare/cloudflared:2024.4.1 - args: - - tunnel - - --config - - /etc/cloudflared/config/config.yaml - - run - livenessProbe: - httpGet: - path: /ready - port: 2000 - failureThreshold: 1 - initialDelaySeconds: 10 - periodSeconds: 10 - volumeMounts: - - name: config - mountPath: /etc/cloudflared/config - readOnly: true - - name: creds - mountPath: /etc/cloudflared/creds - readOnly: true - - name: cert - mountPath: /etc/cloudflared - readOnly: true - volumes: - - name: creds - secret: - # By default, the credentials file will be created under ~/.cloudflared/.json - # when you run `cloudflared tunnel create`. You can move it into a secret by using: - # ```sh - # kubectl create secret generic tunnel-credentials \ - # --from-file=credentials.json=/Users/yourusername/.cloudflared/.json - # ``` - secretName: tunnel-credentials - # Create a config.yaml file from the ConfigMap below. - - name: config - configMap: - name: cloudflared - items: - - key: config.yaml - path: config.yaml - - name: cert - secret: - secretName: tunnel-pem ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: cloudflared - namespace: cloudflare - labels: - group: cloudflare -data: - config.yaml: | - # Name of the tunnel you want to run - tunnel: kub - credentials-file: /etc/cloudflared/creds/credentials.json - # Serves the metrics server under /metrics and the readiness server under /ready - metrics: 0.0.0.0:2000 - # Autoupdates applied in a k8s pod will be lost when the pod is removed or restarted, so - # autoupdate doesn't make sense in Kubernetes. However, outside of Kubernetes, we strongly - # recommend using autoupdate. - no-autoupdate: true - # The `ingress` block tells cloudflared which local service to route incoming - # requests to. For more about ingress rules, see - # https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/ingress - # - # Remember, these rules route traffic from cloudflared to a local service. To route traffic - # from the internet to cloudflared, run `cloudflared tunnel route dns `. - # E.g. `cloudflared tunnel route dns example-tunnel tunnel.example.com`. - ingress: - - hostname: "*.ddlns.net" - service: https://ingress-nginx-controller.ingress-nginx.svc.cluster.local:443 - originRequest: - originServerName: ddlns.net - - hostname: "*.example.dev" - service: https://traefik.ingress.svc.cluster.local:443 - originRequest: - originServerName: example.dev - # The first rule proxies traffic to the httpbin sample Service defined in app.yaml - #- hostname: tunnel.example.com - # service: http://web-service:80 - # This rule sends traffic to the built-in hello-world HTTP server. This can help debug connectivity - # issues. If hello.example.com resolves and tunnel.example.com does not, then the problem is - # in the connection from cloudflared to your local service, not from the internet to cloudflared. - #- hostname: hello.example.com - # service: hello_world - # This rule matches any traffic which didn't match a previous rule, and responds with HTTP 404. - - service: http_status:404 diff --git a/apps/old_kubenuc/film-tv-exporter/deploy.yaml b/apps/old_kubenuc/film-tv-exporter/deploy.yaml deleted file mode 100644 index 87cf6ffd..00000000 --- a/apps/old_kubenuc/film-tv-exporter/deploy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: film-tv-app - namespace: flux-system -spec: - interval: 15m - sourceRef: - kind: GitRepository - name: flux-system - path: ./apps/kubenuc/film-tv-exporter/manifests - prune: true diff --git a/apps/old_kubenuc/film-tv-exporter/manifests/deployment.yaml b/apps/old_kubenuc/film-tv-exporter/manifests/deployment.yaml deleted file mode 100644 index c11d606d..00000000 --- a/apps/old_kubenuc/film-tv-exporter/manifests/deployment.yaml +++ /dev/null @@ -1,192 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: radarr-exporter - name: radarr-exporter -spec: - replicas: 0 - selector: - matchLabels: - app: radarr-exporter - strategy: {} - template: - metadata: - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '9708' - labels: - app: radarr-exporter - spec: - containers: - - image: ghcr.io/onedr0p/exportarr:v1.1.0 - name: radarr-exporter - args: ["radarr"] - env: - - name: LOG_LEVEL - value: "WARN" - - name: PORT - value: "9708" - - name: URL - valueFrom: - secretKeyRef: - name: film-tv-secret - key: radarr_url - - name: APIKEY - valueFrom: - secretKeyRef: - name: film-tv-secret - key: radarr_api_key - ports: - - containerPort: 9708 - resources: - requests: - cpu: 50m - memory: 64Mi - limits: - cpu: 100m - memory: 128Mi - securityContext: - runAsUser: 10001 - runAsGroup: 10001 - allowPrivilegeEscalation: false - runAsNonRoot: true - capabilities: - drop: - - all - readOnlyRootFilesystem: true - serviceAccount: tv-exporter - serviceAccountName: tv-exporter - securityContext: - runAsNonRoot: true - runAsUser: 10001 - runAsGroup: 10001 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: lidarr-exporter - name: lidarr-exporter -spec: - replicas: 0 - selector: - matchLabels: - app: lidarr-exporter - strategy: {} - template: - metadata: - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '9709' - labels: - app: lidarr-exporter - spec: - containers: - - image: ghcr.io/onedr0p/exportarr:v1.1.0 - name: lidarr-exporter - args: ["lidarr"] - env: - - name: LOG_LEVEL - value: "WARN" - - name: PORT - value: "9709" - - name: URL - valueFrom: - secretKeyRef: - name: film-tv-secret - key: lidarr_url - - name: APIKEY - valueFrom: - secretKeyRef: - name: film-tv-secret - key: lidarr_api_key - ports: - - containerPort: 9709 - resources: - requests: - cpu: 50m - memory: 64Mi - limits: - cpu: 100m - memory: 128Mi - securityContext: - runAsUser: 10001 - runAsGroup: 10001 - allowPrivilegeEscalation: false - runAsNonRoot: true - capabilities: - drop: - - all - readOnlyRootFilesystem: true - serviceAccount: tv-exporter - serviceAccountName: tv-exporter - securityContext: - runAsNonRoot: true - runAsUser: 10001 - runAsGroup: 10001 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: sonarr-exporter - name: sonarr-exporter -spec: - replicas: 0 - selector: - matchLabels: - app: sonarr-exporter - strategy: {} - template: - metadata: - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '9707' - labels: - app: sonarr-exporter - spec: - containers: - - image: ghcr.io/onedr0p/exportarr:v1.1.0 - name: sonarr-exporter - args: ["sonarr"] - env: - - name: LOG_LEVEL - value: "WARN" - - name: PORT - value: "9707" - - name: URL - valueFrom: - secretKeyRef: - name: film-tv-secret - key: sonarr_url - - name: APIKEY - valueFrom: - secretKeyRef: - name: film-tv-secret - key: sonarr_api_key - ports: - - containerPort: 9707 - resources: - requests: - cpu: 50m - memory: 64Mi - limits: - cpu: 100m - memory: 128Mi - securityContext: - runAsUser: 10001 - runAsGroup: 10001 - allowPrivilegeEscalation: false - runAsNonRoot: true - capabilities: - drop: - - all - readOnlyRootFilesystem: true - serviceAccount: tv-exporter - serviceAccountName: tv-exporter - securityContext: - runAsNonRoot: true - runAsUser: 10001 - runAsGroup: 10001 diff --git a/apps/old_kubenuc/film-tv-exporter/manifests/kustomization.yaml b/apps/old_kubenuc/film-tv-exporter/manifests/kustomization.yaml deleted file mode 100644 index d8c13646..00000000 --- a/apps/old_kubenuc/film-tv-exporter/manifests/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: film-tv -resources: -- namespace.yaml -- deployment.yaml -- secret.yaml -- serviceaccount.yaml diff --git a/apps/old_kubenuc/film-tv-exporter/manifests/namespace.yaml b/apps/old_kubenuc/film-tv-exporter/manifests/namespace.yaml deleted file mode 100644 index 4ab50647..00000000 --- a/apps/old_kubenuc/film-tv-exporter/manifests/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: film-tv diff --git a/apps/old_kubenuc/film-tv-exporter/manifests/secret.yaml b/apps/old_kubenuc/film-tv-exporter/manifests/secret.yaml deleted file mode 100644 index b90372fd..00000000 --- a/apps/old_kubenuc/film-tv-exporter/manifests/secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: film-tv-secret -spec: - itemPath: "vaults/k8s_secrets/items/film_tv_secret" diff --git a/apps/old_kubenuc/film-tv-exporter/manifests/serviceaccount.yaml b/apps/old_kubenuc/film-tv-exporter/manifests/serviceaccount.yaml deleted file mode 100644 index 15b01fd9..00000000 --- a/apps/old_kubenuc/film-tv-exporter/manifests/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tv-exporter diff --git a/apps/old_kubenuc/fluxcd/notifications.yaml b/apps/old_kubenuc/fluxcd/notifications.yaml deleted file mode 100644 index a84ea2c4..00000000 --- a/apps/old_kubenuc/fluxcd/notifications.