From 0f371c894b2cfd364d8abf1f2eeabdb9ab7a8e08 Mon Sep 17 00:00:00 2001
From: Gruber <43826031+gruberdev@users.noreply.github.com>
Date: Tue, 3 Sep 2024 00:28:32 -0300
Subject: [PATCH] Complete rehaul (#460)
* [rehaul] added components directory
* [rehaul] improved networking argocd section
* [rehaul] improved monitoring argocd section
* [rehaul] improved mlops argocd section
* [rehaul] removed matrix argocd section
* [rehaul] improved home argocd section
* [rehaul] improved data argocd section
* [rehaul] improved argocd base files
* [rehaul] improved projects argocd section
* [rehaul] improved services argocd section
* [rehaul] improved utilities argocd section
* [rehaul] improved argocd overlay section
* [rehaul] added mayastor files
* [rehaul] removed metabase from data apps
* [rehaul] changed sc from iscsi to mayastor
* [rehaul] added mysql-operator
* [rehaul] improved postgres-related operator resources
* [rehaul] removed matrix-related PVCs
* [rehaul] renamed repoURL reference
* [rehaul] removed kustomize components @rss-hub
* [rehaul] improved home-assistant related resources
* [rehaul] added 4get service related resources
* [rehaul] removed deprecated service resources
* [rehaul] removed utilities related resources
* [rehaul] improved CI GHA validation steps
* [rehaul] improved nvidia cluster driver
* [rehaul] removed deprecated services
* [rehaul] removed networking related resources
* [rehaul] removed rss related services
* [rehaul] fixed yaml linter error
* [rehaul] updated readme docs URIs
* [rehaul] removed GHA linters to check URis readme
* [rehaul] fixed README docs typo
* [rehaul] removed deprecated services from README docs
* [rehaul] removed reloader annotations
* [rehaul] updated mlops resources
* [rehaul] updated utilities related resources
* [rehaul] updated tailscale related resources
* [rehaul] removed RSS services
* [rehaul] updated cert-manager related resources
* [rehaul] updated tailscale related resources
* [rehaul] updated README description
* [rehaul] updated PVCs storage
---
.../workflows/{auto-prs.yml => auto-prs.yaml} | 0
.github/workflows/gitleaks.yaml | 14 +
.github/workflows/linters.yaml | 6 -
.../{tailscale.yml => tailscale.yaml} | 0
README.md | 118 ++---
apps/argocd/Dockerfile | 10 +-
apps/argocd/README.md | 66 ++-
apps/argocd/base/core/private.yaml | 2 +-
apps/argocd/base/data/cloudnative.yaml | 28 +-
apps/argocd/base/data/kustomization.yaml | 6 +-
apps/argocd/base/data/minio.yaml | 43 ++
.../base/{matrix/dbs.yaml => data/mysql.yaml} | 23 +-
apps/argocd/base/data/redis.yaml | 25 +-
apps/argocd/base/data/storage.yaml | 21 +-
apps/argocd/base/home/external-mic.yaml | 7 +-
apps/argocd/base/home/frigate.yaml | 5 -
apps/argocd/base/home/go2rtc.yaml | 33 ++
apps/argocd/base/home/ha.yaml | 27 +-
apps/argocd/base/home/kustomization.yaml | 16 +-
apps/argocd/base/home/openwakeword.yaml | 21 +-
apps/argocd/base/home/piper.yaml | 21 +-
apps/argocd/base/home/satellite.yaml | 6 -
apps/argocd/base/home/whisper.yaml | 19 +-
apps/argocd/base/ingress.yaml | 21 +
apps/argocd/base/matrix/dendrite.yaml | 31 --
apps/argocd/base/matrix/discord.yaml | 33 --
apps/argocd/base/matrix/element.yaml | 31 --
apps/argocd/base/matrix/instagram.yaml | 33 --
apps/argocd/base/matrix/linkedin.yaml | 33 --
apps/argocd/base/matrix/proxies.yaml | 31 --
apps/argocd/base/matrix/signal.yaml | 31 --
apps/argocd/base/matrix/steam.yaml | 31 --
apps/argocd/base/matrix/synapse.yaml | 351 -------------
apps/argocd/base/matrix/telegram.yaml | 31 --
apps/argocd/base/matrix/whats.yaml | 33 --
apps/argocd/base/mlops/chroma.yaml | 91 ----
apps/argocd/base/mlops/discord-bot.yaml | 34 --
apps/argocd/base/mlops/k8sgpt.yaml | 58 ---
apps/argocd/base/mlops/kustomization.yaml | 4 +-
apps/argocd/base/mlops/localai.yaml | 31 +-
apps/argocd/base/mlops/memory-plugin.yaml | 34 --
apps/argocd/base/mlops/milvus.yaml | 3 +
apps/argocd/base/mlops/qdrant.yaml | 114 -----
apps/argocd/base/mlops/sillytavern.yaml | 40 ++
apps/argocd/base/mlops/turbopilot.yaml | 33 --
apps/argocd/base/mlops/wandb.yaml | 31 --
apps/argocd/base/monitoring/botkube.yaml | 427 ----------------
.../base/monitoring/kube-prometheus.yaml | 10 +-
apps/argocd/base/monitoring/kuma.yaml | 21 +-
.../kustomization.yaml | 8 +-
apps/argocd/base/monitoring/nextdns.yaml | 10 +-
apps/argocd/base/monitoring/nvidia.yaml | 116 -----
apps/argocd/base/monitoring/unifi-poller.yaml | 14 +-
apps/argocd/base/networking/cert-manager.yaml | 204 ++------
apps/argocd/base/networking/external-dns.yaml | 97 ++++
.../base/networking/external-dns/README.md | 1 -
.../networking/external-dns/cloudflare.yaml | 134 -----
.../base/networking/external-dns/nextdns.yaml | 128 -----
apps/argocd/base/networking/issuer.yaml | 12 +-
apps/argocd/base/networking/kube-vip.yaml | 26 +-
.../argocd/base/networking/kustomization.yaml | 13 +-
.../argocd/base/networking/nginx-ingress.yaml | 26 +-
.../base/networking/tailscale-operator.yaml | 14 +-
apps/argocd/base/networking/tailscale.yaml | 31 --
.../base/networking/unifi-controller.yaml | 26 +-
apps/argocd/base/projects/apps.yaml | 4 -
apps/argocd/base/projects/kustomization.yaml | 12 +
apps/argocd/base/projects/matrix.yaml | 20 -
apps/argocd/base/projects/monitoring.yaml | 4 +-
apps/argocd/base/projects/networking.yaml | 2 +
.../services/{ofx-exporter.yaml => 4get.yaml} | 23 +-
apps/argocd/base/services/actual.yaml | 21 +-
apps/argocd/base/services/archivebox.yaml | 33 --
apps/argocd/base/services/coder.yaml | 42 ++
apps/argocd/base/services/feedpushr.yaml | 34 --
apps/argocd/base/services/gitea-utils.yaml | 33 --
apps/argocd/base/services/gitea.yaml | 163 +-----
apps/argocd/base/services/grocy.yaml | 33 --
apps/argocd/base/services/homepage.yaml | 10 +-
apps/argocd/base/services/jupyterlab.yaml | 34 --
apps/argocd/base/services/kustomization.yaml | 17 +-
apps/argocd/base/services/librex.yaml | 34 --
apps/argocd/base/services/metabase.yaml | 34 --
.../sealed.yaml => services/miniflux.yaml} | 12 +-
apps/argocd/base/services/mlops.yaml | 31 --
apps/argocd/base/services/rss-hub.yaml | 34 --
apps/argocd/base/services/s3.yaml | 41 ++
apps/argocd/base/services/squid.yaml | 33 --
.../{home/wyze.yaml => services/touito.yaml} | 12 +-
apps/argocd/base/services/wallabag.yaml | 40 --
apps/argocd/base/services/wger.yaml | 32 --
apps/argocd/base/styles-cm.yaml | 69 +++
apps/argocd/base/svc-monitors.yaml | 77 +++
apps/argocd/base/utilities/agones.yaml | 283 +++++++++++
apps/argocd/base/utilities/chaos.yaml | 225 --------
apps/argocd/base/utilities/cpu-booster.yaml | 36 ++
apps/argocd/base/utilities/crossplane.yaml | 57 ---
apps/argocd/base/utilities/descheduler.yaml | 15 +-
apps/argocd/base/utilities/eraser.yaml | 14 +-
.../base/utilities/external-secrets.yaml | 47 ++
apps/argocd/base/utilities/gfd.yaml | 114 -----
apps/argocd/base/utilities/kube-fledged.yaml | 95 +---
apps/argocd/base/utilities/kured.yaml | 32 --
apps/argocd/base/utilities/kustomization.yaml | 16 +-
apps/argocd/base/utilities/nvidia.yaml | 39 ++
apps/argocd/base/utilities/reflector.yaml | 21 +-
apps/argocd/base/utilities/reloader.yaml | 47 --
apps/argocd/base/utilities/snapshot.yaml | 56 --
apps/argocd/base/utilities/wavy.yaml | 33 --
apps/argocd/kustomization.yaml | 301 +++++------
.../argocd-applicationset-controller.yaml | 16 +
apps/argocd/overlay/argocd-cm.yaml | 48 +-
apps/argocd/overlay/argocd-dex.yaml | 25 +
apps/argocd/overlay/argocd-metrics.yaml | 304 +++++++++++
.../argocd-notification-controller.yaml | 20 +
.../overlay/argocd-notifications-cm.yaml | 45 ++
apps/argocd/overlay/argocd-rbac.yaml | 2 +-
.../overlay/argocd-repo-deployment.yaml | 140 +++--
apps/argocd/overlay/argocd-svc.yaml | 6 +
apps/argocd/overlay/cloudflared-cm.yaml | 14 -
apps/components/ignore-ip/kustomization.yaml | 20 +
apps/components/ignore/kustomization.yaml | 14 +
.../lb/internal}/certificate.yaml | 8 +-
.../lb/internal}/ingress.yaml | 15 +-
.../components/lb/internal/kustomization.yaml | 110 ++++
apps/components/lb/internal/svc.yaml | 13 +
apps/components/lb/kustomization.yaml | 6 +
.../resources/large/kustomization.yaml | 17 +
.../resources/medium/kustomization.yaml | 17 +
.../resources/small/kustomization.yaml | 17 +
.../components/tailscale/ingress/ingress.yaml | 19 +
.../tailscale/ingress/kustomization.yaml | 38 ++
.../tailscale/ingress}/svc.yaml | 10 +-
apps/data/mayastor/README.md | 27 +-
apps/data/mayastor/pool.yaml | 8 +
apps/data/mayastor/provisioner.yaml | 21 +
apps/data/mayastor/snapshot.yaml | 8 +
apps/data/metabase/README.md | 1 -
apps/data/metabase/base/cm.yaml | 21 -
apps/data/metabase/base/db.yaml | 27 -
apps/data/metabase/base/deployment.yaml | 45 --
apps/data/metabase/base/pvc.yaml | 11 -
apps/data/metabase/base/svc.yaml | 15 -
apps/data/metabase/kustomization.yaml | 30 --
apps/data/minio/README.md | 1 -
apps/data/mysql/app.yaml | 70 +++
apps/data/mysql/crd/kustomization.yaml | 7 +
.../base => data/mysql}/kustomization.yaml | 5 +-
.../cloudnative/default/backup-sechedule.yaml | 9 +
.../postgres/cloudnative/default/cluster.yaml | 38 ++
.../cloudnative/default/example-creds.yaml} | 0
.../cloudnative/default}/kustomization.yaml | 9 +-
.../cloudnative/default/monitoring.yaml | 12 +
.../postgres/cloudnative/kustomization.yaml | 481 ++----------------
apps/data/postgres/exporter/cm.yaml | 11 -
apps/data/postgres/exporter/deployment.yaml | 39 --
.../data/postgres/exporter/kustomization.yaml | 6 -
apps/data/redis/kustomization.yaml | 6 +-
apps/data/storage/base/actual.yaml | 2 +-
apps/data/storage/base/adguard.yaml | 4 +-
apps/data/storage/base/archivebox.yaml | 2 +-
apps/data/storage/base/beets.yaml | 2 +-
apps/data/storage/base/change.yaml | 15 +-
apps/data/storage/base/feedpushr.yaml | 2 +-
apps/data/storage/base/finances.yaml | 2 +-
apps/data/storage/base/ganymede.yaml | 6 +-
apps/data/storage/base/gitea.yaml | 4 +-
apps/data/storage/base/grocy.yaml | 2 +-
apps/data/storage/base/home/frigate.yaml | 6 +-
apps/data/storage/base/home/ha.yaml | 17 +-
.../data/storage/base/home/kustomization.yaml | 2 +
apps/data/storage/base/home/openwakeword.yaml | 4 +-
apps/data/storage/base/home/piper.yaml | 4 +-
.../storage/base/home/restreamer.yaml} | 13 +-
.../{postgres/ha.yaml => home/web2rtc.yaml} | 7 +-
apps/data/storage/base/home/whisper.yaml | 2 +-
apps/data/storage/base/home/wyze.yaml | 6 +-
apps/data/storage/base/jellyfin.yaml | 4 +-
apps/data/storage/base/jupyterlab.yaml | 2 +-
apps/data/storage/base/kuma.yaml | 2 +-
apps/data/storage/base/librex.yaml | 2 +-
apps/data/storage/base/lidarr.yaml | 2 +-
apps/data/storage/base/links.yaml | 12 -
apps/data/storage/base/local-ai.yaml | 2 +-
apps/data/storage/base/matrix/bridges.yaml | 12 -
apps/data/storage/base/matrix/discord.yaml | 25 -
apps/data/storage/base/matrix/instagram.yaml | 25 -
apps/data/storage/base/matrix/linkedin.yaml | 25 -
apps/data/storage/base/matrix/messenger.yaml | 12 -
apps/data/storage/base/matrix/signal.yaml | 12 -
apps/data/storage/base/matrix/skype.yaml | 12 -
apps/data/storage/base/matrix/steam.yaml | 12 -
apps/data/storage/base/matrix/telegram.yaml | 12 -
apps/data/storage/base/matrix/whats.yaml | 12 -
apps/data/storage/base/media.yaml | 18 +-
apps/data/storage/base/milvus.yaml | 2 +-
.../{matrix/synapse.yaml => mixpost.yaml} | 16 +-
apps/data/storage/base/n8n.yaml | 2 +-
apps/data/storage/base/postgres/bridges.yaml | 12 -
apps/data/storage/base/postgres/ganymede.yaml | 12 -
apps/data/storage/base/postgres/synapse.yaml | 12 -
apps/data/storage/base/snapshot/iscsi.yaml | 4 +-
apps/data/storage/base/tanoshi.yaml | 4 +-
apps/data/storage/base/taskwarrior.yaml | 4 +-
.../{postgres/wallabag.yaml => touito.yaml} | 8 +-
apps/data/storage/base/transfer.yaml | 25 +
apps/data/storage/base/turbopilot.yaml | 2 +-
apps/data/storage/base/unifi-poller.yaml | 4 +-
apps/data/storage/base/unifi.yaml | 23 +-
apps/data/storage/base/wallabag.yaml | 4 +-
apps/data/storage/base/wger.yaml | 4 +-
.../base/{postgres/n8n.yaml => yacy.yaml} | 6 +-
apps/data/storage/kustomization.yaml | 52 +-
apps/home/ha/README.md | 52 +-
.../ha/add-ons}/kustomization.yaml | 4 +-
apps/home/ha/add-ons/tailscale.yaml | 10 +
apps/home/ha/base/certificate.yaml | 4 +-
apps/home/ha/base/db.yaml | 44 --
apps/home/ha/base/deployment.yaml | 28 +-
apps/home/ha/base/ingress.yaml | 31 +-
apps/home/ha/base/kustomization.yaml | 17 +-
apps/home/ha/base/svc.yaml | 47 +-
apps/home/ha/db/kustomization.yaml | 46 ++
apps/home/ha/kustomization.yaml | 14 +-
apps/home/wyze/README.md | 1 -
apps/home/wyze/base/cm.yaml | 29 --
apps/home/wyze/base/deployment.yaml | 91 ----
apps/home/wyze/base/kustomization.yaml | 7 -
apps/home/wyze/base/secret.yaml | 10 -
apps/home/wyze/base/svc.yaml | 36 --
apps/home/wyze/kustomization.yaml | 22 -
apps/matrix/Dockerfile | 5 -
apps/matrix/README.md | 1 -
apps/matrix/bridges/discord/README.md | 1 -
apps/matrix/bridges/discord/cm.yaml | 66 ---
apps/matrix/bridges/discord/deployment.yaml | 122 -----
.../matrix/bridges/discord/kustomization.yaml | 20 -
apps/matrix/bridges/discord/svc.yaml | 16 -
apps/matrix/bridges/instagram/README.md | 1 -
apps/matrix/bridges/instagram/cm.yaml | 170 -------
apps/matrix/bridges/instagram/deployment.yaml | 117 -----
.../bridges/instagram/kustomization.yaml | 20 -
apps/matrix/bridges/instagram/svc.yaml | 16 -
apps/matrix/bridges/linkedin/README.md | 1 -
apps/matrix/bridges/linkedin/cm.yaml | 146 ------
apps/matrix/bridges/linkedin/deployment.yaml | 115 -----
.../bridges/linkedin/kustomization.yaml | 20 -
apps/matrix/bridges/linkedin/svc.yaml | 15 -
apps/matrix/bridges/signal/README.md | 1 -
apps/matrix/bridges/signal/cm.yaml | 137 -----
apps/matrix/bridges/signal/deployment.yaml | 152 ------
apps/matrix/bridges/signal/kustomization.yaml | 20 -
apps/matrix/bridges/signal/svc.yaml | 15 -
apps/matrix/bridges/steam/README.md | 15 -
apps/matrix/bridges/steam/cm.yaml | 19 -
apps/matrix/bridges/steam/deployment.yaml | 143 ------
apps/matrix/bridges/steam/kustomization.yaml | 20 -
apps/matrix/bridges/steam/svc.yaml | 15 -
apps/matrix/bridges/telegram/README.md | 1 -
apps/matrix/bridges/telegram/cm.yaml | 257 ----------
apps/matrix/bridges/telegram/deployment.yaml | 156 ------
.../bridges/telegram/kustomization.yaml | 20 -
apps/matrix/bridges/telegram/svc.yaml | 15 -
apps/matrix/bridges/whatsapp/cm.yaml | 194 -------
apps/matrix/bridges/whatsapp/deployment.yaml | 119 -----
.../bridges/whatsapp/kustomization.yaml | 20 -
apps/matrix/bridges/whatsapp/svc.yaml | 16 -
apps/matrix/databases/README.md | 1 -
apps/matrix/databases/base/certificate.yaml | 12 -
apps/matrix/databases/base/cm.yaml | 7 -
apps/matrix/databases/base/ingress.yaml | 26 -
apps/matrix/databases/base/kustomization.yaml | 10 -
apps/matrix/databases/base/matrix.yaml | 50 --
apps/matrix/databases/base/redis.yaml | 50 --
apps/matrix/databases/base/secret.yaml | 29 --
apps/matrix/databases/base/svc.yaml | 19 -
apps/matrix/databases/kustomization.yaml | 9 -
apps/matrix/dendrite/README.md | 1 -
apps/matrix/dendrite/base/certificate.yaml | 12 -
apps/matrix/dendrite/base/cm.yaml | 7 -
apps/matrix/dendrite/base/deployment.yaml | 152 ------
apps/matrix/dendrite/base/ingress.yaml | 26 -
apps/matrix/dendrite/base/jobs.yaml | 86 ----
apps/matrix/dendrite/base/kustomization.yaml | 11 -
apps/matrix/dendrite/base/postgres.yaml | 45 --
apps/matrix/dendrite/base/secret.yaml | 166 ------
apps/matrix/dendrite/base/svc.yaml | 35 --
apps/matrix/dendrite/kustomization.yaml | 19 -
apps/matrix/element/base/cm.yaml | 60 ---
apps/matrix/element/base/deployment.yaml | 53 --
apps/matrix/element/base/svc.yaml | 15 -
apps/matrix/element/kustomization.yaml | 34 --
apps/matrix/proxies/kustomization.yaml | 50 --
.../proxies/overlay/cloudflared-cm.yaml | 14 -
.../kube-prometheus/kustomization.yaml | 1 -
apps/networking/adguard/Allowlist.txt | 23 -
apps/networking/adguard/README.md | 1 -
apps/networking/adguard/base/cm.yaml | 241 ---------
apps/networking/adguard/base/deployment.yaml | 105 ----
.../adguard/base/kustomization.yaml | 8 -