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -apiVersion: notification.toolkit.fluxcd.io/v1beta3 -kind: Provider -metadata: - name: slack - namespace: flux-system -spec: - type: slack - channel: infrastructure - secretRef: - name: slack-url ---- -apiVersion: notification.toolkit.fluxcd.io/v1beta3 -kind: Alert -metadata: - name: fluxcd-notifications - namespace: flux-system -spec: - summary: "cluster status" - providerRef: - name: slack - eventMetadata: - env: "production" - cluster: "kubenuc" - region: "milan" - eventSeverity: info - eventSources: - - kind: GitRepository - name: '*' - - kind: Kustomization - name: charts - - kind: HelmRelease - name: '*' -# - kind: Kustomization -# name: '*' \ No newline at end of file diff --git a/apps/old_kubenuc/fluxcd/secrets.yaml b/apps/old_kubenuc/fluxcd/secrets.yaml deleted file mode 100644 index 78873dec..00000000 --- a/apps/old_kubenuc/fluxcd/secrets.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: slack-secrets - namespace: flux-system -spec: - interval: 15m - sourceRef: - kind: GitRepository - name: flux-system - path: ./apps/kubenuc/fluxcd/secrets - prune: true diff --git a/apps/old_kubenuc/fluxcd/secrets/kustomization.yaml b/apps/old_kubenuc/fluxcd/secrets/kustomization.yaml deleted file mode 100644 index 7f211358..00000000 --- a/apps/old_kubenuc/fluxcd/secrets/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: flux-system -resources: -- slack-secret.yml diff --git a/apps/old_kubenuc/fluxcd/secrets/slack-secret.yml b/apps/old_kubenuc/fluxcd/secrets/slack-secret.yml deleted file mode 100644 index b9085ffa..00000000 --- a/apps/old_kubenuc/fluxcd/secrets/slack-secret.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: slack-url -spec: - itemPath: "vaults/k8s_secrets/items/slack-url" diff --git a/apps/old_kubenuc/harbor/release.yml b/apps/old_kubenuc/harbor/release.yml deleted file mode 100644 index 896efa52..00000000 --- a/apps/old_kubenuc/harbor/release.yml +++ /dev/null @@ -1,75 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: harbor - namespace: harbor -spec: - interval: 15m - maxHistory: 20 - chart: - spec: - chart: harbor - version: ">=1.0.0" - sourceRef: - kind: HelmRepository - name: harbor-charts - namespace: flux-system - interval: 15m - install: - createNamespace: true - remediation: - retries: 6 - upgrade: - remediation: - retries: 6 - values: - externalURL: https://harbor.ddlns.net - core: - resources: - requests: - memory: 256Mi - cpu: 100m - portal: - resources: - requests: - memory: 256Mi - cpu: 100m - metrics: - enabled: "true" - # registry: - # podAnnotations: - # prometheus.io/scrape: "true" - # prometheus.io/path: "/metrics" - # prometheus.io/port: "8001" - notary: - enabled: false - expose: - ingress: - annotations: - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/client-max-body-size: "0" - nginx.ingress.kubernetes.io/proxy-body-size: "0" - hosts: - core: "harbor.ddlns.net" - tls: - enabled: "true" - secretName: "harbor-ingress-certificate" - type: ingress - database: - type: external - external: - host: "postgresql-nuc-cluster.databases.svc.cluster.local" - port: "5432" - username: "harbor" - existingSecret: "harbor-secrets" - sslmode: "require" - jobservice: - nodeSelector: - kubernetes.io/hostname: "kubenuc" - redis: - internal: - resources: - requests: - memory: 256Mi - cpu: 100m diff --git a/apps/old_kubenuc/harbor/secrets.yaml b/apps/old_kubenuc/harbor/secrets.yaml deleted file mode 100644 index 35cef83d..00000000 --- a/apps/old_kubenuc/harbor/secrets.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: harbor-secrets - namespace: flux-system -spec: - interval: 15m - sourceRef: - kind: GitRepository - name: flux-system - path: ./apps/kubenuc/harbor/secrets - prune: true diff --git a/apps/old_kubenuc/harbor/secrets/harbor-secret.yml b/apps/old_kubenuc/harbor/secrets/harbor-secret.yml deleted file mode 100644 index 0b04ab9c..00000000 --- a/apps/old_kubenuc/harbor/secrets/harbor-secret.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: harbor-secrets -spec: - itemPath: "vaults/k8s_secrets/items/harbor_keys" diff --git a/apps/old_kubenuc/harbor/secrets/kustomization.yaml b/apps/old_kubenuc/harbor/secrets/kustomization.yaml deleted file mode 100644 index 3ab80fc8..00000000 --- a/apps/old_kubenuc/harbor/secrets/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: harbor -resources: -- harbor-secret.yml diff --git a/apps/old_kubenuc/intel-gpu-plugin/release.yml b/apps/old_kubenuc/intel-gpu-plugin/release.yml deleted file mode 100644 index ee1ecdda..00000000 --- a/apps/old_kubenuc/intel-gpu-plugin/release.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: intel-gpu-plugin - namespace: intel-gpu-plugin -spec: - interval: 15m - maxHistory: 20 - chart: - spec: - chart: intel-gpu-plugin - version: 4.4.2 - sourceRef: - kind: HelmRepository - name: k8s-at-home-charts - namespace: flux-system - interval: 15m - install: - createNamespace: true - remediation: - retries: 6 - upgrade: - remediation: - retries: 6 - values: - env: - TZ: "Europe/Rome" - common: - nodeSelector: - gputype: "intel" diff --git a/apps/old_kubenuc/jellyfin/release.yml b/apps/old_kubenuc/jellyfin/release.yml deleted file mode 100644 index 0c41d826..00000000 --- a/apps/old_kubenuc/jellyfin/release.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: jellyfin - namespace: jellyfin -spec: - interval: 15m - maxHistory: 20 - chart: - spec: - chart: jellyfin - version: ">=9.4.2" - sourceRef: - kind: HelmRepository - name: k8s-at-home-charts - namespace: flux-system - interval: 15m - install: - createNamespace: true - remediation: - retries: 5 - upgrade: - remediation: - retries: 5 - values: - image: - tag: 10.8.13 - env: - JELLYFIN_PublishedServerUrl: jellyfin - TZ: Europe/Rome - resources: - requests: - gpu.intel.com/i915: 1 - limits: - gpu.intel.com/i915: 1 - ingress: - main: - ingressClassName: nginx - annotations: - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/ssl-redirect: "true" - enabled: true - hosts: - - host: tv.ddlns.net - paths: - - path: / - pathType: Prefix - tls: - - secretName: mydomain-production - hosts: - - tv.ddlns.net - persistence: - config: - enabled: true - storageClass: local-hostpath diff --git a/apps/old_kubenuc/jenkins/release.yml b/apps/old_kubenuc/jenkins/release.yml deleted file mode 100644 index dd7e2efe..00000000 --- a/apps/old_kubenuc/jenkins/release.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: jenkins - namespace: jenkins -spec: - interval: 15m - maxHistory: 20 - chart: - spec: - chart: jenkins - version: ">=10.2.5" - sourceRef: - kind: HelmRepository - name: bitnami-chart - namespace: flux-system - interval: 15m - install: - createNamespace: true - remediation: - retries: 5 - upgrade: - remediation: - retries: 5 - values: - nodeSelector: - kubernetes.io/hostname: "kubenuc" - ingress: - annotations: 'cert-manager.io/cluster-issuer: letsencrypt' - enabled: true - hostname: jenkins.ddlns.net - tls: true - jenkinsUser: admin - service: - type: ClusterIP - resources: - limits: - cpu: 2 - memory: 10Gi - requests: - cpu: 300m - memory: 2Gi diff --git a/apps/old_kubenuc/longhorn/release.yml b/apps/old_kubenuc/longhorn/release.yml deleted file mode 100644 index cb0ff59e..00000000 --- a/apps/old_kubenuc/longhorn/release.