apps/networking/adguard/base/secret.yaml | 9 -
apps/networking/adguard/base/svc-monitor.yaml | 16 -
apps/networking/adguard/base/svc.yaml | 37 --
apps/networking/adguard/kustomization.yaml | 19 -
.../networking/certmanager/clusterIssuer.yaml | 9 +
.../certmanager/crds/kustomization.yaml | 7 +
.../networking/certmanager/kustomization.yaml | 1 +
apps/networking/cloudflared/README.md | 1 -
apps/networking/cloudflared/cm.yaml | 26 -
apps/networking/cloudflared/deployment.yaml | 59 ---
.../networking/cloudflared/kustomization.yaml | 8 -
apps/networking/squid/README.md | 1 -
apps/networking/squid/base/certificate.yaml | 12 -
apps/networking/squid/base/cm.yaml | 17 -
apps/networking/squid/base/deployment.yaml | 56 --
apps/networking/squid/base/ingress.yaml | 26 -
apps/networking/squid/base/kustomization.yaml | 8 -
apps/networking/squid/base/svc.yaml | 18 -
apps/networking/squid/kustomization.yaml | 9 -
apps/networking/tailscale/README.md | 6 +
apps/networking/tailscale/cr.yaml | 11 -
apps/networking/tailscale/kustomization.yaml | 6 -
.../tailscale/operator/base/cr.yaml | 65 ++-
.../tailscale/operator/base/crb.yaml | 11 +-
.../tailscale/operator/base/deployment.yaml | 18 +-
.../operator/base/ingress-class.yaml | 8 +
.../operator/base/kustomization.yaml | 1 +
.../tailscale/operator/base/rb.yaml | 26 +-
.../tailscale/operator/base/role.yaml | 38 +-
.../tailscale/operator/base/sa.yaml | 9 +-
.../tailscale/operator/base/secret.yaml | 4 +-
.../operator/crds/kustomization.yaml | 11 +
.../tailscale/operator/kustomization.yaml | 9 +-
.../tailscale/operator/resources/dns.yaml | 10 +
.../tailscale/operator/resources/egress.yaml | 9 +
.../operator/resources}/kustomization.yaml | 6 +-
.../tailscale/operator/resources/macbook.yaml | 10 +
.../operator/resources/subnet-router.yaml | 29 ++
apps/networking/tailscale/patch.yaml | 41 --
apps/networking/tailscale/rb.yaml | 11 -
apps/networking/tailscale/sa.yaml | 4 -
.../unifi/controller/kustomization.yaml | 3 -
apps/services/4get/README.md | 1 +
apps/services/4get/base/cm.yaml | 15 +
apps/services/4get/base/deployment.yaml | 23 +
.../4get}/base/kustomization.yaml | 1 -
.../{archivebox => 4get}/kustomization.yaml | 16 +-
apps/services/archivebox/README.md | 1 -
.../services/archivebox/base/certificate.yaml | 12 -
apps/services/archivebox/base/cm.yaml | 8 -
apps/services/archivebox/base/deployment.yaml | 79 ---
apps/services/archivebox/base/ingress.yaml | 26 -
.../archivebox/base/kustomization.yaml | 8 -
apps/services/archivebox/base/svc.yaml | 18 -
apps/services/gitea/kustomization.yaml | 3 -
apps/services/grocy/README.md | 1 -
apps/services/grocy/base/cm.yaml | 9 -
apps/services/grocy/base/deployment.yaml | 45 --
apps/services/grocy/base/svc.yaml | 18 -
apps/services/grocy/kustomization.yaml | 19 -
apps/services/jupyter/README.md | 1 -
apps/services/jupyter/base/certificate.yaml | 12 -
apps/services/jupyter/base/cm.yaml | 19 -
apps/services/jupyter/base/cr.yaml | 11 -
apps/services/jupyter/base/deployment.yaml | 57 ---
apps/services/jupyter/base/ingress.yaml | 26 -
apps/services/jupyter/base/kustomization.yaml | 13 -
apps/services/jupyter/base/rb.yaml | 27 -
apps/services/jupyter/base/role.yaml | 12 -
apps/services/jupyter/base/sa.yaml | 4 -
apps/services/jupyter/base/secret.yaml | 9 -
apps/services/jupyter/base/svc.yaml | 18 -
apps/services/jupyter/kustomization.yaml | 19 -
apps/services/librex/README.md | 1 -
apps/services/librex/base/cm.yaml | 15 -
apps/services/librex/base/deployment.yaml | 37 --
apps/services/librex/base/ingress.yaml | 28 -
apps/services/librex/base/kustomization.yaml | 8 -
apps/services/librex/base/svc.yaml | 18 -
apps/services/librex/kustomization.yaml | 19 -
apps/services/mlops/chatbot-ui/README.md | 1 -
.../mlops/chatbot-ui/base/certificate.yaml | 12 -
apps/services/mlops/chatbot-ui/base/cm.yaml | 9 -
.../mlops/chatbot-ui/base/deployment.yaml | 36 --
.../mlops/chatbot-ui/base/ingress.yaml | 27 -
.../mlops/chatbot-ui/base/kustomization.yaml | 8 -
apps/services/mlops/chatbot-ui/base/svc.yaml | 34 --
.../mlops/chatbot-ui/kustomization.yaml | 8 -
apps/services/mlops/discord-bot/README.md | 1 -
apps/services/mlops/discord-bot/base/cm.yaml | 7 -
.../mlops/discord-bot/base/deployment.yaml | 40 --
.../mlops/discord-bot/base/secret.yaml | 17 -
.../mlops/discord-bot/kustomization.yaml | 19 -
apps/services/mlops/kustomization.yaml | 6 -
apps/services/mlops/langflow/README.md | 1 -
.../mlops/langflow/base/certificate.yaml | 12 -
apps/services/mlops/langflow/base/cm.yaml | 11 -
.../mlops/langflow/base/deployment.yaml | 36 --
.../services/mlops/langflow/base/ingress.yaml | 26 -
.../mlops/langflow/base/kustomization.yaml | 8 -
apps/services/mlops/langflow/base/svc.yaml | 20 -
.../mlops/langflow/kustomization.yaml | 8 -
apps/services/mlops/local-ai/README.md | 1 -
.../mlops/local-ai/base/certificate.yaml | 12 -
apps/services/mlops/local-ai/base/cm.yaml | 18 -
.../mlops/local-ai/base/deployment.yaml | 63 ---
.../services/mlops/local-ai/base/ingress.yaml | 26 -
.../mlops/local-ai/base/kustomization.yaml | 8 -
apps/services/mlops/local-ai/base/svc.yaml | 34 --
.../mlops/local-ai/kustomization.yaml | 23 -
.../mlops/local-ai/models/chronos.yaml | 45 --
apps/services/mlops/local-ai/models/e5.yaml | 16 -
.../mlops/local-ai/models/embeddings.yaml | 15 -
.../mlops/local-ai/models/hermes.yaml | 45 --
.../services/mlops/local-ai/models/index.yaml | 124 -----
.../local-ai/models/llama2-complete.yaml | 43 --
.../mlops/local-ai/models/llama2.yaml | 45 --
.../mlops/local-ai/models/mythos.yaml | 50 --
apps/services/mlops/local-ai/models/orca.yaml | 48 --
.../mlops/local-ai/models/startup.yaml | 6 -
.../mlops/local-ai/models/whisper.yaml | 18 -
.../mlops/local-ai/models/wizard.yaml | 52 --
.../mlops/local-ai/models/wizardcode.yaml | 50 --
apps/services/mlops/matrix-bot/README.md | 1 -
apps/services/mlops/matrix-bot/base/cm.yaml | 20 -
.../mlops/matrix-bot/base/deployment.yaml | 39 --
.../mlops/matrix-bot/base/secret.yaml | 8 -
.../mlops/matrix-bot/kustomization.yaml | 9 -
apps/services/mlops/memory-plugin/README.md | 1 -
.../services/mlops/memory-plugin/base/cm.yaml | 10 -
.../mlops/memory-plugin/base/deployment.yaml | 38 --
.../memory-plugin/base/kustomization.yaml | 7 -
.../mlops/memory-plugin/base/secret.yaml | 9 -
.../mlops/memory-plugin/base/svc.yaml | 15 -
.../mlops/memory-plugin/kustomization.yaml | 32 --
.../memory-plugin/overlay/cloudflared-cm.yaml | 14 -
apps/services/mlops/milvus/README.md | 1 -
apps/services/mlops/milvus/kustomization.yaml | 27 -
.../milvus/overlay/milvus-deployment.yaml | 62 ---
.../mlops/milvus/overlay/milvus-job.yaml | 33 --
.../milvus/overlay/namespace-delete.yaml | 5 -
apps/services/mlops/turbopilot/README.md | 1 -
.../mlops/turbopilot/base/certificate.yaml | 12 -
apps/services/mlops/turbopilot/base/cm.yaml | 12 -
.../mlops/turbopilot/base/deployment.yaml | 97 ----
.../mlops/turbopilot/base/ingress.yaml | 26 -
.../mlops/turbopilot/base/kustomization.yaml | 8 -
apps/services/mlops/turbopilot/base/svc.yaml | 34 --
.../mlops/turbopilot/kustomization.yaml | 18 -
apps/services/mlops/wandb/README.md | 1 -
.../mlops/wandb/base/certificate.yaml | 12 -
apps/services/mlops/wandb/base/cm.yaml | 11 -
.../services/mlops/wandb/base/deployment.yaml | 115 -----
.../mlops/wandb/base/kustomization.yaml | 9 -
apps/services/mlops/wandb/base/secret.yaml | 14 -
apps/services/mlops/wandb/base/svc.yaml | 33 --
apps/services/mlops/wandb/kustomization.yaml | 19 -
apps/services/proxitok/README.md | 1 -
apps/services/rss/README.md | 1 -
apps/services/rss/feedpushr/README.md | 1 -
apps/services/rss/feedpushr/base/cm.yaml | 26 -
.../rss/feedpushr/base/deployment.yaml | 50 --
.../rss/feedpushr/base/kustomization.yaml | 7 -
apps/services/rss/feedpushr/base/secret.yaml | 9 -
apps/services/rss/feedpushr/base/svc.yaml | 18 -
.../services/rss/feedpushr/kustomization.yaml | 19 -
apps/services/rss/hub/README.md | 1 -
apps/services/rss/hub/base/certificate.yaml | 12 -
apps/services/rss/hub/base/cm.yaml | 19 -
apps/services/rss/hub/base/deployment.yaml | 74 ---
apps/services/rss/hub/base/ingress.yaml | 26 -
apps/services/rss/hub/base/kustomization.yaml | 9 -
apps/services/rss/hub/base/redis.yaml | 27 -
apps/services/rss/hub/base/svc.yaml | 19 -
apps/services/rss/hub/kustomization.yaml | 16 -
apps/services/transfer/base/ingress.yaml | 26 -
apps/services/transfer/kustomization.yaml | 19 -
apps/services/wallabag/README.md | 1 -
apps/services/wallabag/base/cm.yaml | 20 -
apps/services/wallabag/base/db.yaml | 36 --
apps/services/wallabag/base/deployment.yaml | 60 ---
.../services/wallabag/base/kustomization.yaml | 8 -
apps/services/wallabag/base/secret.yaml | 13 -
apps/services/wallabag/base/svc.yaml | 18 -
apps/services/wallabag/kustomization.yaml | 19 -
apps/services/wger/README.md | 1 -
apps/services/wger/base/certificate.yaml | 12 -
apps/services/wger/base/cm.yaml | 74 ---
apps/services/wger/base/db.yaml | 42 --
apps/services/wger/base/deployment.yaml | 82 ---
apps/services/wger/base/ingress.yaml | 26 -
apps/services/wger/base/kustomization.yaml | 11 -
apps/services/wger/base/redis.yaml | 27 -
apps/services/wger/base/secret.yaml | 13 -
apps/services/wger/base/svc.yaml | 17 -
apps/services/wger/kustomization.yaml | 10 -
.../services/wger/overlay/cloudflared-cm.yaml | 14 -
apps/utilities/crossplane/README.md | 1 -
apps/utilities/crossplane/kustomization.yaml | 89 ----
apps/utilities/descheduler/README.md | 21 +-
apps/utilities/descheduler/kustomization.yaml | 31 +-
apps/utilities/kube-fledged/README.md | 1 +
.../utilities/kube-fledged/kustomization.yaml | 93 ++++
apps/utilities/kured/README.md | 1 +
apps/utilities/kured/kustomization.yaml | 3 -
apps/utilities/nvidia/README.md | 1 +
apps/utilities/nvidia/kustomization.yaml | 61 +++
apps/utilities/nvidia/patch.yaml | 26 +
apps/utilities/nvidia/runtimeclass.yaml | 5 +
apps/utilities/sealed-secrets/README.md | 1 -
.../sealed-secrets/base/kustomization.yaml | 4 -
.../sealed-secrets/kustomization.yaml | 12 -
.../sealed-secrets/overlay/deployment.yaml | 45 --
.../utilities/sealed-secrets/overlay/svc.yaml | 14 -
apps/utilities/wavy/README.md | 64 ---
apps/utilities/wavy/kustomization.yaml | 27 -
.../wavy/overlay/namespace-delete.yaml | 5 -
apps/utilities/wavy/overlay/patch-crb.yaml | 15 -
apps/utilities/wavy/overlay/patch-deploy.yaml | 41 --
apps/utilities/wavy/overlay/patch-job.yaml | 30 --
apps/utilities/wavy/overlay/patch-rb.yaml | 16 -
tasks/argocd.yaml | 4 +-
522 files changed, 3434 insertions(+), 12999 deletions(-)
rename .github/workflows/{auto-prs.yml => auto-prs.yaml} (100%)
create mode 100644 .github/workflows/gitleaks.yaml
rename .github/workflows/{tailscale.yml => tailscale.yaml} (100%)
create mode 100644 apps/argocd/base/data/minio.yaml
rename apps/argocd/base/{matrix/dbs.yaml => data/mysql.yaml} (55%)
create mode 100644 apps/argocd/base/home/go2rtc.yaml
create mode 100644 apps/argocd/base/ingress.yaml
delete mode 100644 apps/argocd/base/matrix/dendrite.yaml
delete mode 100644 apps/argocd/base/matrix/discord.yaml
delete mode 100644 apps/argocd/base/matrix/element.yaml
delete mode 100644 apps/argocd/base/matrix/instagram.yaml
delete mode 100644 apps/argocd/base/matrix/linkedin.yaml
delete mode 100644 apps/argocd/base/matrix/proxies.yaml
delete mode 100644 apps/argocd/base/matrix/signal.yaml
delete mode 100644 apps/argocd/base/matrix/steam.yaml
delete mode 100644 apps/argocd/base/matrix/synapse.yaml
delete mode 100644 apps/argocd/base/matrix/telegram.yaml
delete mode 100644 apps/argocd/base/matrix/whats.yaml
delete mode 100644 apps/argocd/base/mlops/chroma.yaml
delete mode 100644 apps/argocd/base/mlops/discord-bot.yaml
delete mode 100644 apps/argocd/base/mlops/k8sgpt.yaml
delete mode 100644 apps/argocd/base/mlops/memory-plugin.yaml
delete mode 100644 apps/argocd/base/mlops/qdrant.yaml
create mode 100644 apps/argocd/base/mlops/sillytavern.yaml
delete mode 100644 apps/argocd/base/mlops/turbopilot.yaml
delete mode 100644 apps/argocd/base/mlops/wandb.yaml
delete mode 100644 apps/argocd/base/monitoring/botkube.yaml
rename apps/argocd/base/{networking/external-dns => monitoring}/kustomization.yaml (59%)
delete mode 100644 apps/argocd/base/monitoring/nvidia.yaml
create mode 100644 apps/argocd/base/networking/external-dns.yaml
delete mode 100644 apps/argocd/base/networking/external-dns/README.md
delete mode 100644 apps/argocd/base/networking/external-dns/cloudflare.yaml
delete mode 100644 apps/argocd/base/networking/external-dns/nextdns.yaml
delete mode 100644 apps/argocd/base/networking/tailscale.yaml
create mode 100644 apps/argocd/base/projects/kustomization.yaml
delete mode 100644 apps/argocd/base/projects/matrix.yaml
rename apps/argocd/base/services/{ofx-exporter.yaml => 4get.yaml} (51%)
delete mode 100644 apps/argocd/base/services/archivebox.yaml
create mode 100644 apps/argocd/base/services/coder.yaml
delete mode 100644 apps/argocd/base/services/feedpushr.yaml
delete mode 100644 apps/argocd/base/services/gitea-utils.yaml
delete mode 100644 apps/argocd/base/services/grocy.yaml
delete mode 100644 apps/argocd/base/services/jupyterlab.yaml
delete mode 100644 apps/argocd/base/services/librex.yaml
delete mode 100644 apps/argocd/base/services/metabase.yaml
rename apps/argocd/base/{utilities/sealed.yaml => services/miniflux.yaml} (68%)
delete mode 100644 apps/argocd/base/services/mlops.yaml
delete mode 100644 apps/argocd/base/services/rss-hub.yaml
create mode 100644 apps/argocd/base/services/s3.yaml
delete mode 100644 apps/argocd/base/services/squid.yaml
rename apps/argocd/base/{home/wyze.yaml => services/touito.yaml} (65%)
delete mode 100644 apps/argocd/base/services/wallabag.yaml
delete mode 100644 apps/argocd/base/services/wger.yaml
create mode 100644 apps/argocd/base/svc-monitors.yaml
create mode 100644 apps/argocd/base/utilities/agones.yaml
delete mode 100644 apps/argocd/base/utilities/chaos.yaml
create mode 100644 apps/argocd/base/utilities/cpu-booster.yaml
delete mode 100644 apps/argocd/base/utilities/crossplane.yaml
create mode 100644 apps/argocd/base/utilities/external-secrets.yaml
delete mode 100644 apps/argocd/base/utilities/gfd.yaml
delete mode 100644 apps/argocd/base/utilities/kured.yaml
create mode 100644 apps/argocd/base/utilities/nvidia.yaml
delete mode 100644 apps/argocd/base/utilities/reloader.yaml
delete mode 100644 apps/argocd/base/utilities/snapshot.yaml
delete mode 100644 apps/argocd/base/utilities/wavy.yaml
create mode 100644 apps/argocd/overlay/argocd-applicationset-controller.yaml
create mode 100644 apps/argocd/overlay/argocd-dex.yaml
create mode 100644 apps/argocd/overlay/argocd-metrics.yaml
create mode 100644 apps/argocd/overlay/argocd-notification-controller.yaml
create mode 100644 apps/argocd/overlay/argocd-notifications-cm.yaml
delete mode 100644 apps/argocd/overlay/cloudflared-cm.yaml
create mode 100644 apps/components/ignore-ip/kustomization.yaml
create mode 100644 apps/components/ignore/kustomization.yaml
rename apps/{services/librex/base => components/lb/internal}/certificate.yaml (58%)
rename apps/{services/mlops/wandb/base => components/lb/internal}/ingress.yaml (58%)
create mode 100644 apps/components/lb/internal/kustomization.yaml
create mode 100644 apps/components/lb/internal/svc.yaml
create mode 100644 apps/components/lb/kustomization.yaml
create mode 100644 apps/components/resources/large/kustomization.yaml
create mode 100644 apps/components/resources/medium/kustomization.yaml
create mode 100644 apps/components/resources/small/kustomization.yaml
create mode 100644 apps/components/tailscale/ingress/ingress.yaml
create mode 100644 apps/components/tailscale/ingress/kustomization.yaml
rename apps/{data/postgres/exporter => components/tailscale/ingress}/svc.yaml (50%)
create mode 100644 apps/data/mayastor/pool.yaml
create mode 100644 apps/data/mayastor/provisioner.yaml
create mode 100644 apps/data/mayastor/snapshot.yaml
delete mode 100644 apps/data/metabase/README.md
delete mode 100644 apps/data/metabase/base/cm.yaml
delete mode 100644 apps/data/metabase/base/db.yaml
delete mode 100644 apps/data/metabase/base/deployment.yaml
delete mode 100644 apps/data/metabase/base/pvc.yaml
delete mode 100644 apps/data/metabase/base/svc.yaml
delete mode 100644 apps/data/metabase/kustomization.yaml
delete mode 100644 apps/data/minio/README.md
create mode 100644 apps/data/mysql/app.yaml
create mode 100644 apps/data/mysql/crd/kustomization.yaml
rename apps/{services/grocy/base => data/mysql}/kustomization.yaml (65%)
create mode 100644 apps/data/postgres/cloudnative/default/backup-sechedule.yaml
create mode 100644 apps/data/postgres/cloudnative/default/cluster.yaml
rename apps/{matrix/element/README.md => data/postgres/cloudnative/default/example-creds.yaml} (100%)
rename apps/data/{metabase/base => postgres/cloudnative/default}/kustomization.yaml (53%)
create mode 100644 apps/data/postgres/cloudnative/default/monitoring.yaml
delete mode 100644 apps/data/postgres/exporter/cm.yaml
delete mode 100644 apps/data/postgres/exporter/deployment.yaml
delete mode 100644 apps/data/postgres/exporter/kustomization.yaml
rename apps/{networking/adguard/base/pvc.yaml => data/storage/base/home/restreamer.yaml} (58%)
rename apps/data/storage/base/{postgres/ha.yaml => home/web2rtc.yaml} (66%)
delete mode 100644 apps/data/storage/base/links.yaml
delete mode 100644 apps/data/storage/base/matrix/bridges.yaml
delete mode 100644 apps/data/storage/base/matrix/discord.yaml
delete mode 100644 apps/data/storage/base/matrix/instagram.yaml
delete mode 100644 apps/data/storage/base/matrix/linkedin.yaml
delete mode 100644 apps/data/storage/base/matrix/messenger.yaml
delete mode 100644 apps/data/storage/base/matrix/signal.yaml
delete mode 100644 apps/data/storage/base/matrix/skype.yaml
delete mode 100644 apps/data/storage/base/matrix/steam.yaml
delete mode 100644 apps/data/storage/base/matrix/telegram.yaml
delete mode 100644 apps/data/storage/base/matrix/whats.yaml
rename apps/data/storage/base/{matrix/synapse.yaml => mixpost.yaml} (57%)
delete mode 100644 apps/data/storage/base/postgres/bridges.yaml
delete mode 100644 apps/data/storage/base/postgres/ganymede.yaml
delete mode 100644 apps/data/storage/base/postgres/synapse.yaml
rename apps/data/storage/base/{postgres/wallabag.yaml => touito.yaml} (57%)
create mode 100644 apps/data/storage/base/transfer.yaml
rename apps/data/storage/base/{postgres/n8n.yaml => yacy.yaml} (66%)
rename apps/{services/mlops/matrix-bot/base => home/ha/add-ons}/kustomization.yaml (64%)
create mode 100644 apps/home/ha/add-ons/tailscale.yaml
delete mode 100644 apps/home/ha/base/db.yaml
create mode 100644 apps/home/ha/db/kustomization.yaml
delete mode 100644 apps/home/wyze/README.md
delete mode 100644 apps/home/wyze/base/cm.yaml
delete mode 100644 apps/home/wyze/base/deployment.yaml
delete mode 100644 apps/home/wyze/base/kustomization.yaml
delete mode 100644 apps/home/wyze/base/secret.yaml
delete mode 100644 apps/home/wyze/base/svc.yaml
delete mode 100644 apps/home/wyze/kustomization.yaml
delete mode 100644 apps/matrix/Dockerfile
delete mode 100644 apps/matrix/README.md
delete mode 100644 apps/matrix/bridges/discord/README.md
delete mode 100644 apps/matrix/bridges/discord/cm.yaml
delete mode 100644 apps/matrix/bridges/discord/deployment.yaml
delete mode 100644 apps/matrix/bridges/discord/kustomization.yaml
delete mode 100644 apps/matrix/bridges/discord/svc.yaml
delete mode 100644 apps/matrix/bridges/instagram/README.md
delete mode 100644 apps/matrix/bridges/instagram/cm.yaml
delete mode 100644 apps/matrix/bridges/instagram/deployment.yaml
delete mode 100644 apps/matrix/bridges/instagram/kustomization.yaml
delete mode 100644 apps/matrix/bridges/instagram/svc.yaml
delete mode 100644 apps/matrix/bridges/linkedin/README.md
delete mode 100644 apps/matrix/bridges/linkedin/cm.yaml
delete mode 100644 apps/matrix/bridges/linkedin/deployment.yaml
delete mode 100644 apps/matrix/bridges/linkedin/kustomization.yaml
delete mode 100644 apps/matrix/bridges/linkedin/svc.yaml
delete mode 100644 apps/matrix/bridges/signal/README.md
delete mode 100644 apps/matrix/bridges/signal/cm.yaml
delete mode 100644 apps/matrix/bridges/signal/deployment.yaml
delete mode 100644 apps/matrix/bridges/signal/kustomization.yaml
delete mode 100644 apps/matrix/bridges/signal/svc.yaml
delete mode 100644 apps/matrix/bridges/steam/README.md
delete mode 100644 apps/matrix/bridges/steam/cm.yaml
delete mode 100644 apps/matrix/bridges/steam/deployment.yaml
delete mode 100644 apps/matrix/bridges/steam/kustomization.yaml
delete mode 100644 apps/matrix/bridges/steam/svc.yaml
delete mode 100644 apps/matrix/bridges/telegram/README.md
delete mode 100644 apps/matrix/bridges/telegram/cm.yaml
delete mode 100644 apps/matrix/bridges/telegram/deployment.yaml
delete mode 100644 apps/matrix/bridges/telegram/kustomization.yaml
delete mode 100644 apps/matrix/bridges/telegram/svc.yaml
delete mode 100644 apps/matrix/bridges/whatsapp/cm.yaml
delete mode 100644 apps/matrix/bridges/whatsapp/deployment.yaml
delete mode 100644 apps/matrix/bridges/whatsapp/kustomization.yaml
delete mode 100644 apps/matrix/bridges/whatsapp/svc.yaml
delete mode 100644 apps/matrix/databases/README.md
delete mode 100644 apps/matrix/databases/base/certificate.yaml
delete mode 100644 apps/matrix/databases/base/cm.yaml
delete mode 100644 apps/matrix/databases/base/ingress.yaml
delete mode 100644 apps/matrix/databases/base/kustomization.yaml
delete mode 100644 apps/matrix/databases/base/matrix.yaml
delete mode 100644 apps/matrix/databases/base/redis.yaml
delete mode 100644 apps/matrix/databases/base/secret.yaml
delete mode 100644 apps/matrix/databases/base/svc.yaml
delete mode 100644 apps/matrix/databases/kustomization.yaml
delete mode 100644 apps/matrix/dendrite/README.md
delete mode 100644 apps/matrix/dendrite/base/certificate.yaml
delete mode 100644 apps/matrix/dendrite/base/cm.yaml
delete mode 100644 apps/matrix/dendrite/base/deployment.yaml
delete mode 100644 apps/matrix/dendrite/base/ingress.yaml
delete mode 100644 apps/matrix/dendrite/base/jobs.yaml
delete mode 100644 apps/matrix/dendrite/base/kustomization.yaml
delete mode 100644 apps/matrix/dendrite/base/postgres.yaml
delete mode 100644 apps/matrix/dendrite/base/secret.yaml
delete mode 100644 apps/matrix/dendrite/base/svc.yaml
delete mode 100644 apps/matrix/dendrite/kustomization.yaml
delete mode 100644 apps/matrix/element/base/cm.yaml
delete mode 100644 apps/matrix/element/base/deployment.yaml
delete mode 100644 apps/matrix/element/base/svc.yaml
delete mode 100644 apps/matrix/element/kustomization.yaml
delete mode 100644 apps/matrix/proxies/kustomization.yaml
delete mode 100644 apps/matrix/proxies/overlay/cloudflared-cm.yaml
delete mode 100644 apps/networking/adguard/Allowlist.txt
delete mode 100644 apps/networking/adguard/README.md
delete mode 100644 apps/networking/adguard/base/cm.yaml
delete mode 100644 apps/networking/adguard/base/deployment.yaml
delete mode 100644 apps/networking/adguard/base/kustomization.yaml
delete mode 100644 apps/networking/adguard/base/secret.yaml
delete mode 100644 apps/networking/adguard/base/svc-monitor.yaml
delete mode 100644 apps/networking/adguard/base/svc.yaml
delete mode 100644 apps/networking/adguard/kustomization.yaml
create mode 100644 apps/networking/certmanager/crds/kustomization.yaml
delete mode 100644 apps/networking/cloudflared/README.md
delete mode 100644 apps/networking/cloudflared/cm.yaml
delete mode 100644 apps/networking/cloudflared/deployment.yaml
delete mode 100644 apps/networking/cloudflared/kustomization.yaml
delete mode 100644 apps/networking/squid/README.md
delete mode 100644 apps/networking/squid/base/certificate.yaml
delete mode 100644 apps/networking/squid/base/cm.yaml
delete mode 100644 apps/networking/squid/base/deployment.yaml
delete mode 100644 apps/networking/squid/base/ingress.yaml
delete mode 100644 apps/networking/squid/base/kustomization.yaml
delete mode 100644 apps/networking/squid/base/svc.yaml
delete mode 100644 apps/networking/squid/kustomization.yaml
delete mode 100644 apps/networking/tailscale/cr.yaml
delete mode 100644 apps/networking/tailscale/kustomization.yaml
create mode 100644 apps/networking/tailscale/operator/base/ingress-class.yaml
create mode 100644 apps/networking/tailscale/operator/crds/kustomization.yaml
create mode 100644 apps/networking/tailscale/operator/resources/dns.yaml
create mode 100644 apps/networking/tailscale/operator/resources/egress.yaml
rename apps/{services/mlops/discord-bot/base => networking/tailscale/operator/resources}/kustomization.yaml (61%)
create mode 100644 apps/networking/tailscale/operator/resources/macbook.yaml
create mode 100644 apps/networking/tailscale/operator/resources/subnet-router.yaml
delete mode 100644 apps/networking/tailscale/patch.yaml
delete mode 100644 apps/networking/tailscale/rb.yaml
delete mode 100644 apps/networking/tailscale/sa.yaml
create mode 100644 apps/services/4get/README.md
create mode 100644 apps/services/4get/base/cm.yaml
create mode 100644 apps/services/4get/base/deployment.yaml
rename apps/{matrix/element => services/4get}/base/kustomization.yaml (90%)
rename apps/services/{archivebox => 4get}/kustomization.yaml (51%)
delete mode 100644 apps/services/archivebox/README.md
delete mode 100644 apps/services/archivebox/base/certificate.yaml
delete mode 100644 apps/services/archivebox/base/cm.yaml
delete mode 100644 apps/services/archivebox/base/deployment.yaml
delete mode 100644 apps/services/archivebox/base/ingress.yaml
delete mode 100644 apps/services/archivebox/base/kustomization.yaml
delete mode 100644 apps/services/archivebox/base/svc.yaml
delete mode 100644 apps/services/grocy/README.md
delete mode 100644 apps/services/grocy/base/cm.yaml
delete mode 100644 apps/services/grocy/base/deployment.yaml
delete mode 100644 apps/services/grocy/base/svc.yaml
delete mode 100644 apps/services/grocy/kustomization.yaml
delete mode 100644 apps/services/jupyter/README.md
delete mode 100644 apps/services/jupyter/base/certificate.yaml
delete mode 100644 apps/services/jupyter/base/cm.yaml
delete mode 100644 apps/services/jupyter/base/cr.yaml
delete mode 100644 apps/services/jupyter/base/deployment.yaml
delete mode 100644 apps/services/jupyter/base/ingress.yaml
delete mode 100644 apps/services/jupyter/base/kustomization.yaml
delete mode 100644 apps/services/jupyter/base/rb.yaml
delete mode 100644 apps/services/jupyter/base/role.yaml
delete mode 100644 apps/services/jupyter/base/sa.yaml
delete mode 100644 apps/services/jupyter/base/secret.yaml
delete mode 100644 apps/services/jupyter/base/svc.yaml
delete mode 100644 apps/services/jupyter/kustomization.yaml
delete mode 100644 apps/services/librex/README.md
delete mode 100644 apps/services/librex/base/cm.yaml
delete mode 100644 apps/services/librex/base/deployment.yaml
delete mode 100644 apps/services/librex/base/ingress.yaml
delete mode 100644 apps/services/librex/base/kustomization.yaml
delete mode 100644 apps/services/librex/base/svc.yaml
delete mode 100644 apps/services/librex/kustomization.yaml
delete mode 100644 apps/services/mlops/chatbot-ui/README.md
delete mode 100644 apps/services/mlops/chatbot-ui/base/certificate.yaml
delete mode 100644 apps/services/mlops/chatbot-ui/base/cm.yaml
delete mode 100644 apps/services/mlops/chatbot-ui/base/deployment.yaml
delete mode 100644 apps/services/mlops/chatbot-ui/base/ingress.yaml
delete mode 100644 apps/services/mlops/chatbot-ui/base/kustomization.yaml
delete mode 100644 apps/services/mlops/chatbot-ui/base/svc.yaml
delete mode 100644 apps/services/mlops/chatbot-ui/kustomization.yaml
delete mode 100644 apps/services/mlops/discord-bot/README.md
delete mode 100644 apps/services/mlops/discord-bot/base/cm.yaml
delete mode 100644 apps/services/mlops/discord-bot/base/deployment.yaml
delete mode 100644 apps/services/mlops/discord-bot/base/secret.yaml
delete mode 100644 apps/services/mlops/discord-bot/kustomization.yaml
delete mode 100644 apps/services/mlops/kustomization.yaml
delete mode 100644 apps/services/mlops/langflow/README.md
delete mode 100644 apps/services/mlops/langflow/base/certificate.yaml
delete mode 100644 apps/services/mlops/langflow/base/cm.yaml
delete mode 100644 apps/services/mlops/langflow/base/deployment.yaml
delete mode 100644 apps/services/mlops/langflow/base/ingress.yaml
delete mode 100644 apps/services/mlops/langflow/base/kustomization.yaml
delete mode 100644 apps/services/mlops/langflow/base/svc.yaml
delete mode 100644 apps/services/mlops/langflow/kustomization.yaml
delete mode 100644 apps/services/mlops/local-ai/README.md
delete mode 100644 apps/services/mlops/local-ai/base/certificate.yaml
delete mode 100644 apps/services/mlops/local-ai/base/cm.yaml
delete mode 100644 apps/services/mlops/local-ai/base/deployment.yaml
delete mode 100644 apps/services/mlops/local-ai/base/ingress.yaml
delete mode 100644 apps/services/mlops/local-ai/base/kustomization.yaml
delete mode 100644 apps/services/mlops/local-ai/base/svc.yaml
delete mode 100644 apps/services/mlops/local-ai/kustomization.yaml
delete mode 100644 apps/services/mlops/local-ai/models/chronos.yaml
delete mode 100644 apps/services/mlops/local-ai/models/e5.yaml
delete mode 100644 apps/services/mlops/local-ai/models/embeddings.yaml
delete mode 100644 apps/services/mlops/local-ai/models/hermes.yaml
delete mode 100644 apps/services/mlops/local-ai/models/index.yaml
delete mode 100644 apps/services/mlops/local-ai/models/llama2-complete.yaml
delete mode 100644 apps/services/mlops/local-ai/models/llama2.yaml
delete mode 100644 apps/services/mlops/local-ai/models/mythos.yaml
delete mode 100644 apps/services/mlops/local-ai/models/orca.yaml
delete mode 100644 apps/services/mlops/local-ai/models/startup.yaml
delete mode 100644 apps/services/mlops/local-ai/models/whisper.yaml
delete mode 100644 apps/services/mlops/local-ai/models/wizard.yaml
delete mode 100644 apps/services/mlops/local-ai/models/wizardcode.yaml
delete mode 100644 apps/services/mlops/matrix-bot/README.md
delete mode 100644 apps/services/mlops/matrix-bot/base/cm.yaml
delete mode 100644 apps/services/mlops/matrix-bot/base/deployment.yaml
delete mode 100644 apps/services/mlops/matrix-bot/base/secret.yaml
delete mode 100644 apps/services/mlops/matrix-bot/kustomization.yaml
delete mode 100644 apps/services/mlops/memory-plugin/README.md
delete mode 100644 apps/services/mlops/memory-plugin/base/cm.yaml
delete mode 100644 apps/services/mlops/memory-plugin/base/deployment.yaml
delete mode 100644 apps/services/mlops/memory-plugin/base/kustomization.yaml
delete mode 100644 apps/services/mlops/memory-plugin/base/secret.yaml
delete mode 100644 apps/services/mlops/memory-plugin/base/svc.yaml
delete mode 100644 apps/services/mlops/memory-plugin/kustomization.yaml
delete mode 100644 apps/services/mlops/memory-plugin/overlay/cloudflared-cm.yaml
delete mode 100644 apps/services/mlops/milvus/README.md
delete mode 100644 apps/services/mlops/milvus/kustomization.yaml
delete mode 100644 apps/services/mlops/milvus/overlay/milvus-deployment.yaml
delete mode 100644 apps/services/mlops/milvus/overlay/milvus-job.yaml
delete mode 100644 apps/services/mlops/milvus/overlay/namespace-delete.yaml
delete mode 100644 apps/services/mlops/turbopilot/README.md
delete mode 100644 apps/services/mlops/turbopilot/base/certificate.yaml
delete mode 100644 apps/services/mlops/turbopilot/base/cm.yaml
delete mode 100644 apps/services/mlops/turbopilot/base/deployment.yaml
delete mode 100644 apps/services/mlops/turbopilot/base/ingress.yaml
delete mode 100644 apps/services/mlops/turbopilot/base/kustomization.yaml
delete mode 100644 apps/services/mlops/turbopilot/base/svc.yaml
delete mode 100644 apps/services/mlops/turbopilot/kustomization.yaml
delete mode 100644 apps/services/mlops/wandb/README.md
delete mode 100644 apps/services/mlops/wandb/base/certificate.yaml
delete mode 100644 apps/services/mlops/wandb/base/cm.yaml
delete mode 100644 apps/services/mlops/wandb/base/deployment.yaml