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: longhorn - namespace: longhorn-system -spec: - interval: 15m - maxHistory: 20 - chart: - spec: - chart: longhorn - sourceRef: - kind: HelmRepository - name: longhorn - namespace: flux-system - interval: 15m - install: - createNamespace: true - remediation: - retries: 6 - upgrade: - remediation: - retries: 6 - values: - persistence: - defaultClass: false - reclaimPolicy: Retain - longhornManager: - nodeSelector: - storage: "dynamic" - longhornDriver: - nodeSelector: - storage: "dynamic" - longhornUI: - nodeSelector: - storage: "dynamic" - defaultSettings: - createDefaultDiskLabeledNodes: true - ingress: - enabled: true - ingressClassName: nginx - host: lhui.ddlns.net - tls: true - secureBackends: false - tlsSecret: longhornui-tls - path: / - annotations: - cert-manager.io/cluster-issuer: "letsencrypt" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" diff --git a/apps/old_kubenuc/mediaserver/deploy-app.yaml b/apps/old_kubenuc/mediaserver/deploy-app.yaml deleted file mode 100644 index cfc26f76..00000000 --- a/apps/old_kubenuc/mediaserver/deploy-app.yaml +++ /dev/null @@ -1,12 +0,0 @@ -#apiVersion: kustomize.toolkit.fluxcd.io/v1 -#kind: Kustomization -#metadata: -# name: mediaserver-app -# namespace: flux-system -#spec: -# interval: 15m -# sourceRef: -# kind: GitRepository -# name: flux-system -# path: ./apps/kubenuc/mediaserver/manifests -# prune: true diff --git a/apps/old_kubenuc/mediaserver/manifests/operator-crds.yml b/apps/old_kubenuc/mediaserver/manifests/operator-crds.yml deleted file mode 100644 index f61da548..00000000 --- a/apps/old_kubenuc/mediaserver/manifests/operator-crds.yml +++ /dev/null @@ -1,369 +0,0 @@ -#apiVersion: v1 -#kind: Namespace -#metadata: -# labels: -# control-plane: controller-manager -# name: k8s-mediaserver-operator-system -#--- -#apiVersion: apiextensions.k8s.io/v1 -#kind: CustomResourceDefinition -#metadata: -# name: k8smediaservers.charts.kubealex.com -#spec: -# group: charts.kubealex.com -# names: -# kind: K8SMediaserver -# listKind: K8SMediaserverList -# plural: k8smediaservers -# singular: k8smediaserver -# scope: Namespaced -# versions: -# - name: v1 -# schema: -# openAPIV3Schema: -# description: K8SMediaserver is the Schema for the k8smediaservers API -# properties: -# apiVersion: -# description: 'APIVersion defines the versioned schema of this representation -# of an object. Servers should convert recognized schemas to the latest -# internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' -# type: string -# kind: -# description: 'Kind is a string value representing the REST resource this -# object represents. Servers may infer this from the endpoint the client -# submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' -# type: string -# metadata: -# type: object -# spec: -# description: Spec defines the desired state of K8SMediaserver -# type: object -# x-kubernetes-preserve-unknown-fields: true -# status: -# description: Status defines the observed state of K8SMediaserver -# type: object -# x-kubernetes-preserve-unknown-fields: true -# type: object -# served: true -# storage: true -# subresources: -# status: {} -#--- -#apiVersion: v1 -#kind: ServiceAccount -#metadata: -# name: k8s-mediaserver-operator-controller-manager -# namespace: k8s-mediaserver-operator-system -#--- -#apiVersion: rbac.authorization.k8s.io/v1 -#kind: Role -#metadata: -# name: k8s-mediaserver-operator-leader-election-role -# namespace: k8s-mediaserver-operator-system -#rules: -#- apiGroups: -# - "" -# resources: -# - configmaps -# verbs: -# - get -# - list -# - watch -# - create -# - update -# - patch -# - delete -#- apiGroups: -# - coordination.k8s.io -# resources: -# - leases -# verbs: -# - get -# - list -# - watch -# - create -# - update -# - patch -# - delete -#- apiGroups: -# - "" -# resources: -# - events -# verbs: -# - create -# - patch -#--- -#apiVersion: rbac.authorization.k8s.io/v1 -#kind: ClusterRole -#metadata: -# name: k8s-mediaserver-operator-manager-role -#rules: -#- apiGroups: -# - "" -# resources: -# - namespaces -# verbs: -# - get -#- apiGroups: -# - "" -# resources: -# - secrets -# verbs: -# - '*' -#- apiGroups: -# - "" -# resources: -# - events -# verbs: -# - create -#- apiGroups: -# - charts.kubealex.com -# resources: -# - k8smediaservers -# - k8smediaservers/status -# - k8smediaservers/finalizers -# verbs: -# - create -# - delete -# - get -# - list -# - patch -# - update -# - watch -#- apiGroups: -# - "" -# resources: -# - pods -# - services -# - services/finalizers -# - endpoints -# - persistentvolumeclaims -# - events -# - configmaps -# - secrets -# verbs: -# - create -# - delete -# - get -# - list -# - patch -# - update -# - watch -#- apiGroups: -# - apps -# resources: -# - deployments -# - daemonsets -# - replicasets -# - statefulsets -# verbs: -# - create -# - delete -# - get -# - list -# - patch -# - update -# - watch -#- apiGroups: -# - networking.k8s.io -# resources: -# - ingresses -# verbs: -# - create -# - delete -# - get -# - list -# - patch -# - update -# - watch -#--- -#apiVersion: rbac.authorization.k8s.io/v1 -#kind: ClusterRole -#metadata: -# name: k8s-mediaserver-operator-metrics-reader -#rules: -#- nonResourceURLs: -# - /metrics -# verbs: -# - get -#--- -#apiVersion: rbac.authorization.k8s.io/v1 -#kind: ClusterRole -#metadata: -# name: k8s-mediaserver-operator-proxy-role -#rules: -#- apiGroups: -# - authentication.k8s.io -# resources: -# - tokenreviews -# verbs: -# - create -#- apiGroups: -# - authorization.k8s.io -# resources: -# - subjectaccessreviews -# verbs: -# - create -#--- -#apiVersion: rbac.authorization.k8s.io/v1 -#kind: RoleBinding -#metadata: -# name: k8s-mediaserver-operator-leader-election-rolebinding -# namespace: k8s-mediaserver-operator-system -#roleRef: -# apiGroup: rbac.authorization.k8s.io -# kind: Role -# name: k8s-mediaserver-operator-leader-election-role -#subjects: -#- kind: ServiceAccount -# name: k8s-mediaserver-operator-controller-manager -# namespace: k8s-mediaserver-operator-system -#--- -#apiVersion: rbac.authorization.k8s.io/v1 -#kind: ClusterRoleBinding -#metadata: -# name: k8s-mediaserver-operator-manager-rolebinding -#roleRef: -# apiGroup: rbac.authorization.k8s.io -# kind: ClusterRole -# name: k8s-mediaserver-operator-manager-role -#subjects: -#- kind: ServiceAccount -# name: k8s-mediaserver-operator-controller-manager -# namespace: k8s-mediaserver-operator-system -#--- -#apiVersion: rbac.authorization.k8s.io/v1 -#kind: ClusterRoleBinding -#metadata: -# name: k8s-mediaserver-operator-proxy-rolebinding -#roleRef: -# apiGroup: rbac.authorization.k8s.io -# kind: ClusterRole -# name: k8s-mediaserver-operator-proxy-role -#subjects: -#- kind: ServiceAccount -# name: k8s-mediaserver-operator-controller-manager -# namespace: k8s-mediaserver-operator-system -#--- -#apiVersion: v1 -#data: -# controller_manager_config.yaml: | -# apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 -# kind: ControllerManagerConfig -# health: -# healthProbeBindAddress: :8081 -# metrics: -# bindAddress: 127.0.0.1:8080 -# -# leaderElection: -# leaderElect: true -# resourceName: 811c9dc5.kubealex.com -# # leaderElectionReleaseOnCancel defines if the leader should step down volume -# # when the Manager ends. This requires the binary to immediately end when the -# # Manager is stopped, otherwise, this setting is unsafe. Setting this significantly -# # speeds up voluntary leader transitions as the new leader don't have to wait -# # LeaseDuration time first. -# # In the default scaffold provided, the program ends immediately after -# # the manager stops, so would be fine to enable this option. However, -# # if you are doing or is intended to do any operation such as perform cleanups -# # after the manager stops then its usage might be unsafe. -# # leaderElectionReleaseOnCancel: true -#kind: ConfigMap -#metadata: -# name: k8s-mediaserver-operator-manager-config -# namespace: k8s-mediaserver-operator-system -#--- -#apiVersion: v1 -#kind: Service -#metadata: -# labels: -# control-plane: controller-manager -# name: k8s-mediaserver-operator-controller-manager-metrics-service -# namespace: k8s-mediaserver-operator-system -#spec: -# ports: -# - name: https -# port: 8443 -# protocol: TCP -# targetPort: https -# selector: -# control-plane: controller-manager -#--- -#apiVersion: apps/v1 -#kind: Deployment -#metadata: -# labels: -# control-plane: controller-manager -# name: k8s-mediaserver-operator-controller-manager -# namespace: k8s-mediaserver-operator-system -#spec: -# replicas: 0 -# selector: -# matchLabels: -# control-plane: controller-manager -# template: -# metadata: -# annotations: -# kubectl.kubernetes.io/default-container: manager -# labels: -# control-plane: controller-manager -# spec: -# containers: -# - args: -# - --secure-listen-address=0.0.0.0:8443 -# - --upstream=http://127.0.0.1:8080/ -# - --logtostderr=true -# - --v=0 -# image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0 -# name: kube-rbac-proxy -# ports: -# - containerPort: 8443 -# name: https -# protocol: TCP -# resources: -# limits: -# cpu: 500m -# memory: 128Mi -# requests: -# cpu: 5m -# memory: 64Mi -# securityContext: -# allowPrivilegeEscalation: false -# capabilities: -# drop: -# - ALL -# - args: -# - --health-probe-bind-address=:8081 -# - --metrics-bind-address=127.0.0.1:8080 -# - --leader-elect -# - --leader-election-id=k8s-mediaserver-operator -# image: quay.io/kubealex/k8s-mediaserver-operator:v0.8.0 -# livenessProbe: -# httpGet: -# path: /healthz -# port: 8081 -# initialDelaySeconds: 15 -# periodSeconds: 20 -# name: manager -# readinessProbe: -# httpGet: -# path: /readyz -# port: 8081 -# initialDelaySeconds: 5 -# periodSeconds: 10 -# resources: -# limits: -# cpu: 500m -# memory: 512Mi -# requests: -# cpu: 10m -# memory: 64Mi -# securityContext: -# allowPrivilegeEscalation: false -# capabilities: -# drop: -# - ALL -# securityContext: -# runAsNonRoot: true -# serviceAccountName: k8s-mediaserver-operator-controller-manager -# terminationGracePeriodSeconds: 10 diff --git a/apps/old_kubenuc/mediaserver/manifests/release.yml b/apps/old_kubenuc/mediaserver/manifests/release.yml deleted file mode 100644 index 3c933ea8..00000000 --- a/apps/old_kubenuc/mediaserver/manifests/release.yml +++ /dev/null @@ -1,109 +0,0 @@ -##apiVersion: charts.kubealex.com/v1 -##kind: K8SMediaserver -##metadata: -## name: k8smediaserver -##spec: - # Default values copied from /helm-charts/k8s-mediaserver/values.yaml -## general: -## image_tag: latest -## ingress: -## ingressClassName: nginx -## annotations: -## nginx.ingress.kubernetes.io/client-max-body-size: "1024m" -## nginx.ingress.kubernetes.io/proxy-body-size: "1024m" -## ingress_host: mediaserver.ddlns.net -## pgid: 1000 -## plex_ingress_host: plex.ddlns.net -## puid: 1000 -## storage: -## customVolume: true - # pvcName: mediaserver-pvc - # pvcStorageClass: synology - # size: 5Gi -## subPaths: -## config: config -## downloads: downloads -## movies: Film -## tv: Serie-TV -## volumes: -## nfs: -## server: 10.10.8.5 -## path: /volume2/video -## jackett: -## container: -## nodeSelector: {} -## port: 9117 -## enabled: true -## ingress: -## annotations: {} -## enabled: true -## path: /jackett -## tls: -## enabled: false -## secretName: "" -## resources: -## requests: -## cpu: 100m -## memory: 128Mi -## limits: -## cpu: 100m -## memory: 256Mi -## service: -## extraLBService: false -## nodePort: null -## port: 9117 -## type: ClusterIP -## plex: -## enabled: false -## radarr: -## container: -## nodeSelector: {} -## port: 7878 -## enabled: true -## ingress: -## annotations: {} -## enabled: true -## path: /radarr -## tls: -## enabled: false -## secretName: "" -## resources: -## requests: -## cpu: 100m -## memory: 128Mi -## limits: -## cpu: 100m -## memory: 256Mi -## service: -## extraLBService: false -## nodePort: null -## port: 7878 -## type: ClusterIP -## sabnzbd: -## enabled: false -## sonarr: -## container: -## nodeSelector: {} -## port: 8989 -## enabled: true -## ingress: -## annotations: {} -## enabled: true -## path: /sonarr -## tls: -## enabled: false -## secretName: "" -## resources: -## requests: -## cpu: 100m -## memory: 256Mi -## limits: -## cpu: 100m -## memory: 512Mi -## service: -## extraLBService: false -## nodePort: null -## port: 8989 -## type: ClusterIP -## transmission: -## enabled: false diff --git a/apps/old_kubenuc/minio/release.yml b/apps/old_kubenuc/minio/release.yml deleted file mode 100644 index ce43b8f1..00000000 --- a/apps/old_kubenuc/minio/release.yml +++ /dev/null @@ -1,79 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: minio-operator - namespace: minio-operator -spec: - interval: 15m - maxHistory: 20 - chart: - spec: - chart: operator - version: "5.0.11" - sourceRef: - kind: HelmRepository - name: minio-operator - namespace: flux-system - interval: 15m - install: - createNamespace: true - remediation: - retries: 6 - upgrade: - remediation: - retries: 6 - values: - console: - ingress: - enabled: true - ingressClassName: "nginx" - host: console.minio.ddlns.net - path: / - pathType: Prefix ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: minio-tenant - namespace: nextcloud-fastnetserv -spec: - interval: 15m - maxHistory: 20 - chart: - spec: - chart: tenant - version: "5.0.11" - sourceRef: - kind: HelmRepository - name: minio-operator - namespace: flux-system - interval: 15m - install: - remediation: - retries: 6 - upgrade: - remediation: - retries: 6 - values: - tenant: - name: s3-nx - pools: - - servers: 3 - name: pool-0 - volumesPerServer: 4 - size: 10Gi - storageClassName: longhorn - ingress: - api: - enabled: true - ingressClassName: "nginx" - host: nx.minio.ddlns.net - path: / - pathType: Prefix - console: - enabled: true - ingressClassName: "nginx" - host: nx.minio-console.ddlns.net - path: / - pathType: Prefix diff --git a/apps/old_kubenuc/net-mon/deploy.yaml b/apps/old_kubenuc/net-mon/deploy.yaml deleted file mode 100644 index eec49d79..00000000 --- a/apps/old_kubenuc/net-mon/deploy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: net-mon - namespace: flux-system -spec: - interval: 15m - sourceRef: - kind: GitRepository - name: flux-system - path: ./apps/kubenuc/net-mon/manifests - prune: true diff --git a/apps/old_kubenuc/net-mon/manifests/configmap.yaml b/apps/old_kubenuc/net-mon/manifests/configmap.yaml deleted file mode 100644 index 98e7e11c..00000000 --- a/apps/old_kubenuc/net-mon/manifests/configmap.yaml +++ /dev/null @@ -1,63 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: net-mon-configmap - labels: - app: network-exporter -data: - network_exporter.yml: | - conf: - refresh: 15m - nameserver: 10.10.8.1:53 - - icmp: - interval: 3s - timeout: 1s - count: 6 - - mtr: - interval: 3s - timeout: 500ms - max-hops: 30 - count: 6 - - cp: - interval: 3s - timeout: 1s - - http_get: - interval: 15m - timeout: 5s - - targets: - - name: internal - host: 10.10.8.1 - type: ICMP - probe: - - hostname1 - - hostname2 - - name: google-dns1 - host: 8.8.8.8 - type: ICMP - - name: google-dns2 - host: 8.8.4.4 - type: MTR - - name: cloudflare-dns - host: 1.1.1.1 - type: ICMP+MTR - - name: cloudflare-dns-https - host: 1.1.1.1:443 - type: TCP - - name: opendns-1 - host: 208.67.220.220 - type: ICMP - - name: fw-bras - host: 10.2.3.82 - type: ICMP - # - name: download-file-64M - # host: http://test-debit.free.fr/65536.rnd - # type: HTTPGet - # - name: download-file-64M-proxy - # host: http://test-debit.free.fr/65536.rnd - # type: HTTPGet diff --git a/apps/old_kubenuc/net-mon/manifests/deployment.yaml b/apps/old_kubenuc/net-mon/manifests/deployment.yaml deleted file mode 100644 index feeba349..00000000 --- a/apps/old_kubenuc/net-mon/manifests/deployment.yaml +++ /dev/null @@ -1,56 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: network-exporter - name: network-exporter -spec: - replicas: 0 - selector: - matchLabels: - app: network-exporter - template: - metadata: - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '9427' - labels: - app: network-exporter - spec: - containers: - - image: syepes/network_exporter - name: network-exporter - volumeMounts: - - mountPath: /network_exporter.yml - name: net-mon-config - subPath: network_exporter.yml - ports: - - containerPort: 9427 - resources: - requests: - cpu: 50m - memory: 64Mi - limits: - cpu: 100m - memory: 128Mi - securityContext: - runAsUser: 10001 - runAsGroup: 10001 - allowPrivilegeEscalation: false - runAsNonRoot: true - capabilities: - drop: - - all - readOnlyRootFilesystem: true - volumes: - - name: net-mon-config - configMap: - name: net-mon-configmap - optional: true - serviceAccount: net-sa - serviceAccountName: net-sa - securityContext: - runAsNonRoot: true - runAsUser: 10001 - runAsGroup: 10001 diff --git a/apps/old_kubenuc/net-mon/manifests/kustomization.yaml b/apps/old_kubenuc/net-mon/manifests/kustomization.yaml deleted file mode 100644 index 874a17f6..00000000 --- a/apps/old_kubenuc/net-mon/manifests/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: net-mon -resources: -- namespace.yaml -- configmap.yaml -- deployment.yaml -- serviceaccount.yaml diff --git a/apps/old_kubenuc/net-mon/manifests/namespace.yaml b/apps/old_kubenuc/net-mon/manifests/namespace.yaml deleted file mode 100644 index 91ef47c3..00000000 --- a/apps/old_kubenuc/net-mon/manifests/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: net-mon diff --git a/apps/old_kubenuc/net-mon/manifests/serviceaccount.yaml b/apps/old_kubenuc/net-mon/manifests/serviceaccount.yaml deleted file mode 100644 index 727cc291..00000000 --- a/apps/old_kubenuc/net-mon/manifests/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: net-sa diff --git a/apps/old_kubenuc/nextcloud/release.yml b/apps/old_kubenuc/nextcloud/release.yml deleted file mode 100644 index f3683c2f..00000000 --- a/apps/old_kubenuc/nextcloud/release.yml +++ /dev/null @@ -1,165 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease -metadata: - name: nextcloud - namespace: nextcloud-fastnetserv -spec: - interval: 15m - maxHistory: 20 - chart: - spec: - chart: nextcloud - version: ">=4.5.0" - sourceRef: - kind: HelmRepository - name: nextcloud - namespace: flux-system - interval: 15m - install: - createNamespace: true - remediation: - retries: 5 - upgrade: - remediation: - retries: 5 - values: - nodeSelector: - kubernetes.io/hostname: "kubenuc" - image: - tag: stable-apache - pullPolicy: Always - podAnnotations: - backup.velero.io/backup-volumes: "nextcloud-main" - ingress: - enabled: true - className: nginx - annotations: - cert-manager.io/cluster-issuer: "letsencrypt" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/client-max-body-size: "0" - nginx.ingress.kubernetes.io/proxy-body-size: "0" - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" - tls: - - secretName: nx-fastnet-tls - hosts: - - nx.fastnetserv.cloud - nextcloud: - host: nx.fastnetserv.cloud - ## Use an existing secret - existingSecret: - enabled: true - secretName: nextcloud - usernameKey: nextcloud-username - passwordKey: nextcloud-password - configs: - reverse-proxy.config.php: |- - 'https', - 'trusted_proxies' => ['10.10.8.20'], - 'default_phone_region' => 'IT', - 'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'), - 'maintenance_window_start' => 1, - ); - resources: - requests: - cpu: 300m - memory: 256Mi - limits: - memory: 4096Mi - internalDatabase: - enabled: false - externalDatabase: - enabled: true - ## Use a existing secret - existingSecret: - enabled: true - secretName: nextcloud-db-secret - usernameKey: db-username - passwordKey: db-password - mariadb: - nodeSelector: - kubernetes.io/hostname: "kubenuc" - enabled: true - primary: - persistence: - enabled: true - resources: - limits: - memory: 1024Mi - requests: - cpu: 500m - memory: 1024Mi - auth: - existingSecret: nextcloud-mariadb - database: nextcloud - username: nextcloud - redis: - enabled: true - persistence: - storageClass: longhorn - master: - resources: - limits: - memory: 1024Mi - requests: - cpu: 500m - memory: 1024Mi - replica: - replicaCount: 1 - resources: - limits: - cpu: 500m - memory: 1024Mi - requests: - cpu: 500m - memory: 1024Mi - persistence: - enabled: true - size: 100Gi - metrics: - enabled: false - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9205" - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 500m - memory: 512Mi - cronjob: - enabled: true diff --git a/apps/old_kubenuc/nextcloud/secrets.yaml b/apps/old_kubenuc/nextcloud/secrets.yaml deleted file mode 100644 index f3fa1283..00000000 --- a/apps/old_kubenuc/nextcloud/secrets.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: nextcloud-secrets - namespace: flux-system -spec: - interval: 15m - sourceRef: - kind: GitRepository - name: flux-system - path: ./apps/kubenuc/nextcloud/secrets - prune: true diff --git a/apps/old_kubenuc/nextcloud/secrets/kustomization.yaml b/apps/old_kubenuc/nextcloud/secrets/kustomization.yaml deleted file mode 100644 index d79192dd..00000000 --- a/apps/old_kubenuc/nextcloud/secrets/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: nextcloud-fastnetserv -resources: -- nextcloud-db-secret.yml -- nextcloud-mariadb-secret.yml -- nextcloud-secret.yml diff --git a/apps/old_kubenuc/nextcloud/secrets/nextcloud-db-secret.yml b/apps/old_kubenuc/nextcloud/secrets/nextcloud-db-secret.yml deleted file mode 100644 index f0d2f488..00000000 --- a/apps/old_kubenuc/nextcloud/secrets/nextcloud-db-secret.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: nextcloud-db-secret -spec: - itemPath: "vaults/k8s_secrets/items/Fastnetserv_Nextcloud_DB" diff --git a/apps/old_kubenuc/nextcloud/secrets/nextcloud-mariadb-secret.yml b/apps/old_kubenuc/nextcloud/secrets/nextcloud-mariadb-secret.yml deleted file mode 100644 index 1c736a92..00000000 --- a/apps/old_kubenuc/nextcloud/secrets/nextcloud-mariadb-secret.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: nextcloud-mariadb -spec: - itemPath: "vaults/k8s_secrets/items/Fastnetserv_Nextcloud_MariaDB" diff --git a/apps/old_kubenuc/nextcloud/secrets/nextcloud-secret.yml b/apps/old_kubenuc/nextcloud/secrets/nextcloud-secret.yml deleted file mode 100644 index b825b79b..00000000 --- a/apps/old_kubenuc/nextcloud/secrets/nextcloud-secret.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: nextcloud -spec: - itemPath: "vaults/k8s_secrets/items/Fastnetserv_Nextcloud" diff --git a/apps/old_kubenuc/nfs-sc/kustomization.yaml b/apps/old_kubenuc/nfs-sc/kustomization.yaml deleted file mode 100644 index cfcc523d..00000000 --- a/apps/old_kubenuc/nfs-sc/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: storage -resources: - - namespace.yml - - release.yml diff --git a/apps/old_kubenuc/nfs-sc/namespace.yml b/apps/old_kubenuc/nfs-sc/namespace.yml deleted file mode 100644 index b9a7b013..00000000 --- a/apps/old_kubenuc/nfs-sc/namespace.yml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: storage diff --git a/apps/old_kubenuc/nfs-sc/release.yml b/apps/old_kubenuc/nfs-sc/release.yml deleted file mode 100644 index 8cb19fa0..00000000 --- a/apps/old_kubenuc/nfs-sc/release.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: nfs-sc - namespace: storage -spec: - interval: 15m - maxHistory: 20 - chart: - spec: - chart: nfs-subdir-external-provisioner - version: ">=4.0.17" - sourceRef: - kind: HelmRepository - name: kubernetes-sigs-chart - namespace: flux-system - interval: 15m - install: - createNamespace: true - remediation: - retries: 5 - upgrade: - remediation: - retries: 5 - values: - replicaCount: 0 - nfs: - server: 10.10.8.5 - path: /volume2/video - volumeName: syno-nfs - storageClass: - name: synology - reclaimPolicy: Retain diff --git a/apps/old_kubenuc/nginx-ingress/release.yml b/apps/old_kubenuc/nginx-ingress/release.yml deleted file mode 100644 index 81f14855..00000000 --- a/apps/old_kubenuc/nginx-ingress/release.yml +++ /dev/null @@ -1,104 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: ingress-nginx - namespace: ingress-nginx -spec: - interval: 15m - maxHistory: 20 - chart: - spec: - chart: ingress-nginx - version: ">=4.3.0 <5.0.0" - sourceRef: - kind: HelmRepository - name: ingress-nginx - namespace: flux-system - interval: 15m - install: - createNamespace: true - remediation: - retries: 5 - upgrade: - remediation: - retries: 5 - values: - controller: - replicaCount: 3 - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - ingress-nginx - - key: app.kubernetes.io/instance - operator: In - values: - - ingress-nginx - - key: app.kubernetes.io/component - operator: In - values: - - controller - topologyKey: "kubernetes.io/hostname" - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "10254" - prometheus.io/path: "/metrics" - ingressClassResource: - default: true - # Crowdsec Bouncer -# extraVolumes: -# - name: crowdsec-bouncer-plugin -# emptyDir: {} -# extraInitContainers: -# - name: init-clone-crowdsec-bouncer -# image: crowdsecurity/lua-bouncer-plugin -# imagePullPolicy: IfNotPresent -# env: -# - name: API_URL -# value: "http://crowdsec-service.crowdsec.svc.cluster.local:8080" # crowdsec lapi service-name -# - name: API_KEY -# value: "ca1b317b077cccee224a840a47218867" # generated with `cscli bouncers add -n -# - name: DISABLE_RUN -# value: "true" -# - name: BOUNCER_CONFIG -# value: "/crowdsec/crowdsec-bouncer.conf" -# #- name: SECRET_KEY -# # value: "" # If you want captcha support otherwise remove this ENV VAR -# #- name: SITE_KEY -# # value: "" # If you want captcha support otherwise remove this ENV VAR -# - name: BAN_TEMPLATE_PATH -# value: /etc/nginx/lua/plugins/crowdsec/templates/ban.html -# - name: CAPTCHA_TEMPLATE_PATH -# value: /etc/nginx/lua/plugins/crowdsec/templates/captcha.html -# command: ['sh', '-c', "sed -i 's/${IS_LUALIB_IMAGE,,}/$IS_LUALIB_IMAGE/' docker_start.sh; sh /docker_start.sh; mkdir -p /lua_plugins/crowdsec/; cp -R /crowdsec/* /lua_plugins/crowdsec/"] -# volumeMounts: -# - name: crowdsec-bouncer-plugin -# mountPath: /lua_plugins -# extraVolumeMounts: -# - name: crowdsec-bouncer-plugin -# mountPath: /etc/nginx/lua/plugins/crowdsec -# subPath: crowdsec - setAsDefaultIngress: true - config: -# plugins: "crowdsec" -# lua-shared-dicts: "crowdsec_cache: 50m" -# server-snippet : | -# lua_ssl_trusted_certificate "/etc/ssl/certs/ca-certificates.crt"; # If you want captcha support otherwise remove this line -# resolver local=on ipv6=off; # If you want captcha support otherwise remove this line - entries: - client-max-body-size: "0" - enable-real-ip: "true" - use-forwarded-headers: "true" - compute-full-forwarded-for: "true" - service: - externalTrafficPolicy: "Local" - # -- UDP service key-value pairs - ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/exposing-tcp-udp-services.md - ## - udp: - "3478": "unifi/unifi:3478" diff --git a/apps/old_kubenuc/nut/deploy.yaml b/apps/old_kubenuc/nut/deploy.yaml deleted file mode 100644 index 0b8cb02b..00000000 --- a/apps/old_kubenuc/nut/deploy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: nut-exporter - namespace: flux-system -spec: - interval: 15m - sourceRef: - kind: GitRepository - name: flux-system - path: ./apps/kubenuc/nut/manifests - prune: true diff --git a/apps/old_kubenuc/nut/manifests/deployment.yaml b/apps/old_kubenuc/nut/manifests/deployment.yaml deleted file mode 100644 index f885a078..00000000 --- a/apps/old_kubenuc/nut/manifests/deployment.yaml +++ /dev/null @@ -1,56 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: nut-exporter - name: nut-exporter -spec: - replicas: 1 - selector: - matchLabels: - app: nut-exporter - template: - metadata: - labels: - app: nut-exporter - spec: - containers: - - image: hon95/prometheus-nut-exporter:stable@sha256:0ed2a78084a627c2290a90b8fad3d7bcb62620d87dab941badd0eb4678119a48 - name: nut-exporter - env: - - name: TZ - value: Europe/Rome - - name: HTTP_PATH - value: /metrics - # Defaults - #- RUST_LOG=info - #- HTTP_PORT=9995 - #- HTTP_PATH=/nut - #- LOG_REQUESTS_CONSOLE=false - #- PRINT_METRICS_AND_EXIT=false - ports: - - containerPort: 9995 - resources: - requests: - cpu: 5m - memory: 8Mi - limits: - cpu: 10m - memory: 16Mi - imagePullPolicy: Always - securityContext: - runAsUser: 10001 - runAsGroup: 10001 - allowPrivilegeEscalation: false - runAsNonRoot: true - capabilities: - drop: - - all - readOnlyRootFilesystem: true - serviceAccount: nut-sa - serviceAccountName: nut-sa - securityContext: - runAsNonRoot: true - runAsUser: 10001 - runAsGroup: 10001 diff --git a/apps/old_kubenuc/nut/manifests/kustomization.yaml b/apps/old_kubenuc/nut/manifests/kustomization.yaml deleted file mode 100644 index 6b6d7383..00000000 --- a/apps/old_kubenuc/nut/manifests/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: nut -resources: -- namespace.yaml -- deployment.yaml -- serviceaccount.yaml diff --git a/apps/old_kubenuc/nut/manifests/namespace.yaml b/apps/old_kubenuc/nut/manifests/namespace.yaml deleted file mode 100644 index 1ed66081..00000000 --- a/apps/old_kubenuc/nut/manifests/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: nut diff --git a/apps/old_kubenuc/nut/manifests/serviceaccount.yaml b/apps/old_kubenuc/nut/manifests/serviceaccount.yaml deleted file mode 100644 index 701c11cf..00000000 --- a/apps/old_kubenuc/nut/manifests/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: nut-sa diff --git a/apps/old_kubenuc/portainer/release.yml b/apps/old_kubenuc/portainer/release.yml deleted file mode 100644 index 3f746357..00000000 --- a/apps/old_kubenuc/portainer/release.yml +++ /dev/null @@ -1,63 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: portainer - namespace: portainer -spec: - interval: 15m - maxHistory: 20 - chart: - spec: - chart: portainer - version: ">=1.0.35" - sourceRef: - kind: HelmRepository - name: portainer-charts - namespace: flux-system - interval: 15m - install: - createNamespace: true - remediation: - retries: 6 - upgrade: - remediation: - retries: 6 - values: - enterpriseEdition: - enabled: true - - service: - type: ClusterIP - - tls: - force: true - - ingress: - enabled: true - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/backend-protocol: HTTPS - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/proxy-read-timeout: "240" - hosts: - - host: portainer.ddlns.net - paths: - - path: / - tls: - - secretName: portainer-tls - hosts: - - portainer.ddlns.net - - persistence: - enabled: true - size: 10Gi - accessMode: ReadWriteOnce - - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 200m - memory: 512Mi diff --git a/apps/old_kubenuc/postgresql/deploy.yaml b/apps/old_kubenuc/postgresql/deploy.yaml deleted file mode 100644 index 9af0f369..00000000 --- a/apps/old_kubenuc/postgresql/deploy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: postgresql - namespace: flux-system -spec: - interval: 15m - sourceRef: - kind: GitRepository - name: flux-system - path: ./apps/kubenuc/postgresql/manifests - prune: true diff --git a/apps/old_kubenuc/postgresql/manifests/db.yaml b/apps/old_kubenuc/postgresql/manifests/db.yaml deleted file mode 100644 index bc379de4..00000000 --- a/apps/old_kubenuc/postgresql/manifests/db.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: "acid.zalan.do/v1" -kind: postgresql -metadata: - name: postgresql-nuc-cluster - namespace: databases -spec: - teamId: "ddlns" - volume: - size: 10Gi - storageClass: "longhorn" - numberOfInstances: 3 - postgresql: - version: "15" diff --git a/apps/old_kubenuc/postgresql/release.yml b/apps/old_kubenuc/postgresql/release.yml deleted file mode 100644 index 1ae7bfbb..00000000 --- a/apps/old_kubenuc/postgresql/release.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: postgres-operator - namespace: databases -spec: - interval: 15m - maxHistory: 20 - chart: - spec: - chart: postgres-operator - version: ">=1.0.35" - sourceRef: - kind: HelmRepository - name: postgres-operator-charts - namespace: flux-system - interval: 15m - install: - createNamespace: true - remediation: - retries: 6 - upgrade: - remediation: - retries: 6 - values: - configKubernetes: - cluster_name_label: ranchernuc diff --git a/apps/old_kubenuc/sendgrid/deploy.yaml b/apps/old_kubenuc/sendgrid/deploy.yaml deleted file mode 100644 index 0f5f4763..00000000 --- a/apps/old_kubenuc/sendgrid/deploy.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: sendgrid-exporter - namespace: flux-system -spec: - interval: 15m - sourceRef: - kind: GitRepository - name: flux-system - path: ./apps/kubenuc/sendgrid/manifests - prune: true diff --git a/apps/old_kubenuc/sendgrid/manifests/deployment.yaml b/apps/old_kubenuc/sendgrid/manifests/deployment.yaml deleted file mode 100644 index 880bb6dd..00000000 --- a/apps/old_kubenuc/sendgrid/manifests/deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: sendgrid-exporter - name: sendgrid-exporter -spec: - replicas: 1 - selector: - matchLabels: - app: sendgrid-exporter - template: - metadata: - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '9091' - labels: - app: sendgrid-exporter - spec: - containers: - - image: riccardopomato/sendgrid-statistics-exporter@sha256:1e06c724a105c60e72ccee60ee68ad7123c5957e6b3176648798bea8df6c11fd - name: sendgrid-exporter - env: - - name: METRICS_ENDPOINT - value: "/metrics" - - name: LISTEN_ADDR - value: "0.0.0.0:9091" - - name: SENDGRID_API_KEY - valueFrom: - secretKeyRef: - name: sendgrid-secret - key: sendgrid_api_key - ports: - - containerPort: 9091 - resources: - requests: - cpu: 50m - memory: 64Mi - limits: - cpu: 100m - memory: 128Mi - imagePullPolicy: Always - securityContext: - runAsUser: 10001 - runAsGroup: 10001 - allowPrivilegeEscalation: false - runAsNonRoot: true - capabilities: - drop: - - all - readOnlyRootFilesystem: true - serviceAccount: sendgrid-sa - serviceAccountName: sendgrid-sa - securityContext: - runAsNonRoot: true - runAsUser: 10001 - runAsGroup: 10001 diff --git a/apps/old_kubenuc/sendgrid/manifests/kustomization.yaml b/apps/old_kubenuc/sendgrid/manifests/kustomization.yaml deleted file mode 100644 index d586fb7e..00000000 --- a/apps/old_kubenuc/sendgrid/manifests/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: sendgrid -resources: -- namespace.yaml -- deployment.yaml -- secret.yaml -- serviceaccount.yaml diff --git a/apps/old_kubenuc/sendgrid/manifests/namespace.yaml b/apps/old_kubenuc/sendgrid/manifests/namespace.yaml deleted file mode 100644 index 138f4472..00000000 --- a/apps/old_kubenuc/sendgrid/manifests/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: sendgrid diff --git a/apps/old_kubenuc/sendgrid/manifests/secret.yaml b/apps/old_kubenuc/sendgrid/manifests/secret.yaml deleted file mode 100644 index c9da1643..00000000 --- a/apps/old_kubenuc/sendgrid/manifests/secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: sendgrid-secret -spec: - itemPath: "vaults/k8s_secrets/items/sendgrid_secret" diff --git a/apps/old_kubenuc/sendgrid/manifests/serviceaccount.yaml b/apps/old_kubenuc/sendgrid/manifests/serviceaccount.yaml deleted file mode 100644 index 515fce78..00000000 --- a/apps/old_kubenuc/sendgrid/manifests/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: sendgrid-sa diff --git a/apps/old_kubenuc/sso/release.yml b/apps/old_kubenuc/sso/release.yml deleted file mode 100644 index 45d94f8e..00000000 --- a/apps/old_kubenuc/sso/release.yml +++ /dev/null @@ -1,137 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: authentik - namespace: sso -spec: - interval: 15m - maxHistory: 20 - chart: - spec: - chart: authentik - version: "2024.2.1" - sourceRef: - kind: HelmRepository - name: goauthentik-chart - namespace: flux-system - interval: 15m - install: - createNamespace: true - remediation: - retries: 5 - upgrade: - remediation: - retries: 5 - values: - server: - initContainers: - dbCheck: - name: check-db-ready - image: postgres:15 - command: ["sh", "-c", - "until pg_isready -h ${AUTHENTIK_POSTGRESQL__HOST} -p 5432; - do echo waiting for database; sleep 2; done;"] - env: - - name: AUTHENTIK_POSTGRESQL__HOST - valueFrom: - secretKeyRef: - key: PG_HOST - name: sso-secrets - - init-db: - name: init-db - image: postgres:15 - imagePullPolicy: Always - command: ["sh", "-c", " - psql -U ${PGUSERNAME} -h ${AUTHENTIK_POSTGRESQL__HOST} -c 'CREATE DATABASE authentik;' - -c \"CREATE USER authentik WITH ENCRYPTED PASSWORD '${AUTHENTIK_POSTGRESQL__PASSWORD}';\" - -c 'GRANT ALL PRIVILEGES ON DATABASE authentik TO authentik;' - -c '\\c authentik postgres' - -c 'GRANT ALL ON SCHEMA public TO authentik;'"] - env: - - name: AUTHENTIK_POSTGRESQL__HOST - valueFrom: - secretKeyRef: - key: PG_HOST - name: sso-secrets - - name: AUTHENTIK_POSTGRESQL__PASSWORD - valueFrom: - secretKeyRef: - key: PG_PASS - name: sso-secrets - - name: PGUSERNAME - valueFrom: - secretKeyRef: - key: PGUSERNAME - name: sso-secrets - - name: PGPASSWORD - valueFrom: - secretKeyRef: - key: PGPASSWORD - name: sso-secrets - - requests: - cpu: 500m - memory: 1Gi - limits: - cpu: 2000m - memory: 2Gi - - ingress: - ingressClassName: nginx - enabled: true - hosts: - - sso.ddlns.net - annotations: - cert-manager.io/cluster-issuer: "letsencrypt" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - tls: - - secretName: sso-tls - hosts: - - sso.ddlns.net - - global: - env: - - name: PG_PASS - valueFrom: - secretKeyRef: - key: PG_PASS - name: sso-secrets - - name: AUTHENTIK_SECRET_KEY - valueFrom: - secretKeyRef: - key: AUTHENTIK_SECRET_KEY - name: sso-secrets - - name: AUTHENTIK_POSTGRESQL__HOST - valueFrom: - secretKeyRef: - key: PG_HOST - name: sso-secrets - - name: AUTHENTIK_POSTGRESQL__PASSWORD - valueFrom: - secretKeyRef: - key: PG_PASS - name: sso-secrets - - postgresql: - enabled: false - - redis: - enabled: true - architecture: replication - master: - persistence: - storageClass: "longhorn" - replica: - persistence: - storageClass: "longhorn" - - worker: - requests: - cpu: 500m - memory: 1Gi - limits: - cpu: 2000m - memory: 2Gi diff --git a/apps/old_kubenuc/sso/secrets.yaml b/apps/old_kubenuc/sso/secrets.yaml deleted file mode 100644 index 4edd67bb..00000000 --- a/apps/old_kubenuc/sso/secrets.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: sso-secrets - namespace: flux-system -spec: - interval: 15m - sourceRef: - kind: GitRepository - name: flux-system - path: ./apps/kubenuc/sso/secrets - prune: true diff --git a/apps/old_kubenuc/sso/secrets/kustomization.yaml b/apps/old_kubenuc/sso/secrets/kustomization.yaml deleted file mode 100644 index bd2c94bc..00000000 --- a/apps/old_kubenuc/sso/secrets/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: sso -resources: -- sso-secret.yml diff --git a/apps/old_kubenuc/sso/secrets/sso-secret.yml b/apps/old_kubenuc/sso/secrets/sso-secret.yml deleted file mode 100644 index 1b699b6c..00000000 --- a/apps/old_kubenuc/sso/secrets/sso-secret.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: sso-secrets -spec: - itemPath: "vaults/k8s_secrets/items/sso_keys" diff --git a/apps/old_kubenuc/sysdig-agent/kustomization.yaml b/apps/old_kubenuc/sysdig-agent/kustomization.yaml deleted file mode 100644 index dcd1c030..00000000 --- a/apps/old_kubenuc/sysdig-agent/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: sysdig-agent -resources: - - ../../common/sysdig-agent -patchesStrategicMerge: - - release.yml diff --git a/apps/old_kubenuc/sysdig-agent/release.yml b/apps/old_kubenuc/sysdig-agent/release.yml deleted file mode 100644 index 411d2805..00000000 --- a/apps/old_kubenuc/sysdig-agent/release.yml +++ /dev/null @@ -1,122 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: sysdig-deploy - namespace: sysdig-agent -spec: - maxHistory: 20 - chart: - spec: - chart: sysdig-deploy - version: ">=1.3.29" - install: - createNamespace: true - remediation: - retries: 5 - timeout: 30m - upgrade: - remediation: - retries: 50 - timeout: 30m - values: - global: - clusterConfig: - name: "ranchernuc" - sysdig: - region: "eu1" - kspm: - deploy: true - - kspmCollector: - probes: - initialDelay: 30 - - agent: - ebpf: - enabled: true - kind: universal_ebpf - resourceProfile: custom - resources: - limits: - memory: 2Gi - sysdig: - settings: - #feature: - # mode: secure_light - #secure_audit_streams: - # debug: true - drift_killer: - enabled: true - cri: - socket_path: /run/k3s/containerd/containerd.sock - log: - #file_priority: info - #console_priority: info - #event_priority: info - file_priority: warning - console_priority: warning - event_priority: warning - file_priority_by_component: - - "cm_socket_endpoint: debug" - - "endpoint: debug: debug" - - "conn_mgr: debug: debug" - - "connection_manager: debug" - - "cm_collector_endpoint: debug" - prometheus: - enabled: true - prom_service_discovery: true - jmx: - enabled: false - - prometheus: - file: true - yaml: - global: - scrape_interval: 10s - scrape_configs: - - job_name: 'nut' - static_configs: - # Insert NUT server address here - - targets: ['10.10.8.5:3493'] - metrics_path: /metrics - relabel_configs: - - source_labels: [__address__] - target_label: __param_target - - source_labels: [__param_target] - target_label: instance - - target_label: __address__ - # Insert NUT exporter address here - replacement: 10.10.8.20:9995 - - nodeAnalyzer: - nodeAnalyzer: - imageAnalyzer: - deploy: false - containerdSocketPath: unix:///run/k3s/containerd/containerd.sock - extraVolumes: - volumes: - - name: socketpath - hostPath: - path: /run/k3s/containerd/containerd.sock - type: "" - benchmarkRunner: - deploy: false - runtimeScanner: - deploy: true - resources: - limits: - cpu: 300m - settings: - eveEnabled: true - extraMounts: - - name: socketpath - mountPath: /var/run/containerd/containerd.sock - hostScanner: - deploy: true - secure: - vulnerabilityManagement: - newEngineOnly: true - - rapidResponse: - enabled: true diff --git a/apps/old_kubenuc/sysdig-agent/secrets.yaml b/apps/old_kubenuc/sysdig-agent/secrets.yaml deleted file mode 100644 index 86fad0bb..00000000 --- a/apps/old_kubenuc/sysdig-agent/secrets.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: sysdig-agent-secrets - namespace: flux-system -spec: - interval: 15m - sourceRef: - kind: GitRepository - name: flux-system - path: ./apps/kubenuc/sysdig-agent/secrets - prune: true diff --git a/apps/old_kubenuc/sysdig-agent/secrets/agent-secret.yml b/apps/old_kubenuc/sysdig-agent/secrets/agent-secret.yml deleted file mode 100644 index 4dee9395..00000000 --- a/apps/old_kubenuc/sysdig-agent/secrets/agent-secret.yml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: sysdig-agent -spec: - itemPath: "vaults/k8s_secrets/items/Agent_EU" ---- -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: sysdig-rapid-response -spec: - itemPath: "vaults/k8s_secrets/items/Rapid_Response_US-East" ---- -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: sysdig-agent-api -spec: - itemPath: "vaults/k8s_secrets/items/API_Secure_EU" diff --git a/apps/old_kubenuc/sysdig-agent/secrets/kustomization.yaml b/apps/old_kubenuc/sysdig-agent/secrets/kustomization.yaml deleted file mode 100644 index c2943496..00000000 --- a/apps/old_kubenuc/sysdig-agent/secrets/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: sysdig-agent -resources: -- agent-secret.yml diff --git a/apps/old_kubenuc/sysdig-harbor-scanner/release.yml b/apps/old_kubenuc/sysdig-harbor-scanner/release.yml deleted file mode 100644 index 9728a3b7..00000000 --- a/apps/old_kubenuc/sysdig-harbor-scanner/release.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: harbor-scanner-sysdig-secure - namespace: harbor-scanner-sysdig-secure -spec: - interval: 15m - maxHistory: 20 - chart: - spec: - chart: harbor-scanner-sysdig-secure - version: 0.4.0 - sourceRef: - kind: HelmRepository - name: sysdig-charts - namespace: flux-system - interval: 15m - install: - createNamespace: true - remediation: - retries: 6 - upgrade: - remediation: - retries: 6 - values: - asyncMode: - enabled: true - sysdig: - secure: - existingSecureAPITokenSecret: "harbor-scanner-sysdig-secure" - url: "https://eu1.app.sysdig.com" diff --git a/apps/old_kubenuc/sysdig-harbor-scanner/secrets.yaml b/apps/old_kubenuc/sysdig-harbor-scanner/secrets.yaml deleted file mode 100644 index 29080f62..00000000 --- a/apps/old_kubenuc/sysdig-harbor-scanner/secrets.