delete mode 100644 apps/services/mlops/wandb/base/kustomization.yaml
delete mode 100644 apps/services/mlops/wandb/base/secret.yaml
delete mode 100644 apps/services/mlops/wandb/base/svc.yaml
delete mode 100644 apps/services/mlops/wandb/kustomization.yaml
delete mode 100644 apps/services/proxitok/README.md
delete mode 100644 apps/services/rss/README.md
delete mode 100644 apps/services/rss/feedpushr/README.md
delete mode 100644 apps/services/rss/feedpushr/base/cm.yaml
delete mode 100644 apps/services/rss/feedpushr/base/deployment.yaml
delete mode 100644 apps/services/rss/feedpushr/base/kustomization.yaml
delete mode 100644 apps/services/rss/feedpushr/base/secret.yaml
delete mode 100644 apps/services/rss/feedpushr/base/svc.yaml
delete mode 100644 apps/services/rss/feedpushr/kustomization.yaml
delete mode 100644 apps/services/rss/hub/README.md
delete mode 100644 apps/services/rss/hub/base/certificate.yaml
delete mode 100644 apps/services/rss/hub/base/cm.yaml
delete mode 100644 apps/services/rss/hub/base/deployment.yaml
delete mode 100644 apps/services/rss/hub/base/ingress.yaml
delete mode 100644 apps/services/rss/hub/base/kustomization.yaml
delete mode 100644 apps/services/rss/hub/base/redis.yaml
delete mode 100644 apps/services/rss/hub/base/svc.yaml
delete mode 100644 apps/services/rss/hub/kustomization.yaml
delete mode 100644 apps/services/transfer/base/ingress.yaml
delete mode 100644 apps/services/transfer/kustomization.yaml
delete mode 100644 apps/services/wallabag/README.md
delete mode 100644 apps/services/wallabag/base/cm.yaml
delete mode 100644 apps/services/wallabag/base/db.yaml
delete mode 100644 apps/services/wallabag/base/deployment.yaml
delete mode 100644 apps/services/wallabag/base/kustomization.yaml
delete mode 100644 apps/services/wallabag/base/secret.yaml
delete mode 100644 apps/services/wallabag/base/svc.yaml
delete mode 100644 apps/services/wallabag/kustomization.yaml
delete mode 100644 apps/services/wger/README.md
delete mode 100644 apps/services/wger/base/certificate.yaml
delete mode 100644 apps/services/wger/base/cm.yaml
delete mode 100644 apps/services/wger/base/db.yaml
delete mode 100644 apps/services/wger/base/deployment.yaml
delete mode 100644 apps/services/wger/base/ingress.yaml
delete mode 100644 apps/services/wger/base/kustomization.yaml
delete mode 100644 apps/services/wger/base/redis.yaml
delete mode 100644 apps/services/wger/base/secret.yaml
delete mode 100644 apps/services/wger/base/svc.yaml
delete mode 100644 apps/services/wger/kustomization.yaml
delete mode 100644 apps/services/wger/overlay/cloudflared-cm.yaml
delete mode 100644 apps/utilities/crossplane/README.md
delete mode 100644 apps/utilities/crossplane/kustomization.yaml
create mode 100644 apps/utilities/kube-fledged/README.md
create mode 100644 apps/utilities/kube-fledged/kustomization.yaml
create mode 100644 apps/utilities/kured/README.md
create mode 100644 apps/utilities/nvidia/README.md
create mode 100644 apps/utilities/nvidia/kustomization.yaml
create mode 100644 apps/utilities/nvidia/patch.yaml
create mode 100644 apps/utilities/nvidia/runtimeclass.yaml
delete mode 100644 apps/utilities/sealed-secrets/README.md
delete mode 100644 apps/utilities/sealed-secrets/base/kustomization.yaml
delete mode 100644 apps/utilities/sealed-secrets/kustomization.yaml
delete mode 100644 apps/utilities/sealed-secrets/overlay/deployment.yaml
delete mode 100644 apps/utilities/sealed-secrets/overlay/svc.yaml
delete mode 100644 apps/utilities/wavy/README.md
delete mode 100644 apps/utilities/wavy/kustomization.yaml
delete mode 100644 apps/utilities/wavy/overlay/namespace-delete.yaml
delete mode 100644 apps/utilities/wavy/overlay/patch-crb.yaml
delete mode 100644 apps/utilities/wavy/overlay/patch-deploy.yaml
delete mode 100644 apps/utilities/wavy/overlay/patch-job.yaml
delete mode 100644 apps/utilities/wavy/overlay/patch-rb.yaml
diff --git a/.github/workflows/auto-prs.yml b/.github/workflows/auto-prs.yaml
similarity index 100%
rename from .github/workflows/auto-prs.yml
rename to .github/workflows/auto-prs.yaml
diff --git a/.github/workflows/gitleaks.yaml b/.github/workflows/gitleaks.yaml
new file mode 100644
index 000000000..aad3cc0b4
--- /dev/null
+++ b/.github/workflows/gitleaks.yaml
@@ -0,0 +1,14 @@
+name: Gitleaks
+on: [pull_request]
+
+jobs:
+ scan:
+ name: gitleaks
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+ - uses: gitleaks/gitleaks-action@v2
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/linters.yaml b/.github/workflows/linters.yaml
index 778bbb2f8..703ed72c2 100644
--- a/.github/workflows/linters.yaml
+++ b/.github/workflows/linters.yaml
@@ -15,9 +15,3 @@ jobs:
with:
config_file: .yamllint
- run: echo ${{ steps.yaml-lint.outputs.logfile }}
- markdown-link-check:
- name: Check for broken URIs on README
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@master
- - uses: gaurav-nelson/github-action-markdown-link-check@v1
diff --git a/.github/workflows/tailscale.yml b/.github/workflows/tailscale.yaml
similarity index 100%
rename from .github/workflows/tailscale.yml
rename to .github/workflows/tailscale.yaml
diff --git a/README.md b/README.md
index 714264ac6..1ee7acc7e 100644
--- a/README.md
+++ b/README.md
@@ -6,9 +6,6 @@
Homelab
-
- Gitops managed k3s cluster
-
@@ -28,7 +25,6 @@
> | [ArgoCD][argocd-uri] | `Git` | [More details][homelab-argocd] | ![][argocd-core] | ![][argo-badge] |
> | [CertManager][service-certmanager] | `Networking` | [More details][homelab-certmanager] | ![][argocd-certmanager] | ![][certmanager-badge] |
> | [Changedetection.io][change-uri] | `Services` | [More details][homelab-change] | ![][argocd-change] | ![][change-badge] |
-> | [Crossplane][crossplane-uri] | `GitOps` | [More details][homelab-crossplane] | ![][argocd-crossplane] | ![][crossplane-badge] |
> | [External-DNS][service-externaldns] | `Networking` | [More details][homelab-externaldns] | ![][argocd-externaldns] | ![][externaldns-badge] |
> | [Hashicorp's Vault][vault-uri] | `Security` | [Chart values][homelab-vault] | ![][argocd-vault] | ![][vault-badge] |
> | [Home Assistant][service-ha] | `Smart Home` | [More details][homelab-ha] | ![][argocd-ha] | ![][ha-badge] |
@@ -38,11 +34,8 @@
> | [n8n][n8n-uri] | `Services` | [More details][homelab-n8n] | ![][argocd-n8n] | ![][n8n-badge] |
> | [Redis Operator][redis-uri] | `Databases` | [More details][homelab-redis] | ![][argocd-redis] | ![][redis-badge] |
> | [Unifi Controller][unifi-uri] | `Networking` | [More details][homelab-unifi] | ![][argocd-unifi] | ![][unifi-badge] |
-> | [Unifi Poller][poller-uri] | `Monitoring` | [More details][homelab-poller] | ![][argocd-poller] | ![][poller-badge] |
> | [Uptime Kuma][kuma-uri] | `Monitoring` | [More details][homelab-kuma] | ![][argocd-kuma] | ![][kuma-badge] |
-> | [Wyze API Bridge][service-wyze] | `Smart Home` | [More details][homelab-wyze] | ![][argocd-wyze] | ![][wyze-badge] |
> | [Tailscale-operator][tail-uri] | `Networking` | [More details][homelab-tailscale] | ![][argocd-tailscale] |![][tailscale-badge] |
-> | [Cloudflared (as proxies)][cf-uri] | `Networking` | [More details][homelab-cloudflared] | | ![][cfd-badge] |
---
@@ -229,8 +204,6 @@
[homelab-kubevip]: https://github.com/gruberdev/homelab/tree/main/apps/networking/kube-vip
[homelab-rssgen]: https://github.com/gruberdev/homelab/tree/main/apps/services/rss/gen
[homelab-chatgpt]: https://github.com/gruberdev/homelab/tree/main/apps/services/chatgpt/discord-bot
-[homelab-p-chatgpt]: https://github.com/gruberdev/homelab/tree/main/apps/services/chatgpt/memory-plugin
-[homelab-milvus]: https://github.com/gruberdev/homelab/blob/main/apps/argocd/base/mlops/milvus.yaml
[homelab-sonarr]: https://github.com/gruberdev/homelab/tree/main/apps/services/media/sonarr
[homelab-prowlarr]: https://github.com/gruberdev/homelab/tree/main/apps/services/media/prowlarr
[homelab-rsshub]: https://github.com/gruberdev/homelab/tree/main/apps/services/rss/hub
@@ -247,52 +220,51 @@
-[argocd-kube]: https://argo.gruber.dev.br/api/badge?name=kube-prometheus
-[argocd-nvidia]: https://argo.gruber.dev.br/api/badge?name=nvidia
-[argocd-nfs]: https://argo.gruber.dev.br/api/badge?name=nfs-provisioner
-[argocd-crossplane]: https://argo.gruber.dev.br/api/badge?name=crossplane
-[argocd-ha]: https://argo.gruber.dev.br/api/badge?name=homeassistant
-[argocd-democratic-csi]: https://argo.gruber.dev.br/api/badge?name=longhorn
-[argocd-kuma]: https://argo.gruber.dev.br/api/badge?name=uptime-kuma
-[argocd-grocy]: https://argo.gruber.dev.br/api/badge?name=grocy
-[argocd-adguard]:https://argo.gruber.dev.br/api/badge?name=adguard
-[argocd-unifi-controller]: https://argo.gruber.dev.br/api/badge?name=unifi-controller
-[argocd-core]: https://argo.gruber.dev.br/api/badge?name=argocd
-[argocd-n8n]: https://argo.gruber.dev.br/api/badge?name=n8n-service
-[argocd-vault]: https://argo.gruber.dev.br/api/badge?name=vault
-[argocd-ha]: https://argo.gruber.dev.br/api/badge?name=homeassistant
-[argocd-wyze]: https://argo.gruber.dev.br/api/badge?name=wyze
-[argocd-redis]: https://argo.gruber.dev.br/api/badge?name=redis
-[argocd-matrix]: https://argo.gruber.dev.br/api/badge?name=synapse
-[argocd-mysql]: https://argo.gruber.dev.br/api/badge?name=mysql-operator
-[argocd-changedetection]: https://argo.gruber.dev.br/api/badge?name=changedetection
-[argocd-tailscale]: https://argo.gruber.dev.br/api/badge?name=tailscale
-[argocd-chatgpt]: https://argo.gruber.dev.br/api/badge?name=discord-bot-gpt
-[argocd-gitea]: https://argo.gruber.dev.br/api/badge?name=gitea
-[argocd-p-chatgpt]: https://argo.gruber.dev.br/api/badge?name=memory-plugin-gpt
-[argocd-milvus]: https://argo.gruber.dev.br/api/badge?name=milvus-operator
-[argocd-mongo]: https://argo.gruber.dev.br/api/badge?name=mongodb-operator
-[argocd-wavy]: https://argo.gruber.dev.br/api/badge?name=wavy
-[argocd-poller]: https://argo.gruber.dev.br/api/badge?name=unifi-poller
-[argocd-rss-gen]: https://argo.gruber.dev.br/api/badge?name=rss-gen
-[argocd-rss-hub]: https://argo.gruber.dev.br/api/badge?name=rss-hub
-[argocd-feedpushr]: https://argo.gruber.dev.br/api/badge?name=feedpushr
-[argocd-change]: https://argo.gruber.dev.br/api/badge?name=changedetection
-[argocd-beets]: https://argo.gruber.dev.br/api/badge?name=beets
-[argocd-lidarr]: https://argo.gruber.dev.br/api/badge?name=lidarr
-[argocd-metabase]: https://argo.gruber.dev.br/api/badge?name=metabase
-[argocd-kubevip]: https://argo.gruber.dev.br/api/badge?name=kube-vip
-[argocd-prowlarr]: https://argo.gruber.dev.br/api/badge?name=prowlarr
-[argocd-sonarr]: https://argo.gruber.dev.br/api/badge?name=sonarr
-[argocd-jellyfin]: https://argo.gruber.dev.br/api/badge?name=jellyfin
-[argocd-wallabag]: https://argo.gruber.dev.br/api/badge?name=wallabag
-[argocd-crossplane]: https://argo.gruber.dev.br/api/badge?name=crossplane
-[argocd-tailscale]: https://argo.gruber.dev.br/api/badge?name=tailscale-operator
-[argocd-agones]: https://argo.gruber.dev.br/api/badge?name=agones
-[argocd-gpu-exporter]: https://argo.gruber.dev.br/api/badge?name=nvidia-exporter
-[argocd-externaldns]: https://argo.gruber.dev.br/api/badge?name=external-dns-cloudflare
-[argocd-certmanager]: https://argo.gruber.dev.br/api/badge?name=certmanager
-[argocd-unifi]: https://argo.gruber.dev.br/api/badge?name=unifi-controller
+[argocd-kube]: https://argo.raptor-beta.ts.net/api/badge?name=kube-prometheus
+[argocd-nvidia]: https://argo.raptor-beta.ts.net/api/badge?name=nvidia
+[argocd-nfs]: https://argo.raptor-beta.ts.net/api/badge?name=nfs-provisioner
+[argocd-crossplane]: https://argo.raptor-beta.ts.net/api/badge?name=crossplane
+[argocd-ha]: https://argo.raptor-beta.ts.net/api/badge?name=homeassistant
+[argocd-kuma]: https://argo.raptor-beta.ts.net/api/badge?name=uptime-kuma
+[argocd-grocy]: https://argo.raptor-beta.ts.net/api/badge?name=grocy
+[argocd-adguard]:https://argo.raptor-beta.ts.net/api/badge?name=adguard
+[argocd-unifi-controller]: https://argo.raptor-beta.ts.net/api/badge?name=unifi-controller
+[argocd-core]: https://argo.raptor-beta.ts.net/api/badge?name=argocd
+[argocd-n8n]: https://argo.raptor-beta.ts.net/api/badge?name=n8n-service
+[argocd-vault]: https://argo.raptor-beta.ts.net/api/badge?name=vault
+[argocd-ha]: https://argo.raptor-beta.ts.net/api/badge?name=homeassistant
+[argocd-wyze]: https://argo.raptor-beta.ts.net/api/badge?name=wyze
+[argocd-redis]: https://argo.raptor-beta.ts.net/api/badge?name=redis
+[argocd-matrix]: https://argo.raptor-beta.ts.net/api/badge?name=synapse
+[argocd-mysql]: https://argo.raptor-beta.ts.net/api/badge?name=mysql-operator
+[argocd-changedetection]: https://argo.raptor-beta.ts.net/api/badge?name=changedetection
+[argocd-tailscale]: https://argo.raptor-beta.ts.net/api/badge?name=tailscale-operator
+[argocd-chatgpt]: https://argo.raptor-beta.ts.net/api/badge?name=discord-bot-gpt
+[argocd-gitea]: https://argo.raptor-beta.ts.net/api/badge?name=gitea
+[argocd-p-chatgpt]: https://argo.raptor-beta.ts.net/api/badge?name=memory-plugin-gpt
+[argocd-milvus]: https://argo.raptor-beta.ts.net/api/badge?name=milvus-operator
+[argocd-mongo]: https://argo.raptor-beta.ts.net/api/badge?name=mongodb-operator
+[argocd-wavy]: https://argo.raptor-beta.ts.net/api/badge?name=wavy
+[argocd-poller]: https://argo.raptor-beta.ts.net/api/badge?name=unifi-poller
+[argocd-rss-gen]: https://argo.raptor-beta.ts.net/api/badge?name=rss-gen
+[argocd-rss-hub]: https://argo.raptor-beta.ts.net/api/badge?name=rss-hub
+[argocd-feedpushr]: https://argo.raptor-beta.ts.net/api/badge?name=feedpushr
+[argocd-change]: https://argo.raptor-beta.ts.net/api/badge?name=changedetection
+[argocd-beets]: https://argo.raptor-beta.ts.net/api/badge?name=beets
+[argocd-lidarr]: https://argo.raptor-beta.ts.net/api/badge?name=lidarr
+[argocd-metabase]: https://argo.raptor-beta.ts.net/api/badge?name=metabase
+[argocd-kubevip]: https://argo.raptor-beta.ts.net/api/badge?name=kubevip
+[argocd-prowlarr]: https://argo.raptor-beta.ts.net/api/badge?name=prowlarr
+[argocd-sonarr]: https://argo.raptor-beta.ts.net/api/badge?name=sonarr
+[argocd-jellyfin]: https://argo.raptor-beta.ts.net/api/badge?name=jellyfin
+[argocd-wallabag]: https://argo.raptor-beta.ts.net/api/badge?name=wallabag
+[argocd-crossplane]: https://argo.raptor-beta.ts.net/api/badge?name=crossplane
+[argocd-tailscale]: https://argo.raptor-beta.ts.net/api/badge?name=tailscale-operator
+[argocd-agones]: https://argo.raptor-beta.ts.net/api/badge?name=agones
+[argocd-gpu-exporter]: https://argo.raptor-beta.ts.net/api/badge?name=nvidia-exporter
+[argocd-externaldns]: https://argo.raptor-beta.ts.net/api/badge?name=external-dns-cloudflare
+[argocd-certmanager]: https://argo.raptor-beta.ts.net/api/badge?name=certmanager
+[argocd-unifi]: https://argo.raptor-beta.ts.net/api/badge?name=unifi-controller
diff --git a/apps/argocd/Dockerfile b/apps/argocd/Dockerfile
index 6f3b7dc84..c90861328 100644
--- a/apps/argocd/Dockerfile
+++ b/apps/argocd/Dockerfile
@@ -1,8 +1,8 @@
-ARG HELM_VERSION=3.12.3
-ARG ALPINE_VERSION=3.18.3
-ARG ARGOCD_VERSION=2.8.3
-ARG VAULT_PLUGIN_VERSION=1.16.1
+ARG HELM_VERSION=3.15.2
+ARG ALPINE_VERSION=3.20.1
+ARG ARGOCD_VERSION=2.11.3
+ARG VAULT_PLUGIN_VERSION=1.18.1
FROM alpine/helm:${HELM_VERSION} as helm
FROM alpine:${ALPINE_VERSION} as temp
@@ -19,7 +19,7 @@ USER root
RUN apt-get update && \
apt-get install -y \
- curl && \
+ curl && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
diff --git a/apps/argocd/README.md b/apps/argocd/README.md
index 21ce14e5d..47ca1d4ce 100644
--- a/apps/argocd/README.md
+++ b/apps/argocd/README.md
@@ -1,38 +1,48 @@
-
- 
-
- 
-
+
+
+
+
+ 
+ 
+
-### Description
+ ### Description
-> ArgoCD is a continuous delivery tool for Kubernetes that helps you keep your applications in sync with the desired state that you have defined in git. It uses a declarative configuration file to specify the desired state of your applications, and it continuously monitors the live state of your applications to ensure that they match the desired state.
->
-> With ArgoCD, you can easily manage and automate the deployment of your applications, making it easy to keep your applications up-to-date and consistent across different environments.
+ > ArgoCD is a continuous delivery tool for Kubernetes that helps you keep your applications in sync with the desired state that you have defined in git. It uses a declarative configuration file to specify the desired state of your applications, and it continuously monitors the live state of your applications to ensure that they match the desired state.
+ >
+ > With ArgoCD, you can easily manage and automate the deployment of your applications, making it easy to keep your applications up-to-date and consistent across different environments.
-### Reasons I chose ArgoCD over Flux
+ ### Reasons I chose ArgoCD over Flux
-> - ArgoCD features a user-friendly web-based User Interface (UI) designed to facilitate the viewing and management of application states, promoting efficient team collaboration.
-> - It implements fine-grained permission control, extending access rights to both internal and external resources within its control plane, offering enhanced security and resource management.
-> - The provision of an Application Programming Interface (API) in ArgoCD allows for seamless integration with various tools and systems. This enhances workflow automation capabilities in continuous delivery and fosters interoperability with other Argo-branded tools.
-> - The synchronization capabilities of ArgoCD include comprehensive health checks, ensuring reliable data reporting for application deployment status. Compared to FluxCD, ArgoCD's self-healing features are more extensive. It should be noted that FluxCD's sync hooks are limited to supporting Helm charts exclusively.
->
-> **In summary, ArgoCD presents a comprehensive and feature-intensive solution for the management and automation of Kubernetes-based application deployments.**
+ > - ArgoCD features a user-friendly web-based User Interface (UI) designed to facilitate the viewing and management of application states, promoting efficient team collaboration.
+ > - It implements fine-grained permission control, extending access rights to both internal and external resources within its control plane, offering enhanced security and resource management.
+ > - The provision of an Application Programming Interface (API) in ArgoCD allows for seamless integration with various tools and systems. This enhances workflow automation capabilities in continuous delivery and fosters interoperability with other Argo-branded tools.
+ > - The synchronization capabilities of ArgoCD include comprehensive health checks, ensuring reliable data reporting for application deployment status. Compared to FluxCD, ArgoCD's self-healing features are more extensive. It should be noted that FluxCD's sync hooks are limited to supporting Helm charts exclusively.
+ >
+ > **In summary, ArgoCD presents a comprehensive and feature-intensive solution for the management and automation of Kubernetes-based application deployments.**
-
+
-### Relevant Links
+ ### Relevant Links
-- [Website][website-uri]
-- [Official Documentation][docs-uri]
-- [Awesome ArgoCD][awesome-uri]
+ - [Website][website-uri]
+ - [Official Documentation][docs-uri]
+ - [Awesome ArgoCD][awesome-uri]
-### Instructions for deployment
+ ### Instructions for deployment
-```bash
-task argocd:install
-```
+ ```bash
+ task argocd:install
+ # Or
+ kubectl apply -k github.com/gruberdev/homelab/apps/argocd
+ ```
-[website-uri]: https://argoproj.github.io/cd/
-[docs-uri]: https://argo-cd.readthedocs.io/en/stable/
-[awesome-uri]: https://github.com/terrytangyuan/awesome-argo
+ ## Important notes
+
+ - I am currently integrating Vault with ArgoCD to manage my secrets.
+ - Presently, it operates in non-HA mode, but I plan to transition to HA mode in the future.
+ - This is a self-managed instance, where all modifications, including updates to its versioning and configurations for the app-of-apps projects, are handled via GitOps.
+
+ [website-uri]: https://argoproj.github.io/cd/
+ [docs-uri]: https://argo-cd.readthedocs.io/en/stable/
+ [awesome-uri]: https://github.com/terrytangyuan/awesome-argo
diff --git a/apps/argocd/base/core/private.yaml b/apps/argocd/base/core/private.yaml
index ca5d3bd2b..ee1b1c4a7 100644
--- a/apps/argocd/base/core/private.yaml
+++ b/apps/argocd/base/core/private.yaml
@@ -5,7 +5,7 @@ metadata:
spec:
project: core
source:
- repoURL: 'https://github.com/gruberdev/private.git'
+ repoURL: 'https://github.com/gruberdev/homelab.git'
path: meta
targetRevision: main
destination:
diff --git a/apps/argocd/base/data/cloudnative.yaml b/apps/argocd/base/data/cloudnative.yaml
index 4efd8d2cc..b5d3792e5 100644
--- a/apps/argocd/base/data/cloudnative.yaml
+++ b/apps/argocd/base/data/cloudnative.yaml
@@ -15,16 +15,32 @@ spec:
automated:
prune: true
selfHeal: true
- allowEmpty: false
+ managedNamespaceMetadata:
+ labels:
+ prometheus: enabled
+ pod-security.kubernetes.io/enforce: privileged
+ pod-security.kubernetes.io/audit: privileged
+ pod-security.kubernetes.io/warn: privileged
syncOptions:
- - Validate=false
- - CreateNamespace=true
- - PrunePropagationPolicy=foreground
- - ServerSideApply=true
- - Prune=true
+ - CreateNamespace=true
+ - ServerSideApply=true
+ - Prune=true
retry:
limit: 5
backoff:
duration: 20s
factor: 2
maxDuration: 15m
+ info:
+ - name: "Github Repository:"
+ value: >-
+ https://github.com/cloudnative-pg/cloudnative-pg
+ - name: "Official documentation:"
+ value: >-
+ https://cloudnative-pg.io/docs
+ - name: "Helm chart location:"
+ value: >-
+ https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg
+ - name: "Container registry:"
+ value: >-
+ https://github.com/cloudnative-pg/cloudnative-pg/pkgs/container/cloudnative-pg
diff --git a/apps/argocd/base/data/kustomization.yaml b/apps/argocd/base/data/kustomization.yaml
index 140780a97..32fb56d1d 100644
--- a/apps/argocd/base/data/kustomization.yaml
+++ b/apps/argocd/base/data/kustomization.yaml
@@ -4,9 +4,11 @@ kind: Kustomization
resources:
- cloudnative.yaml
- redis.yaml
+- minio.yaml
- storage.yaml
+- mysql.yaml
namespace: argocd
-commonLabels:
- app.kubernetes.io/category: data
+commonAnnotations:
+ argocd.argoproj.io/sync-wave: "1"
diff --git a/apps/argocd/base/data/minio.yaml b/apps/argocd/base/data/minio.yaml
new file mode 100644
index 000000000..8656d1547
--- /dev/null
+++ b/apps/argocd/base/data/minio.yaml
@@ -0,0 +1,43 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: minio-operator
+spec:
+ project: cluster
+ source:
+ repoURL: 'https://github.com/gruberdev/homelab.git'
+ path: apps/data/minio
+ targetRevision: main
+ destination:
+ namespace: minio-operator
+ name: in-cluster
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true
+ managedNamespaceMetadata:
+ labels:
+ prometheus: enabled
+ pod-security.kubernetes.io/enforce: privileged
+ pod-security.kubernetes.io/audit: privileged
+ pod-security.kubernetes.io/warn: privileged
+ syncOptions:
+ - Prune=true
+ - ServerSideApply=true
+ - CreateNamespace=true
+ retry:
+ limit: 10
+ backoff:
+ duration: 20s
+ factor: 2
+ maxDuration: 15m
+ info:
+ - name: 'Github Repository:'
+ value: >-
+ https://github.com/minio/operator
+ - name: 'Official Documentation:'
+ value: >-
+ https://min.io/docs/minio/kubernetes/upstream/
+ - name: 'CRD Examples:'
+ value: >-
+ https://github.com/minio/operator/tree/master/examples/kustomization
diff --git a/apps/argocd/base/matrix/dbs.yaml b/apps/argocd/base/data/mysql.yaml
similarity index 55%
rename from apps/argocd/base/matrix/dbs.yaml
rename to apps/argocd/base/data/mysql.yaml
index 8271bb624..11790e684 100644
--- a/apps/argocd/base/matrix/dbs.yaml
+++ b/apps/argocd/base/data/mysql.yaml
@@ -1,33 +1,32 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
- name: matrix-databases
+ name: mysql-operator
spec:
- project: matrix
+ project: cluster
source:
repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/matrix/databases
+ path: apps/data/mysql
targetRevision: main
destination:
- namespace: matrix1
+ namespace: mysql-operator
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
- allowEmpty: false
managedNamespaceMetadata:
labels:
prometheus: enabled
+ pod-security.kubernetes.io/enforce: privileged
+ pod-security.kubernetes.io/audit: privileged
+ pod-security.kubernetes.io/warn: privileged
syncOptions:
- - Validate=false
- - CreateNamespace=true
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
+ - CreateNamespace=true
+ - ServerSideApply=true
+ - Prune=true
retry:
- limit: 5
+ limit: 10
backoff:
duration: 20s
factor: 2
diff --git a/apps/argocd/base/data/redis.yaml b/apps/argocd/base/data/redis.yaml
index f4cb6d110..29510f964 100644
--- a/apps/argocd/base/data/redis.yaml
+++ b/apps/argocd/base/data/redis.yaml
@@ -15,20 +15,29 @@ spec:
automated:
prune: true
selfHeal: true
- allowEmpty: false
managedNamespaceMetadata:
labels:
prometheus: enabled
+ pod-security.kubernetes.io/enforce: privileged
+ pod-security.kubernetes.io/audit: privileged
+ pod-security.kubernetes.io/warn: privileged
syncOptions:
- - Validate=false
- - CreateNamespace=true
- - PrunePropagationPolicy=foreground
- - ApplyOutOfSyncOnly=false
- - Prune=true
- - ServerSideApply=true
+ - CreateNamespace=true
+ - ServerSideApply=true
+ - Prune=true
retry:
- limit: 10
+ limit: 5
backoff:
duration: 20s
factor: 2
maxDuration: 15m
+ info:
+ - name: 'Github Repository:'
+ value: >-
+ https://github.com/OT-CONTAINER-KIT/redis-operator
+ - name: 'Helm chart Github repository:'
+ value: >-
+ hhttps://github.com/OT-CONTAINER-KIT/helm-charts
+ - name: 'Helm chart example values:'
+ value: >-
+ https://github.com/OT-CONTAINER-KIT/helm-charts/tree/main/charts/redis-operator
diff --git a/apps/argocd/base/data/storage.yaml b/apps/argocd/base/data/storage.yaml
index 878e77260..152794ee1 100644
--- a/apps/argocd/base/data/storage.yaml
+++ b/apps/argocd/base/data/storage.yaml
@@ -12,18 +12,21 @@ spec:
name: in-cluster
syncPolicy:
automated:
- prune: false
- selfHeal: false
- allowEmpty: true
+ prune: true
+ selfHeal: true
syncOptions:
- - Validate=false
- - PrunePropagationPolicy=foreground
- - PruneLast=false
- - ApplyOutOfSyncOnly=true
- - Prune=false
+ - ServerSideApply=true
+ - Prune=true
retry:
- limit: 1
+ limit: 5
backoff:
duration: 20s
factor: 2
maxDuration: 15m
+ info:
+ - name: 'Mayastor Storage Class Github repository:'
+ value: >-
+ https://github.com/openebs/mayastor
+ - name: 'Mayastor OpenEBS Official Documentation:'
+ value: >-
+ https://openebs.io/docs/user-guides/replicated-storage-user-guide/replicated-pv-mayastor/rs-installation
diff --git a/apps/argocd/base/home/external-mic.yaml b/apps/argocd/base/home/external-mic.yaml
index 379c042c9..36fa5bd19 100644
--- a/apps/argocd/base/home/external-mic.yaml
+++ b/apps/argocd/base/home/external-mic.yaml
@@ -2,17 +2,12 @@ apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: external-mic
- finalizers:
- - resources-finalizer.argocd.argoproj.io
spec:
project: apps
source:
- repoURL: "https://github.com/gruberdev/homelab.git"
+ repoURL: https://github.com/gruberdev/homelab.git
path: apps/home/external-mic
targetRevision: main
- kustomize:
- commonLabels:
- app.kubernetes.io/category: home
destination:
namespace: homeassistant
name: in-cluster
diff --git a/apps/argocd/base/home/frigate.yaml b/apps/argocd/base/home/frigate.yaml
index 5a7d23ad2..fb450ad71 100644
--- a/apps/argocd/base/home/frigate.yaml
+++ b/apps/argocd/base/home/frigate.yaml
@@ -2,17 +2,12 @@ apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: frigate
- finalizers:
- - resources-finalizer.argocd.argoproj.io
spec:
project: apps
source:
repoURL: "https://github.com/gruberdev/homelab.git"
path: apps/home/frigate
targetRevision: main
- kustomize:
- commonLabels:
- app.kubernetes.io/category: home
destination:
namespace: homeassistant
name: in-cluster
diff --git a/apps/argocd/base/home/go2rtc.yaml b/apps/argocd/base/home/go2rtc.yaml
new file mode 100644
index 000000000..0cc69ae95
--- /dev/null
+++ b/apps/argocd/base/home/go2rtc.yaml
@@ -0,0 +1,33 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: go2rtc
+spec:
+ project: apps
+ source:
+ repoURL: "https://github.com/gruberdev/homelab.git"
+ path: apps/home/go2rtc
+ targetRevision: main
+ destination:
+ namespace: homeassistant
+ name: in-cluster
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true
+ syncOptions:
+ - Prune=true
+ - ServerSideApply=true
+ retry:
+ limit: 10
+ backoff:
+ duration: 20s
+ factor: 2
+ maxDuration: 15m
+ info:
+ - name: "Github Repository:"
+ value: >-
+ https://github.com/AlexxIT/go2rtc/
+ - name: "Official documentation:"
+ value: >-
+ https://github.com/AlexxIT/go2rtc/?tab=readme-ov-file#source-rtsp
diff --git a/apps/argocd/base/home/ha.yaml b/apps/argocd/base/home/ha.yaml
index 9e1c95418..515d04d15 100644
--- a/apps/argocd/base/home/ha.yaml
+++ b/apps/argocd/base/home/ha.yaml
@@ -15,17 +15,34 @@ spec:
automated:
prune: true
selfHeal: true
- allowEmpty: true
+ managedNamespaceMetadata:
+ labels:
+ prometheus: enabled
+ pod-security.kubernetes.io/enforce: privileged
+ pod-security.kubernetes.io/audit: privileged
+ pod-security.kubernetes.io/warn: privileged
syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - ApplyOutOfSyncOnly=false
- Prune=true
- ServerSideApply=true
+ - CreateNamespace=true
retry:
limit: 5
backoff:
duration: 20s
factor: 2
maxDuration: 15m
+ ignoreDifferences:
+ - group: ""
+ kind: "Service"
+ jsonPointers:
+ - /spec/externalName
+ info:
+ - name: "Github Repository:"
+ value: >-
+ https://github.com/home-assistant/core
+ - name: "Docker registry:"
+ value: >-
+ https://hub.docker.com/r/homeassistant/home-assistant/tags
+ - name: "Official documentation:"
+ value: >-
+ https://www.home-assistant.io/docs/configuration
diff --git a/apps/argocd/base/home/kustomization.yaml b/apps/argocd/base/home/kustomization.yaml
index b2dfd9c71..3b93b0c26 100644
--- a/apps/argocd/base/home/kustomization.yaml
+++ b/apps/argocd/base/home/kustomization.yaml
@@ -1,13 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- - ha.yaml
- - openwakeword.yaml
- - piper.yaml
- - whisper.yaml
- - frigate.yaml
- - wyze.yaml
- - external-mic.yaml
- - satellite.yaml
+- ha.yaml
+# - frigate.yaml
+# - go2rtc.yaml
+# - openwakeword.yaml
+# - piper.yaml
+# - whisper.yaml
+# - satellite.yaml
+# - external-mic.yaml
namespace: argocd
diff --git a/apps/argocd/base/home/openwakeword.yaml b/apps/argocd/base/home/openwakeword.yaml
index 0a0e84dd0..48b2acd51 100644
--- a/apps/argocd/base/home/openwakeword.yaml
+++ b/apps/argocd/base/home/openwakeword.yaml
@@ -2,12 +2,10 @@ apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: openwakeword
- finalizers:
- - resources-finalizer.argocd.argoproj.io
spec:
project: apps
source:
- repoURL: "https://github.com/gruberdev/homelab.git"
+ repoURL: https://github.com/gruberdev/homelab.git
path: apps/home/openwakeword
targetRevision: main
destination:
@@ -17,17 +15,22 @@ spec:
automated:
prune: true
selfHeal: true
- allowEmpty: true
syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - ApplyOutOfSyncOnly=false
- Prune=true
- ServerSideApply=true
retry:
- limit: 5
+ limit: 10
backoff:
duration: 20s
factor: 2
maxDuration: 15m
+ info:
+ - name: "Github Repository:"
+ value: >-
+ https://github.com/dscripka/openWakeWord
+ - name: "Wyoming Github Repository:"
+ value: >-
+ https://github.com/rhasspy/wyoming-openwakeword
+ - name: "Homelab documentation:"
+ value: >-
+ https://github.com/gruberdev/homelab/tree/main/apps/home/openwakeword
diff --git a/apps/argocd/base/home/piper.yaml b/apps/argocd/base/home/piper.yaml
index ccea38c07..1e719309f 100644
--- a/apps/argocd/base/home/piper.yaml
+++ b/apps/argocd/base/home/piper.yaml
@@ -2,12 +2,10 @@ apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: piper
- finalizers:
- - resources-finalizer.argocd.argoproj.io
spec:
project: apps
source:
- repoURL: "https://github.com/gruberdev/homelab.git"
+ repoURL: https://github.com/gruberdev/homelab.git
path: apps/home/piper
targetRevision: main
destination:
@@ -17,17 +15,22 @@ spec:
automated:
prune: true
selfHeal: true
- allowEmpty: true
syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - ApplyOutOfSyncOnly=false
- Prune=true
- ServerSideApply=true
retry:
- limit: 5
+ limit: 10
backoff:
duration: 20s
factor: 2
maxDuration: 15m
+ info:
+ - name: "Github Repository:"
+ value: >-
+ https://github.com/rhasspy/piper
+ - name: "Wyoming Github Repository:"
+ value: >-
+ https://github.com/rhasspy/wyoming-piper
+ - name: "Homelab documentation:"
+ value: >-
+ https://github.com/gruberdev/homelab/tree/main/apps/home/piper
diff --git a/apps/argocd/base/home/satellite.yaml b/apps/argocd/base/home/satellite.yaml
index 3cf834e4e..2fd53452b 100644
--- a/apps/argocd/base/home/satellite.yaml
+++ b/apps/argocd/base/home/satellite.yaml
@@ -2,18 +2,12 @@ apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: satellite
- finalizers:
- - resources-finalizer.argocd.argoproj.io
spec:
project: apps
source:
repoURL: "https://github.com/gruberdev/homelab.git"
path: apps/home/satellite
targetRevision: main
- kustomize:
- commonLabels:
- app.kubernetes.io/app: satellite
- app.kubernetes.io/category: home
destination:
namespace: homeassistant
name: in-cluster
diff --git a/apps/argocd/base/home/whisper.yaml b/apps/argocd/base/home/whisper.yaml
index 9c337000d..e7ece7e3d 100644
--- a/apps/argocd/base/home/whisper.yaml
+++ b/apps/argocd/base/home/whisper.yaml
@@ -2,8 +2,6 @@ apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: whisper
- finalizers:
- - resources-finalizer.argocd.argoproj.io
spec:
project: apps
source:
@@ -17,17 +15,22 @@ spec:
automated:
prune: true
selfHeal: true
- allowEmpty: true
syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - ApplyOutOfSyncOnly=false
- Prune=true
- ServerSideApply=true
retry:
- limit: 5
+ limit: 10
backoff:
duration: 20s
factor: 2
maxDuration: 15m
+ info:
+ - name: "Github Repository:"
+ value: >-
+ https://github.com/openai/whisper
+ - name: "Wyoming Github Repository:"
+ value: >-
+ https://github.com/rhasspy/wyoming-faster-whisper
+ - name: "Homelab documentation:"
+ value: >-
+ https://github.com/gruberdev/homelab/tree/main/apps/home/whisper
diff --git a/apps/argocd/base/ingress.yaml b/apps/argocd/base/ingress.yaml
new file mode 100644
index 000000000..6f0b932c8
--- /dev/null
+++ b/apps/argocd/base/ingress.yaml
@@ -0,0 +1,21 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: argo
+ annotations:
+ tailscale.com/funnel: "true"
+spec:
+ rules:
+ - http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: argocd-server
+ port:
+ number: 80
+ ingressClassName: tailscale
+ tls:
+ - hosts:
+ - argo
diff --git a/apps/argocd/base/matrix/dendrite.yaml b/apps/argocd/base/matrix/dendrite.yaml
deleted file mode 100644
index 19623b826..000000000
--- a/apps/argocd/base/matrix/dendrite.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: dendrite
-spec:
- project: matrix
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/matrix/dendrite
- targetRevision: main
- destination:
- namespace: matrix1
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/matrix/discord.yaml b/apps/argocd/base/matrix/discord.yaml
deleted file mode 100644
index 7109f1beb..000000000
--- a/apps/argocd/base/matrix/discord.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: discord-bridge
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: matrix
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/matrix/bridges/discord
- targetRevision: main
- destination:
- namespace: matrix1
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/matrix/element.yaml b/apps/argocd/base/matrix/element.yaml
deleted file mode 100644
index cb7be7fa8..000000000
--- a/apps/argocd/base/matrix/element.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: element
-spec:
- project: matrix
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/matrix/element
- targetRevision: main
- destination:
- namespace: matrix
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: -1
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/matrix/instagram.yaml b/apps/argocd/base/matrix/instagram.yaml
deleted file mode 100644
index 082680788..000000000
--- a/apps/argocd/base/matrix/instagram.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: instagram-bridge
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: matrix
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/matrix/bridges/instagram
- targetRevision: main
- destination:
- namespace: matrix1
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/matrix/linkedin.yaml b/apps/argocd/base/matrix/linkedin.yaml
deleted file mode 100644
index e14ad9818..000000000
--- a/apps/argocd/base/matrix/linkedin.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: linkedin-bridge
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: matrix
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/matrix/bridges/linkedin
- targetRevision: main
- destination:
- namespace: matrix1
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/matrix/proxies.yaml b/apps/argocd/base/matrix/proxies.yaml
deleted file mode 100644
index 7f58c9822..000000000
--- a/apps/argocd/base/matrix/proxies.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: proxies
-spec:
- project: matrix
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/matrix/proxies
- targetRevision: main
- destination:
- namespace: matrix
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: -1
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/matrix/signal.yaml b/apps/argocd/base/matrix/signal.yaml
deleted file mode 100644
index e30aa63d9..000000000
--- a/apps/argocd/base/matrix/signal.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: signal-bridge
-spec:
- project: matrix
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/matrix/bridges/signal
- targetRevision: main
- destination:
- namespace: matrix
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: -1
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/matrix/steam.yaml b/apps/argocd/base/matrix/steam.yaml
deleted file mode 100644
index f5a2bf2bd..000000000
--- a/apps/argocd/base/matrix/steam.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: steam-bridge
-spec:
- project: matrix
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/matrix/bridges/steam
- targetRevision: main
- destination:
- namespace: matrix
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: -1
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/matrix/synapse.yaml b/apps/argocd/base/matrix/synapse.yaml
deleted file mode 100644
index 11f1a7939..000000000
--- a/apps/argocd/base/matrix/synapse.yaml
+++ /dev/null
@@ -1,351 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: synapse
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: matrix
- source:
- repoURL: https://gitlab.com/ananace/charts.git
- targetRevision: master
- path: charts/matrix-synapse
- helm:
- releaseName: matrix
- values: |
- image:
- repository: matrixdotorg/synapse
- # tag: ''
- pullPolicy: IfNotPresent
- serverName: 'matrix.gruber.dev.br'
- publicServerName: 'matrix.gruber.dev.br'
- signingkey:
- job:
- enabled: false
- existingSecret: matrix-signingkey
- existingSecretKey: signing.key
- config:
- publicBaseurl: 'https://matrix.gruber.dev.br'
- reportStats: false
- enableRegistration: true
- registrationSharedSecret:
- macaroonSecretKey:
- trustedKeyServers:
- - server_name: matrix.org
- extraListeners: []
- extraConfig:
- enable_registration_without_verification: true
- app_service_config_files:
- - /bridges/whatsapp.yaml
- - /instagram/instagram.yaml
- - /linkedin/linkedin.yaml
- extraSecrets: {}
- synapse:
- strategy:
- type: Recreate
- annotations:
- prometheus.io/scrape: "true"
- prometheus.io/path: "/_synapse/metrics"
- prometheus.io/port: "9090"
- reloader.stakater.com/auto: "true"
- labels: {}
- nodeSelector:
- kubernetes.io/hostname: node-one
- extraEnv: []
- extraVolumes:
- - name: bridges
- persistentVolumeClaim:
- claimName: bridge-config-storage
- - name: instagram-bridge
- persistentVolumeClaim:
- claimName: registration-instagram-matrix
- - name: linkedin-bridge
- persistentVolumeClaim:
- claimName: registration-linkedin-matrix
- extraVolumeMounts:
- - name: bridges
- mountPath: /bridges
- - name: instagram-bridge
- mountPath: /instagram
- - name: linkedin-bridge
- mountPath: /linkedin
- extraCommands: []
- podSecurityContext:
- fsGroup: 0
- runAsGroup: 0
- runAsUser: 0
- securityContext:
- runAsNonRoot: false
- runAsUser: 0
- resources:
- limits:
- cpu: 800m
- memory: 1500Mi
- requests:
- cpu: 300m
- memory: 500Mi
- livenessProbe:
- httpGet:
- path: /health
- port: http
- periodSeconds: 15
- initialDelaySeconds: 45
- readinessProbe:
- httpGet:
- path: /health
- port: http
- periodSeconds: 5
- initialDelaySeconds: 10
- tolerations: []
- affinity: {}
- workers:
- default:
- replicaCount: 1
- strategy:
- type: Recreate
- annotations:
- prometheus.io/scrape: "true"
- prometheus.io/path: "/_synapse/metrics"
- prometheus.io/port: "9090"
- reloader.stakater.com/auto: "true"
- extraEnv: []
- volumes:
- - name: bridges
- persistentVolumeClaim:
- claimName: bridge-config-storage
- - name: instagram-bridge
- persistentVolumeClaim:
- claimName: registration-instagram-matrix
- - name: linkedin-bridge
- persistentVolumeClaim:
- claimName: registration-linkedin-matrix
- volumeMounts:
- - name: bridges
- mountPath: /bridges
- - name: instagram-bridge
- mountPath: /instagram
- - name: linkedin-bridge
- mountPath: /linkedin
- podSecurityContext: {}
- securityContext: {}
- resources:
- limits:
- cpu: 850m
- memory: 1500Mi
- requests:
- cpu: 250m
- memory: 512Mi
- livenessProbe:
- httpGet:
- path: /health
- port: metrics
- periodSeconds: 15
- initialDelaySeconds: 45
- readinessProbe:
- httpGet:
- path: /health
- port: metrics
- periodSeconds: 5
- initialDelaySeconds: 10
- startupProbe:
- failureThreshold: 6
- httpGet:
- path: /health
- port: metrics
- initialDelaySeconds: 120
- tolerations: []
- affinity: {}
- generic_worker:
- enabled: true
- generic: true
- listeners: [client, federation]
- csPaths:
- ## Sync requests
- - "/_matrix/client/(r0|v3)/sync$"
- - "/_matrix/client/(api/v1|r0|v3)/events$"
- - "/_matrix/client/(api/v1|r0|v3)/initialSync$"
- - "/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$"
- ## Client API requests
- - "/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$"
- - "/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$"
- - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$"
- - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/"
- - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$"
- - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$"
- - "/_matrix/client/v1/rooms/.*/hierarchy$"
- - "/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$"
- - "/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$"
- - "/_matrix/client/(r0|v3|unstable)/account/3pid$"
- - "/_matrix/client/(r0|v3|unstable)/account/whoami$"
- - "/_matrix/client/(r0|v3|unstable)/devices$"
- - "/_matrix/client/versions$"
- - "/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$"
- - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/"
- - "/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$"
- - "/_matrix/client/(api/v1|r0|v3|unstable)/search$"
- - "/_matrix/client/(r0|v3|unstable)/keys/query$"
- - "/_matrix/client/(r0|v3|unstable)/keys/changes$"
- - "/_matrix/client/(r0|v3|unstable)/keys/claim$"
- - "/_matrix/client/(r0|v3|unstable)/room_keys/"
- ## Registration/login requests
- - "/_matrix/client/(api/v1|r0|v3|unstable)/login$"
- - "/_matrix/client/(r0|v3|unstable)/register$"
- - "/_matrix/client/v1/register/m.login.registration_token/validity$"
- ## Event sending requests
- - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact"
- - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send"
- - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/"
- - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$"
- - "/_matrix/client/(api/v1|r0|v3|unstable)/join/"
- - "/_matrix/client/(api/v1|r0|v3|unstable)/profile/"
- ## User directory search requests
- - "/_matrix/client/(r0|v3|unstable)/user_directory/search"
- ## Worker event streams
- ## See https://matrix-org.github.io/synapse/latest/workers.html#stream-writers
- ##
- ## The typing event stream
- - "/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing"
- ## The to_device event stream
- - "/_matrix/client/(r0|v3|unstable)/sendToDevice/"
- ## The account_data event stream
- - "/_matrix/client/(r0|v3|unstable)/.*/tags"
- - "/_matrix/client/(r0|v3|unstable)/.*/account_data"
- ## The receipts event stream
- - "/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt"
- - "/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers"
- ## The presence event stream
- - "/_matrix/client/(api/v1|r0|v3|unstable)/presence/"
- pusher:
- enabled: false
- appservice:
- enabled: false
- federation_sender:
- enabled: false
- media_repository:
- enabled: false
- listeners: [media]
- csPaths:
- - "/_matrix/media/.*"
- - "/_synapse/admin/v1/purge_media_cache$"
- - "/_synapse/admin/v1/room/.*/media"
- - "/_synapse/admin/v1/user/.*/media"
- - "/_synapse/admin/v1/media/"
- - "/_synapse/admin/v1/quarantine_media/"
- - "/_synapse/admin/v1/users/.*/media$"
- paths:
- - "/_matrix/media/.*"
- user_dir:
- enabled: false
- listeners: [client]
- csPaths:
- - "/_matrix/client/(api/v1|r0|v3|unstable)/user_directory/search$"
- frontend_proxy:
- enabled: false
- listeners: [client]
- csPaths:
- - "/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload"
- wellknown:
- enabled: false
- replicaCount: 1
- # Lighttpd does not bind on IPv6 by default, although this is required in
- # Ipv6-only clusters.
- useIpv6: true
- ## The host and port combo to serve on .well-known/matrix/server.
- ##
- server: {}
- # m.server: matrix.example.com:443
- ## Data to serve on .well-known/matrix/client.
- ##
- client: {}
- # m.homeserver:
- # base_url: https://matrix.example.com
- ## Extra data objects to serve under .well-known/matrix/
- ## Dictionaries will be JSON converted, plain strings will be served as they are
- ##
- extraData: {}
- ## MSC1929 example;
- # support:
- # admins:
- # - matrix_id: '@admin:example.com'
- # email_address: 'admin@example.com'
- # role: 'admin'
- # support_page: 'https://example.com/support'
- ## A custom htdocs path, useful when running another image.