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: harbor-scanner-secret - namespace: flux-system -spec: - interval: 15m - sourceRef: - kind: GitRepository - name: flux-system - path: ./apps/kubenuc/sysdig-agent/secrets - prune: true diff --git a/apps/old_kubenuc/sysdig-harbor-scanner/secrets/harbor-scanner-secret.yml b/apps/old_kubenuc/sysdig-harbor-scanner/secrets/harbor-scanner-secret.yml deleted file mode 100644 index 5817396f..00000000 --- a/apps/old_kubenuc/sysdig-harbor-scanner/secrets/harbor-scanner-secret.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: harbor-scanner-sysdig-secure -spec: - itemPath: "vaults/k8s_secrets/items/API_Harbor_Secure_EU" diff --git a/apps/old_kubenuc/sysdig-harbor-scanner/secrets/kustomization.yaml b/apps/old_kubenuc/sysdig-harbor-scanner/secrets/kustomization.yaml deleted file mode 100644 index f3ef9bcf..00000000 --- a/apps/old_kubenuc/sysdig-harbor-scanner/secrets/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: harbor-scanner-sysdig-secure -resources: -- harbor-scanner-secret.yml diff --git a/apps/old_kubenuc/system-upgrade-controller/deploy-app.yaml b/apps/old_kubenuc/system-upgrade-controller/deploy-app.yaml deleted file mode 100644 index f68b3e84..00000000 --- a/apps/old_kubenuc/system-upgrade-controller/deploy-app.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: system-upgrade - namespace: flux-system -spec: - interval: 15m - sourceRef: - kind: GitRepository - name: flux-system - path: ./apps/kubenuc/system-upgrade-controller/manifests - prune: true diff --git a/apps/old_kubenuc/system-upgrade-controller/manifests/kustomization.yaml b/apps/old_kubenuc/system-upgrade-controller/manifests/kustomization.yaml deleted file mode 100644 index 33cb262c..00000000 --- a/apps/old_kubenuc/system-upgrade-controller/manifests/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: system-upgrade -resources: -- plan.yml diff --git a/apps/old_kubenuc/system-upgrade-controller/manifests/plan.yml b/apps/old_kubenuc/system-upgrade-controller/manifests/plan.yml deleted file mode 100644 index a394cab4..00000000 --- a/apps/old_kubenuc/system-upgrade-controller/manifests/plan.yml +++ /dev/null @@ -1,42 +0,0 @@ -# Server plan -apiVersion: upgrade.cattle.io/v1 -kind: Plan -metadata: - name: server-plan - namespace: system-upgrade -spec: - concurrency: 1 - cordon: true - nodeSelector: - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: In - values: - - "true" - serviceAccountName: system-upgrade - upgrade: - image: rancher/k3s-upgrade - version: v1.26.11+k3s2 ---- -# Agent plan -apiVersion: upgrade.cattle.io/v1 -kind: Plan -metadata: - name: agent-plan - namespace: system-upgrade -spec: - concurrency: 1 - cordon: true - nodeSelector: - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: DoesNotExist - prepare: - args: - - prepare - - server-plan - image: rancher/k3s-upgrade - serviceAccountName: system-upgrade - upgrade: - image: rancher/k3s-upgrade - version: v1.26.11+k3s2 diff --git a/apps/old_kubenuc/unifi/release-poller.yml b/apps/old_kubenuc/unifi/release-poller.yml deleted file mode 100644 index 3c66bdbf..00000000 --- a/apps/old_kubenuc/unifi/release-poller.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: unifi-poller - namespace: unifi -spec: - interval: 15m - maxHistory: 20 - chart: - spec: - chart: unifi-poller - version: 11.1.2 - sourceRef: - kind: HelmRepository - name: k8s-at-home-charts - namespace: flux-system - interval: 15m - install: - createNamespace: true - remediation: - retries: 6 - upgrade: - remediation: - retries: 6 - values: - image: - repository: ghcr.io/unpoller/unpoller - tag: v2.9.5 - env: - TZ: Europe/Rome - persistence: - config: - enabled: true - type: custom - volumeSpec: - secret: - secretName: unifi-poller-secret - subPath: - - path: up.conf - mountPath: /etc/unpoller/up.conf - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9130" - prometheus.io/path: "/metrics" diff --git a/apps/old_kubenuc/unifi/release-unifi.yml b/apps/old_kubenuc/unifi/release-unifi.yml deleted file mode 100644 index b84d3af0..00000000 --- a/apps/old_kubenuc/unifi/release-unifi.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: unifi - namespace: unifi -spec: - interval: 15m - maxHistory: 20 - chart: - spec: - chart: unifi - version: ">=5.1.2" - sourceRef: - kind: HelmRepository - name: k8s-at-home-charts - namespace: flux-system - interval: 15m - install: - createNamespace: true - remediation: - retries: 6 - upgrade: - remediation: - retries: 6 - values: - image: - tag: v8 - pullPolicy: Always - env: - TZ: Europe/Rome - ingress: - main: - ingressClassName: nginx - enabled: true - annotations: - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/ssl-redirect: "false" - nginx.ingress.kubernetes.io/whitelist-source-range: 10.10.0.0/24,10.10.8.0/24,192.168.1.0/24,192.168.2.0/24 - hosts: - - host: unifi.ddlns.net - paths: - - path: / - pathType: Prefix - tls: - - secretName: unifi-ssl - hosts: - - unifi.ddlns.net - persistence: - data: - enabled: true - mountPath: /unifi - storageClass: local-hostpath - accessMode: ReadWriteOnce - size: 10Gi diff --git a/apps/old_kubenuc/unifi/secrets.yaml b/apps/old_kubenuc/unifi/secrets.yaml deleted file mode 100644 index 6cb93e56..00000000 --- a/apps/old_kubenuc/unifi/secrets.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: unifi-poller-secrets - namespace: flux-system -spec: - interval: 15m - sourceRef: - kind: GitRepository - name: flux-system - path: ./apps/kubenuc/unifi/secrets - prune: true diff --git a/apps/old_kubenuc/unifi/secrets/kustomization.yaml b/apps/old_kubenuc/unifi/secrets/kustomization.yaml deleted file mode 100644 index 068ac27e..00000000 --- a/apps/old_kubenuc/unifi/secrets/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: unifi -resources: -- unifi-poller-secret.yml diff --git a/apps/old_kubenuc/unifi/secrets/unifi-poller-secret.yml b/apps/old_kubenuc/unifi/secrets/unifi-poller-secret.yml deleted file mode 100644 index baed4334..00000000 --- a/apps/old_kubenuc/unifi/secrets/unifi-poller-secret.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: onepassword.com/v1 -kind: OnePasswordItem -metadata: - name: unifi-poller-secret -spec: - itemPath: "vaults/k8s_secrets/items/UniFi-Poller" diff --git a/apps/old_kubenuc/zabbix/release.yml b/apps/old_kubenuc/zabbix/release.yml deleted file mode 100644 index 7b54ba6f..00000000 --- a/apps/old_kubenuc/zabbix/release.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: zabbix - namespace: zabbix -spec: - interval: 15m - maxHistory: 20 - chart: - spec: - chart: zabbix - version: ">=4.0.0" - sourceRef: - kind: HelmRepository - name: zabbix-community-charts - namespace: flux-system - interval: 15m - install: - createNamespace: true - remediation: - retries: 6 - upgrade: - remediation: - retries: 6 - values: - zabbixImageTag: ubuntu-5.0-latest - - zabbixServer: - enabled: false - - postgresql: - enabled: false - - zabbixWebService: - enabled: false - - zabbixProxy: - enabled: true - replicaCount: 1 - image: - repository: zabbix/zabbix-proxy-sqlite3 - tag: ubuntu-5.0-latest - pullPolicy: Always - # The variable allows to switch Zabbix proxy mode. Bu default, value is 0 - active proxy. Allowed values are 0 - active proxy and 1 - passive proxy. - ZBX_PROXYMODE: 0 - # This variable is unique, case sensitive hostname. - ZBX_HOSTNAME: zabbix-proxy-sqlite3 - ZBX_SERVER_HOST: 192.168.120.32 - ZBX_SERVER_PORT: 10051 - # ZBX_LOADMODULE: dummy1.so,dummy2.so # The variable is list of comma separated loadable Zabbix modules. It works with volume /var/lib/zabbix/modules. - # ZBX_DEBUGLEVEL: 4 # The variable is used to specify debug level, from 0 to 5 - # ZBX_TIMEOUT: 4 # The variable is used to specify timeout for processing checks. By default, value is 4. - # ZBX_JAVAGATEWAY_ENABLE: false # The variable enable communication with Zabbix Java Gateway to collect Java related checks. By default, value is false. - ZBX_VMWARECACHESIZE: 128M - service: - type: NodePort - port: 10051 - - zabbixAgent: - enabled: false - - zabbixWeb: - enabled: false - - ingress: - enabled: false - - nodeSelector: - kubernetes.io/hostname: "kubenuc"