- ##
- htdocsPath: /var/www/localhost/htdocs
- image:
- repository: m4rcu5/lighttpd
- tag: latest
- pullPolicy: IfNotPresent
- podSecurityContext: {}
- securityContext: {}
- resources: {}
- tolerations: []
- affinity: {}
- postgresql:
- enabled: false
- externalPostgresql:
- host: db-matrix.matrix1.svc.cluster.local
- port: 5432
- user: synapse
- existingSecret: synapse.db-matrix.credentials.postgresql.acid.zalan.do
- existingSecretPasswordKey: password
- database: matrix
- sslmode: require
- extraArgs: {}
- redis:
- enabled: false
- externalRedis:
- host: matrix-redis.matrix1.svc.cluster.local
- port: 6379
- existingSecret: synapse-redis
- existingSecretPasswordKey: passkey
- persistence:
- enabled: true
- existingClaim: synapse-data
- storageClass: "iscsi"
- accessMode: ReadWriteOnce
- size: 15Gi
- volumePermissions:
- enabled: true
- uid: 0
- gid: 0
- image:
- repository: alpine
- tag: latest
- pullPolicy: IfNotPresent
- resources:
- limits:
- cpu: 150m
- memory: 400Mi
- requests:
- cpu: 100m
- memory: 200Mi
- service:
- type: ClusterIP
- port: 8008
- targetPort: http
- ingress:
- enabled: false
-
- destination:
- namespace: matrix1
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=background
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 5
- backoff:
- duration: 5s
- factor: 2
- maxDuration: 3m
diff --git a/apps/argocd/base/matrix/telegram.yaml b/apps/argocd/base/matrix/telegram.yaml
deleted file mode 100644
index 645deb592..000000000
--- a/apps/argocd/base/matrix/telegram.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: telegram-bridge
-spec:
- project: matrix
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/matrix/bridges/telegram
- targetRevision: main
- destination:
- namespace: matrix
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: -1
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/matrix/whats.yaml b/apps/argocd/base/matrix/whats.yaml
deleted file mode 100644
index 653d3b98b..000000000
--- a/apps/argocd/base/matrix/whats.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: whatsapp-bridge
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: matrix
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/matrix/bridges/whatsapp
- targetRevision: main
- destination:
- namespace: matrix1
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/mlops/chroma.yaml b/apps/argocd/base/mlops/chroma.yaml
deleted file mode 100644
index ec6d9fc1d..000000000
--- a/apps/argocd/base/mlops/chroma.yaml
+++ /dev/null
@@ -1,91 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: chroma
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: apps
- source:
- repoURL: https://github.com/amikos-tech/chromadb-chart.git
- targetRevision: d5b9b61
- path: charts/chromadb-chart
- helm:
- releaseName: chroma
- values: |
- replicaCount: 1
- image:
- # repository: ghcr.io/chroma-core/chroma
- repository: ghcr.io/amikos-tech/chromadb-chart/chroma
- pullPolicy: Always
- imagePullSecrets: [ ]
- nameOverride: ""
- fullnameOverride: ""
- serviceAccount:
- create: true
- annotations: { }
- name: ""
- service:
- type: ClusterIP
- resources:
- limits:
- cpu: 1500m
- memory: 2048Mi
- requests:
- cpu: 500m
- memory: 512Mi
- autoscaling:
- enabled: false
- nodeSelector: { }
- podSpec:
- terminationGracePeriodSeconds: 5
- securityContext: { }
- annotations: { }
- initContainers: [ ]
- readinessProbe:
- failureThreshold: 20
- timeoutSeconds: 10
- periodSeconds: 5
- livenessProbe:
- failureThreshold: 40
- timeoutSeconds: 10
- periodSeconds: 5
- startupProbe:
- failureThreshold: 1000
- periodSeconds: 5
- initialDelaySeconds: 10
- chromadb:
- apiVersion: "0.4.3"
- allowReset: true
- isPersistent: true
- persistDirectory: /index_data
- logConfigFileLocation: config/log_config.yaml
- anonymizedTelemetry: false
- corsAllowOrigins:
- - "*"
- apiImpl: "chromadb.api.segment.SegmentAPI"
- serverHost: "0.0.0.0"
- serverHttpPort: 8000
- dataVolumeSize: "15Gi"
- dataVolumeStorageClass: "iscsi"
- destination:
- namespace: mlops
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=false
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 3
- backoff:
- duration: 60s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/mlops/discord-bot.yaml b/apps/argocd/base/mlops/discord-bot.yaml
deleted file mode 100644
index af7b768bd..000000000
--- a/apps/argocd/base/mlops/discord-bot.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: discord-bot-gpt
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: apps
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/services/mlops/discord-bot
- targetRevision: main
- destination:
- namespace: mlops
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- - Replace=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/mlops/k8sgpt.yaml b/apps/argocd/base/mlops/k8sgpt.yaml
deleted file mode 100644
index d7792dbe0..000000000
--- a/apps/argocd/base/mlops/k8sgpt.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: k8sgpt
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: apps
- source:
- repoURL: https://charts.k8sgpt.ai/
- chart: k8sgpt-operator
- targetRevision: 0.0.28
- helm:
- releaseName: k8sgpt
- values: |
- deployment:
- image:
- repository: ghcr.io/k8sgpt-ai/k8sgpt
- tag: v0.3.13
- imagePullPolicy: Always
- env:
- model: "gpt-3.5-turbo"
- backend: "openai"
- resources:
- limits:
- cpu: 550m
- memory: 512Mi
- requests:
- cpu: 120m
- memory: 156Mi
- secret:
- secretKey:
- service:
- type: ClusterIP
- annotations: {}
- serviceMonitor:
- enabled: false
- destination:
- namespace: mlops
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: false
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 10
- backoff:
- duration: 30s
- factor: 2
- maxDuration: 60m
diff --git a/apps/argocd/base/mlops/kustomization.yaml b/apps/argocd/base/mlops/kustomization.yaml
index b8d3ea764..b727fa364 100644
--- a/apps/argocd/base/mlops/kustomization.yaml
+++ b/apps/argocd/base/mlops/kustomization.yaml
@@ -3,6 +3,8 @@ kind: Kustomization
resources:
#- milvus.yaml
- - localai.yaml
+ # - localai.yaml
+ # - discord-bot.yaml
+- sillytavern.yaml
namespace: argocd
diff --git a/apps/argocd/base/mlops/localai.yaml b/apps/argocd/base/mlops/localai.yaml
index 0de6ef6b6..036b97498 100644
--- a/apps/argocd/base/mlops/localai.yaml
+++ b/apps/argocd/base/mlops/localai.yaml
@@ -2,13 +2,11 @@ apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: local-ai
- finalizers:
- - resources-finalizer.argocd.argoproj.io
spec:
- project: apps
+ project: mlops
source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/services/mlops/local-ai
+ repoURL: "https://github.com/gruberdev/homelab.git"
+ path: apps/mlops/local-ai
targetRevision: main
destination:
namespace: mlops
@@ -17,17 +15,26 @@ spec:
automated:
prune: true
selfHeal: true
- allowEmpty: true
+ managedNamespaceMetadata:
+ labels:
+ prometheus: enabled
+ pod-security.kubernetes.io/enforce: privileged
+ pod-security.kubernetes.io/audit: privileged
+ pod-security.kubernetes.io/warn: privileged
syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
+ - Prune=true
+ - ServerSideApply=true
+ - CreateNamespace=true
retry:
limit: 5
backoff:
duration: 20s
factor: 2
maxDuration: 15m
+ info:
+ - name: "Github Repository:"
+ value: >-
+ https://github.com/mudler/LocalAI
+ - name: "Official Documentation:"
+ value: >-
+ https://localai.io/
diff --git a/apps/argocd/base/mlops/memory-plugin.yaml b/apps/argocd/base/mlops/memory-plugin.yaml
deleted file mode 100644
index 45521fcfe..000000000
--- a/apps/argocd/base/mlops/memory-plugin.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: memory-plugin-gpt
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: apps
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/services/mlops/memory-plugin
- targetRevision: main
- destination:
- namespace: chatgpt
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- - Replace=true
- retry:
- limit: 5
- backoff:
- duration: 60s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/mlops/milvus.yaml b/apps/argocd/base/mlops/milvus.yaml
index 379b85017..ff935aaf5 100644
--- a/apps/argocd/base/mlops/milvus.yaml
+++ b/apps/argocd/base/mlops/milvus.yaml
@@ -21,6 +21,9 @@ spec:
managedNamespaceMetadata:
labels:
prometheus: enabled
+ pod-security.kubernetes.io/enforce: privileged
+ pod-security.kubernetes.io/audit: privileged
+ pod-security.kubernetes.io/warn: privileged
syncOptions:
- Validate=false
- CreateNamespace=true
diff --git a/apps/argocd/base/mlops/qdrant.yaml b/apps/argocd/base/mlops/qdrant.yaml
deleted file mode 100644
index c513c2364..000000000
--- a/apps/argocd/base/mlops/qdrant.yaml
+++ /dev/null
@@ -1,114 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: qdrant
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: apps
- source:
- repoURL: https://qdrant.github.io/qdrant-helm
- chart: qdrant
- targetRevision: 0.7.6
- helm:
- releaseName: qdrant
- values: |
- replicaCount: 1
- image:
- repository: qdrant/qdrant
- pullPolicy: IfNotPresent
- tag: v1.4.1
- args:
- - ./config/initialize.sh
- service:
- type: ClusterIP
- ports:
- - name: http
- port: 6333
- targetPort: 6333
- protocol: TCP
- checksEnabled: true
- - name: grpc
- port: 6334
- targetPort: 6334
- protocol: TCP
- checksEnabled: false
- - name: p2p
- port: 6335
- targetPort: 6335
- protocol: TCP
- checksEnabled: false
- ingress:
- enabled: false
- livenessProbe:
- enabled: false
- initialDelaySeconds: 5
- periodSeconds: 5
- timeoutSeconds: 1
- failureThreshold: 6
- successThreshold: 1
- readinessProbe:
- enabled: false
- initialDelaySeconds: 5
- periodSeconds: 5
- timeoutSeconds: 1
- failureThreshold: 6
- successThreshold: 1
- startupProbe:
- enabled: false
- initialDelaySeconds: 10
- periodSeconds: 5
- timeoutSeconds: 1
- failureThreshold: 30
- successThreshold: 1
- resources:
- limits:
- cpu: 300m
- memory: 512Mi
- requests:
- cpu: 100m
- memory: 128Mi
- persistence:
- accessModes:
- - ReadWriteOnce
- size: 10Gi
- storageClassName: iscsi
- snapshotRestoration:
- enabled: false
- config:
- cluster:
- enabled: true
- p2p:
- port: 6335
- consensus:
- tick_period_ms: 100
- updateConfigurationOnChange: true
- metrics:
- enabled: true
- serviceMonitor:
- enabled: true
- scrapeInterval: 30s
- scrapeTimeout: 10s
- targetPort: rest
- targetPath: /metrics
- destination:
- namespace: mlops
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=false
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 3
- backoff:
- duration: 60s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/mlops/sillytavern.yaml b/apps/argocd/base/mlops/sillytavern.yaml
new file mode 100644
index 000000000..5ad70ddcd
--- /dev/null
+++ b/apps/argocd/base/mlops/sillytavern.yaml
@@ -0,0 +1,40 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: sillytavern
+spec:
+ project: mlops
+ source:
+ repoURL: "https://github.com/gruberdev/homelab.git"
+ path: apps/mlops/sillytavern
+ targetRevision: main
+ destination:
+ namespace: mlops
+ name: in-cluster
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true
+ managedNamespaceMetadata:
+ labels:
+ prometheus: enabled
+ pod-security.kubernetes.io/enforce: privileged
+ pod-security.kubernetes.io/audit: privileged
+ pod-security.kubernetes.io/warn: privileged
+ syncOptions:
+ - Prune=true
+ - ServerSideApply=true
+ - CreateNamespace=true
+ retry:
+ limit: 5
+ backoff:
+ duration: 20s
+ factor: 2
+ maxDuration: 15m
+ info:
+ - name: "Github Repository:"
+ value: >-
+ https://github.com/mudler/LocalAI
+ - name: "Official Documentation:"
+ value: >-
+ https://localai.io/
diff --git a/apps/argocd/base/mlops/turbopilot.yaml b/apps/argocd/base/mlops/turbopilot.yaml
deleted file mode 100644
index 2c7e268d5..000000000
--- a/apps/argocd/base/mlops/turbopilot.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: turbopilot
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: apps
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/services/mlops/turbopilot
- targetRevision: main
- destination:
- namespace: mlops
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/mlops/wandb.yaml b/apps/argocd/base/mlops/wandb.yaml
deleted file mode 100644
index 539c1f1c3..000000000
--- a/apps/argocd/base/mlops/wandb.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: wandb
-spec:
- project: apps
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/services/mlops/wandb
- targetRevision: main
- destination:
- namespace: mlops
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 10
- backoff:
- duration: 60s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/monitoring/botkube.yaml b/apps/argocd/base/monitoring/botkube.yaml
deleted file mode 100644
index 6061fafc2..000000000
--- a/apps/argocd/base/monitoring/botkube.yaml
+++ /dev/null
@@ -1,427 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: botkube
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: monitoring
- source:
- repoURL: https://charts.botkube.io
- chart: botkube
- targetRevision: v1.8.0
- helm:
- releaseName: botkube
- values: |
- actions:
- describe-created-resource:
- bindings:
- executors:
- - k8s-default-tools
- sources:
- - k8s-create-events
- command: kubectl describe {{ .Event.TypeMeta.Kind | lower }}{{ if .Event.Namespace
- }} -n {{ .Event.Namespace }}{{ end }} {{ .Event.Name }}
- displayName: Describe created resource
- enabled: false
- show-logs-on-error:
- bindings:
- executors:
- - k8s-default-tools
- sources:
- - k8s-err-with-logs-events
- command: kubectl logs {{ .Event.TypeMeta.Kind | lower }}/{{ .Event.Name }} -n
- {{ .Event.Namespace }}
- displayName: Show logs on error
- enabled: false
- aliases:
- k:
- command: kubectl
- displayName: Kubectl alias
- kc:
- command: kubectl
- displayName: Kubectl alias
- analytics:
- disable: true
- communications:
- default-group:
- discord:
- botID:
- channels:
- default:
- bindings:
- executors:
- - k8s-default-tools
- sources:
- - k8s-err-events
- - k8s-recommendation-events
- id:
- notification:
- disabled: false
- enabled: true
- token:
- elasticsearch:
- enabled: false
- mattermost:
- enabled: false
- socketSlack:
- enabled: false
- teams:
- enabled: false
- webhook:
- enabled: false
- config:
- provider:
- endpoint: https://api.botkube.io/graphql
- configWatcher:
- enabled: true
- image:
- pullPolicy: IfNotPresent
- registry: ghcr.io
- repository: kubeshop/k8s-sidecar
- tag: ignore-initial-events
- initialSyncTimeout: 0
- tmpDir: /tmp/watched-cfg/
- containerSecurityContext:
- allowPrivilegeEscalation: false
- privileged: false
- readOnlyRootFilesystem: true
- executors:
- k8s-default-tools:
- botkube/helm:
- config:
- defaultNamespace: default
- helmCacheDir: /tmp/helm/.cache
- helmConfigDir: /tmp/helm/
- helmDriver: secret
- context:
- defaultNamespace: default
- rbac:
- group:
- static:
- values:
- - botkube-plugins-default
- type: Static
- enabled: false
- botkube/kubectl:
- config:
- defaultNamespace: default
- context:
- defaultNamespace: default
- rbac:
- group:
- static:
- values:
- - botkube-plugins-default
- type: Static
- enabled: false
- extraEnv:
- - name: LOG_LEVEL_SOURCE_BOTKUBE_KUBERNETES
- value: debug
- image:
- pullPolicy: IfNotPresent
- registry: ghcr.io
- repository: kubeshop/botkube
- tag: v1.0.0
- ingress:
- create: false
- kubeconfig:
- base64Config:
- enabled: true
- plugins:
- cacheDir: /tmp
- repositories:
- botkube:
- url: https://github.com/kubeshop/botkube/releases/download/v1.0.0/plugins-index.yaml
- podSecurityPolicy:
- enabled: false
- rbac:
- create: true
- rules:
- - apiGroups:
- - '*'
- resources:
- - '*'
- verbs:
- - get
- - watch
- - list
- staticGroupName: botkube-plugins-default
- replicaCount: 1
- resources:
- limits:
- cpu: 200m
- memory: 350Mi
- requests:
- cpu: 100m
- memory: 128Mi
- securityContext:
- runAsGroup: 101
- runAsUser: 101
- service:
- name: metrics
- port: 2112
- targetPort: 2112
- serviceAccount:
- create: true
- serviceMonitor:
- enabled: false
- interval: 10s
- path: /metrics
- port: metrics
- settings:
- clusterName: not-configured
- healthPort: 2114
- lifecycleServer:
- enabled: true
- port: 2113
- log:
- disableColors: false
- level: info
- persistentConfig:
- runtime:
- configMap:
- name: botkube-runtime-config
- fileName: _runtime_state.yaml
- startup:
- configMap:
- name: botkube-startup-config
- fileName: _startup_state.yaml
- systemConfigMap:
- name: botkube-system
- upgradeNotifier: true
- sources:
- k8s-all-events:
- botkube/kubernetes:
- config:
- event:
- types:
- - create
- - delete
- - error
- filters:
- nodeEventsChecker: true
- objectAnnotationChecker: true
- namespaces:
- include:
- - .*
- resources:
- - type: v1/pods
- - type: v1/services
- - type: networking.k8s.io/v1/ingresses
- - type: v1/nodes
- - type: v1/namespaces
- - type: v1/persistentvolumes
- - type: v1/persistentvolumeclaims
- - type: v1/configmaps
- - type: rbac.authorization.k8s.io/v1/roles
- - type: rbac.authorization.k8s.io/v1/rolebindings
- - type: rbac.authorization.k8s.io/v1/clusterrolebindings
- - type: rbac.authorization.k8s.io/v1/clusterroles
- - event:
- types:
- - create
- - update
- - delete
- - error
- type: apps/v1/daemonsets
- updateSetting:
- fields:
- - spec.template.spec.containers[*].image
- - status.numberReady
- includeDiff: true
- - event:
- types:
- - create
- - update
- - delete
- - error
- type: batch/v1/jobs
- updateSetting:
- fields:
- - spec.template.spec.containers[*].image
- - status.conditions[*].type
- includeDiff: true
- - event:
- types:
- - create
- - update
- - delete
- - error
- type: apps/v1/deployments
- updateSetting:
- fields:
- - spec.template.spec.containers[*].image
- - status.availableReplicas
- includeDiff: true
- - event:
- types:
- - create
- - update
- - delete
- - error
- type: apps/v1/statefulsets
- updateSetting:
- fields:
- - spec.template.spec.containers[*].image
- - status.readyReplicas
- includeDiff: true
- context:
- defaultNamespace: default
- rbac:
- group:
- static:
- values:
- - botkube-plugins-default
- type: Static
- enabled: true
- displayName: Kubernetes Info
- k8s-create-events:
- botkube/kubernetes:
- config:
- event:
- types:
- - create
- namespaces:
- include:
- - .*
- resources:
- - type: v1/pods
- - type: v1/services
- - type: networking.k8s.io/v1/ingresses
- - type: v1/nodes
- - type: v1/namespaces
- - type: v1/configmaps
- - type: apps/v1/deployments
- - type: apps/v1/statefulsets
- - type: apps/v1/daemonsets
- - type: batch/v1/jobs
- context:
- defaultNamespace: default
- rbac:
- group:
- static:
- values:
- - botkube-plugins-default
- type: Static
- enabled: true
- displayName: Kubernetes Resource Created Events
- k8s-err-events:
- botkube/kubernetes:
- config:
- event:
- types:
- - error
- namespaces:
- include:
- - .*
- resources:
- - type: v1/pods
- - type: v1/services
- - type: networking.k8s.io/v1/ingresses
- - type: v1/nodes
- - type: v1/namespaces
- - type: v1/persistentvolumes
- - type: v1/persistentvolumeclaims
- - type: v1/configmaps
- - type: rbac.authorization.k8s.io/v1/roles
- - type: rbac.authorization.k8s.io/v1/rolebindings
- - type: rbac.authorization.k8s.io/v1/clusterrolebindings
- - type: rbac.authorization.k8s.io/v1/clusterroles
- - type: apps/v1/deployments
- - type: apps/v1/statefulsets
- - type: apps/v1/daemonsets
- - type: batch/v1/jobs
- context:
- defaultNamespace: default
- rbac:
- group:
- static:
- values:
- - botkube-plugins-default
- type: Static
- enabled: true
- displayName: Kubernetes Errors
- k8s-err-with-logs-events:
- botkube/kubernetes:
- config:
- event:
- types:
- - error
- namespaces:
- include:
- - .*
- resources:
- - type: v1/pods
- - type: apps/v1/deployments
- - type: apps/v1/statefulsets
- - type: apps/v1/daemonsets
- - type: batch/v1/jobs
- context:
- defaultNamespace: default
- rbac:
- group:
- static:
- values:
- - botkube-plugins-default
- type: Static
- enabled: true
- displayName: Kubernetes Errors for resources with logs
- k8s-recommendation-events:
- botkube/kubernetes:
- config:
- namespaces:
- include:
- - .*
- recommendations:
- ingress:
- backendServiceValid: true
- tlsSecretValid: true
- pod:
- labelsSet: true
- noLatestImageTag: true
- context:
- defaultNamespace: default
- rbac:
- group:
- static:
- values:
- - botkube-plugins-default
- type: Static
- enabled: true
- displayName: Kubernetes Recommendations
- prometheus:
- botkube/prometheus:
- config:
- alertStates:
- - firing
- - pending
- - inactive
- ignoreOldAlerts: true
- log:
- level: info
- url: http://localhost:9090
- enabled: false
- ssl:
- enabled: false
- destination:
- namespace: monitoring
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=false
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/monitoring/kube-prometheus.yaml b/apps/argocd/base/monitoring/kube-prometheus.yaml
index a5e4c1086..e151ecff1 100644
--- a/apps/argocd/base/monitoring/kube-prometheus.yaml
+++ b/apps/argocd/base/monitoring/kube-prometheus.yaml
@@ -9,19 +9,15 @@ spec:
path: apps/monitoring/kube-prometheus
targetRevision: main
destination:
- namespace: argocd
+ namespace: monitoring
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
- allowEmpty: false
syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - ApplyOutOfSyncOnly=false
- - Prune=true
+ - ServerSideApply=true
+ - Prune=true
retry:
limit: 5
backoff:
diff --git a/apps/argocd/base/monitoring/kuma.yaml b/apps/argocd/base/monitoring/kuma.yaml
index 9bbaf5667..68ee26d56 100644
--- a/apps/argocd/base/monitoring/kuma.yaml
+++ b/apps/argocd/base/monitoring/kuma.yaml
@@ -2,8 +2,6 @@ apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: uptime-kuma
- finalizers:
- - resources-finalizer.argocd.argoproj.io
spec:
project: monitoring
source:
@@ -17,17 +15,18 @@ spec:
automated:
prune: true
selfHeal: true
- allowEmpty: true
+ managedNamespaceMetadata:
+ labels:
+ prometheus: enabled
+ pod-security.kubernetes.io/enforce: privileged
+ pod-security.kubernetes.io/audit: privileged
+ pod-security.kubernetes.io/warn: privileged
syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - Replace=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
+ - CreateNamespace=true
+ - ServerSideApply=true
+ - Prune=true
retry:
- limit: -1
+ limit: 5
backoff:
duration: 20s
factor: 2
diff --git a/apps/argocd/base/networking/external-dns/kustomization.yaml b/apps/argocd/base/monitoring/kustomization.yaml
similarity index 59%
rename from apps/argocd/base/networking/external-dns/kustomization.yaml
rename to apps/argocd/base/monitoring/kustomization.yaml
index 4c26ae5da..80274b4f6 100644
--- a/apps/argocd/base/networking/external-dns/kustomization.yaml
+++ b/apps/argocd/base/monitoring/kustomization.yaml
@@ -1,11 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
-
resources:
+- kube-prometheus.yaml
+- kuma.yaml
# - nextdns.yaml
-- cloudflare.yaml
+# - unifi-poller.yaml
namespace: argocd
-
-commonLabels:
- app.kubernetes.io/project: external-dns
diff --git a/apps/argocd/base/monitoring/nextdns.yaml b/apps/argocd/base/monitoring/nextdns.yaml
index e79b25846..bbabda3be 100644
--- a/apps/argocd/base/monitoring/nextdns.yaml
+++ b/apps/argocd/base/monitoring/nextdns.yaml
@@ -17,15 +17,9 @@ spec:
automated:
prune: true
selfHeal: true
- allowEmpty: true
syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - Replace=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
+ - ServerSideApply=true
+ - Prune=true
retry:
limit: 5
backoff:
diff --git a/apps/argocd/base/monitoring/nvidia.yaml b/apps/argocd/base/monitoring/nvidia.yaml
deleted file mode 100644
index 64e5c9cd1..000000000
--- a/apps/argocd/base/monitoring/nvidia.yaml
+++ /dev/null
@@ -1,116 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: nvidia-exporter
-spec:
- project: monitoring
- source:
- repoURL: 'https://github.com/utkuozdemir/helm-charts.git'
- targetRevision: master
- path: nvidia-gpu-exporter
- helm:
- releaseName: nvidia-exporter
- values: |
- image:
- repository: docker.io/utkuozdemir/nvidia_gpu_exporter
- pullPolicy: IfNotPresent
- tag: ""
- imagePullSecrets: []
- nameOverride: ""
- fullnameOverride: ""
- serviceAccount:
- create: true
- annotations: {}
- name: ""
- podAnnotations: {}
- podSecurityContext: {}
- securityContext:
- privileged: true
- service:
- type: ClusterIP
- port: 9835
- nodePort:
- ingress:
- enabled: false
- resources:
- limits:
- cpu: 100m
- memory: 256Mi
- requests:
- cpu: 50m
- memory: 128Mi
- nodeSelector:
- kubernetes.io/hostname: node-one
- tolerations: []
- affinity: {}
- port: 9835
- hostPort:
- enabled: true
- port: 9835
- log:
- level: info
- format: logfmt
- queryFieldNames:
- - AUTO
- nvidiaSmiCommand: nvidia-smi
- telemetryPath: /metrics
- volumes:
- - name: nvidiactl
- hostPath:
- path: /dev/nvidiactl
- - name: nvidia0
- hostPath:
- path: /dev/nvidia0
- - name: nvidia-smi
- hostPath:
- path: /usr/bin/nvidia-smi
- - name: libnvidia-ml-so
- hostPath:
- path: /usr/lib/x86_64-linux-gnu/libnvidia-ml.so
- - name: libnvidia-ml-so-1
- hostPath:
- path: /usr/lib/x86_64-linux-gnu/libnvidia-ml.so.1
- volumeMounts:
- - name: nvidiactl
- mountPath: /dev/nvidiactl
- - name: nvidia0
- mountPath: /dev/nvidia0
- - name: nvidia-smi
- mountPath: /usr/bin/nvidia-smi
- - name: libnvidia-ml-so
- mountPath: /usr/lib/x86_64-linux-gnu/libnvidia-ml.so
- - name: libnvidia-ml-so-1
- mountPath: /usr/lib/x86_64-linux-gnu/libnvidia-ml.so.1
- serviceMonitor:
- enabled: true
- additionalLabels: {}
- scheme: http
- bearerTokenFile:
- interval:
- tlsConfig: {}
- proxyUrl: ""
- relabelings: []
- metricRelabelings: []
- scrapeTimeout: 10s
-
- destination:
- namespace: monitoring
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: false
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 5
- backoff:
- duration: 5s
- factor: 2
- maxDuration: 3m
diff --git a/apps/argocd/base/monitoring/unifi-poller.yaml b/apps/argocd/base/monitoring/unifi-poller.yaml
index 3c887d9a6..286ff7259 100644
--- a/apps/argocd/base/monitoring/unifi-poller.yaml
+++ b/apps/argocd/base/monitoring/unifi-poller.yaml
@@ -11,23 +11,17 @@ spec:
path: apps/networking/unifi/poller
targetRevision: main
destination:
- namespace: unifi
+ namespace: networking
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
- allowEmpty: true
syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - Replace=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
+ - ServerSideApply=true
+ - Prune=true
retry:
- limit: -1
+ limit: 5
backoff:
duration: 20s
factor: 2
diff --git a/apps/argocd/base/networking/cert-manager.yaml b/apps/argocd/base/networking/cert-manager.yaml
index 2e2a0f35c..c126ffa58 100644
--- a/apps/argocd/base/networking/cert-manager.yaml
+++ b/apps/argocd/base/networking/cert-manager.yaml
@@ -2,166 +2,68 @@ apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: certmanager
- finalizers:
- - resources-finalizer.argocd.argoproj.io
spec:
project: networking
source:
repoURL: https://charts.jetstack.io
chart: cert-manager
- targetRevision: v1.13.3
+ targetRevision: v1.14.5
helm:
releaseName: cert-manager
values: |
- startupapicheck:
- enabled: false
- acmesolver:
- image:
- repository: quay.io/jetstack/cert-manager-acmesolver
- tag: v1.12.4
+ strategy:
+ type: Recreate
+ namespace: "cert-manager"
+ resources:
+ requests:
+ cpu: 100m
+ memory: 128Mi
+ limits:
+ cpu: 250m
+ memory: 256Mi
cainjector:
- containerSecurityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- enabled: true
- image:
- pullPolicy: IfNotPresent
- repository: quay.io/jetstack/cert-manager-cainjector
- tag: v1.12.4
- nodeSelector:
- kubernetes.io/arch: amd64
- kubernetes.io/os: linux
- replicaCount: 1
+ strategy:
+ type: Recreate
resources:
- limits:
- cpu: 350m
- memory: 512Mi
requests:
- cpu: 150m
+ cpu: 100m
+ memory: 128Mi
+ limits:
+ cpu: 250m
memory: 256Mi
- securityContext:
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- serviceAccount:
- automountServiceAccountToken: true
- create: true
- containerSecurityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- global:
- leaderElection:
- namespace: kube-system
- logLevel: 2
- podSecurityPolicy:
- enabled: false
- useAppArmor: true
- rbac:
- aggregateClusterRoles: true
- create: true
- image:
- pullPolicy: IfNotPresent
- repository: quay.io/jetstack/cert-manager-controller
- tag: v1.12.4
- installCRDs: true
- maxConcurrentChallenges: 60
- nodeSelector:
- kubernetes.io/arch: amd64
- kubernetes.io/os: linux
- prometheus:
- enabled: true
- servicemonitor:
- enabled: true
- honorLabels: false
- interval: 60s
- path: /metrics
- prometheusInstance: default
- scrapeTimeout: 30s
- targetPort: 9402
- replicaCount: 1
- resources:
- limits:
- cpu: 350m
- memory: 512Mi
- requests:
- cpu: 150m
- memory: 256Mi
- securityContext:
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- serviceAccount:
- automountServiceAccountToken: true
- create: true
webhook:
- containerSecurityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- hostNetwork: false
- image:
- pullPolicy: IfNotPresent
- repository: quay.io/jetstack/cert-manager-webhook
- tag: v1.12.4
- livenessProbe:
- failureThreshold: 3
- initialDelaySeconds: 35
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 1
- networkPolicy:
- egress:
- - ports:
- - port: 80
- protocol: TCP
- - port: 443
- protocol: TCP
- - port: 53
- protocol: TCP
- - port: 53
- protocol: UDP
- to:
- - ipBlock:
- cidr: 0.0.0.0/0
- enabled: false
- ingress:
- - from:
- - ipBlock:
- cidr: 0.0.0.0/0
- nodeSelector:
- kubernetes.io/os: linux
- readinessProbe:
- failureThreshold: 3
- initialDelaySeconds: 5
- periodSeconds: 5
- successThreshold: 1
- timeoutSeconds: 1
- replicaCount: 1
+ strategy:
+ type: Recreate
resources:
- limits:
- cpu: 350m
- memory: 512Mi
requests:
- cpu: 150m
+ cpu: 100m
+ memory: 128Mi
+ limits:
+ cpu: 250m
memory: 256Mi
- securePort: 10250
- securityContext:
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- serviceAccount:
- automountServiceAccountToken: true
- create: true
- serviceType: ClusterIP
- timeoutSeconds: 10
destination:
namespace: cert-manager
name: in-cluster
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true
+ managedNamespaceMetadata:
+ labels:
+ prometheus: enabled
+ pod-security.kubernetes.io/enforce: privileged
+ pod-security.kubernetes.io/audit: privileged
+ pod-security.kubernetes.io/warn: privileged
+ syncOptions:
+ - Prune=true
+ - ServerSideApply=true
+ - CreateNamespace=true
+ retry:
+ limit: 10
+ backoff:
+ duration: 20s
+ factor: 2
+ maxDuration: 15m
info:
- name: 'Github Repository:'
value: >-
@@ -181,23 +83,3 @@ spec:
- name: 'Issuing certificates documentation:'
value: >-
https://cert-manager.io/docs/usage/certificate/
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: false
- managedNamespaceMetadata:
- labels:
- prometheus: enabled
- syncOptions:
- - Validate=false
- - CreateNamespace=true
- - Prune=true
- - RespectIgnoreDifferences=true
- - ServerSideApply=true
- retry:
- limit: 5
- backoff:
- duration: 60s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/networking/external-dns.yaml b/apps/argocd/base/networking/external-dns.yaml
new file mode 100644
index 000000000..2705c43d1
--- /dev/null
+++ b/apps/argocd/base/networking/external-dns.yaml
@@ -0,0 +1,97 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: external-dns-cloudflare
+spec:
+ project: networking
+ sources:
+ - repoURL: https://kubernetes-sigs.github.io/external-dns
+ chart: external-dns
+ targetRevision: 1.14.5
+ helm:
+ releaseName: external-dns-cloudflare
+ values: |
+ shareProcessNamespace: true
+ image:
+ pullPolicy: Always
+ repository: registry.k8s.io/external-dns/external-dns
+ tag: v0.14.0
+ deploymentStrategy:
+ type: Recreate
+ domainFilters:
+ - gruber.dev.br
+ policy: sync
+ registry: txt
+ txtOwnerId: e-dns
+ txtPrefix: auto.
+ interval: 6m
+ provider: cloudflare
+ env:
+ - name: CF_API_KEY
+ value: ""
+ - name: CF_API_EMAIL
+ value: ""
+ rbac:
+ create: true
+ namespaced: false
+ replicaCount: 1
+ resources:
+ limits:
+ cpu: 150m
+ memory: 512Mi
+ requests:
+ cpu: 70m
+ memory: 256Mi
+ service:
+ port: 7979
+ serviceMonitor:
+ enabled: true
+ args:
+ - --events
+ - --log-level=info
+ - --provider=cloudflare
+ - --source=ingress
+ - --source=service
+ - --registry=txt
+ - --txt-owner-id=e-dns
+ - --txt-prefix=auto.
+ - --cloudflare-dns-records-per-page=1000
+ - --interval=6m
+ - --txt-cache-interval=10m
+ - --ingress-class=nginx
+ - --crd-source-apiversion=externaldns.k8s.io/v1alpha1
+ - --crd-source-kind=DNSEndpoint
+ sources: ["crd", "ingress", "service"]
+ triggerLoopOnEvent: false
+ destination:
+ namespace: networking
+ name: in-cluster
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true
+ syncOptions:
+ - Prune=true
+ - ServerSideApply=true
+ retry:
+ limit: 10
+ backoff:
+ duration: 20s
+ factor: 2
+ maxDuration: 15m
+ info:
+ - name: "Github Repository:"
+ value: >-
+ https://github.com/kubernetes-sigs/external-dns
+ - name: "Helm chart:"
+ value: >-
+ https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns
+ - name: "Image registry explorer:"
+ value: >-
+ https://explore.ggcr.dev/?repo=registry.k8s.io%2Fexternal-dns%2Fexternal-dns
+ - name: "Official documentation:"
+ value: >-
+ https://kubernetes-sigs.github.io/external-dns
+ - name: "Prometheus metrics overview:"
+ value: >-
+ https://github.com/kubernetes-sigs/external-dns/blob/master/docs/faq.md#what-metrics-can-i-get-from-externaldns-and-what-do-they-mean
diff --git a/apps/argocd/base/networking/external-dns/README.md b/apps/argocd/base/networking/external-dns/README.md
deleted file mode 100644
index 833e57e3c..000000000
--- a/apps/argocd/base/networking/external-dns/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## External-DNS
diff --git a/apps/argocd/base/networking/external-dns/cloudflare.yaml b/apps/argocd/base/networking/external-dns/cloudflare.yaml
deleted file mode 100644
index a7c457a0b..000000000
--- a/apps/argocd/base/networking/external-dns/cloudflare.yaml
+++ /dev/null
@@ -1,134 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: external-dns-cloudflare
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: networking
- sources:
- - repoURL: https://kubernetes-sigs.github.io/external-dns
- chart: external-dns
- targetRevision: 1.14.3
- helm:
- releaseName: external-dns-cloudflare
- values: |
- nameOverride: "external-dns-cloudflare"
- domainFilters:
- - gruber.dev.br
- clusterDomain: cluster.local
- combineFQDNAnnotation: false
- containerPorts:
- http: 7979
- crd:
- create: true
- designate:
- customCA:
- enabled: false
- filename: designate-ca.pem
- mountPath: /config/designate
- dryRun: false
- forceTxtOwnerId: false
- ignoreHostnameAnnotation: false
- image:
- pullPolicy: Always
- repository: registry.k8s.io/external-dns/external-dns
- tag: v0.13.6
- infoblox:
- noSslVerify: false
- wapiUsername: admin
- interval: 1m
- logFormat: text
- logLevel: debug
- ns1:
- minTTL: 10
- pdns:
- apiPort: "8081"
- podAntiAffinityPreset: soft
- policy: sync
- podAnnotations:
- reloader.stakater.com/auto: "true"
- provider: cloudflare
- env:
- - name: CF_API_KEY
- value: ""
- - name: CF_API_EMAIL
- value: ""
- publishHostIP: false
- publishInternalServices: true
- rbac:
- apiVersion: v1
- clusterRole: true
- create: true
- pspEnabled: false
- registry: txt
- txtOwnerId: external-dns
- textPrefix: unique
- replicaCount: 1
- resources:
- limits:
- cpu: 250m
- memory: 512Mi
- requests:
- cpu: 70m
- memory: 150Mi
- rfc2136:
- minTTL: 0s
- port: 53
- rfc3645Enabled: false
- tsigAxfr: true
- tsigKeyname: externaldns-key
- tsigSecretAlg: hmac-sha256
- service:
- enabled: true
- externalTrafficPolicy: Cluster
- ports:
- http: 7979
- sessionAffinity: None
- type: ClusterIP
- serviceAccount:
- automountServiceAccountToken: true
- create: true
- updateStrategy:
- type: Recreate
- args:
- - --events
- - --log-level=info
- - --policy=sync
- - --provider=cloudflare
- - --source=ingress
- - --source=service
- - --registry=txt
- - --txt-owner-id=external-dns
- - --txt-prefix=homelab
- - --cloudflare-dns-records-per-page=1000
- - --interval=6m
- - --txt-cache-interval=10m
- sources:
- - service
- - ingress
- triggerLoopOnEvent: false
- useDaemonset: false
- watchReleaseNamespace: false
- destination:
- namespace: networking
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: false
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - ApplyOutOfSyncOnly=false
- - Prune=true
- - RespectIgnoreDifferences=true
- - ServerSideApply=true
- retry:
- limit: 5
- backoff:
- duration: 60s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/networking/external-dns/nextdns.yaml b/apps/argocd/base/networking/external-dns/nextdns.yaml
deleted file mode 100644
index 84e61fff4..000000000
--- a/apps/argocd/base/networking/external-dns/nextdns.yaml
+++ /dev/null
@@ -1,128 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: external-dns-nextdns
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: networking
- sources:
- - repoURL: https://kubernetes-sigs.github.io/external-dns
- chart: external-dns
- targetRevision: 1.14.3
- helm:
- releaseName: external-dns-nextdns
- namespace: networking
- values: |
- nameOverride: "external-dns-nextdns"
- domainFilters:
- - xn--lck4b9a0m.com
- clusterDomain: cluster.local
- combineFQDNAnnotation: false
- containerPorts:
- http: 7979
- crd:
- create: true
- designate:
- customCA:
- enabled: false
- filename: designate-ca.pem
- mountPath: /config/designate
- dryRun: false
- forceTxtOwnerId: false
- ignoreHostnameAnnotation: false
- image:
- pullPolicy: Always
- repository: docker.io/grubertech/external-dns
- tag: v0.13.6
- infoblox:
- noSslVerify: false
- wapiUsername: admin
- interval: 1m
- logFormat: text
- logLevel: debug
- ns1:
- minTTL: 10
- pdns:
- apiPort: "8081"
- podAntiAffinityPreset: soft
- policy: sync
- podAnnotations:
- reloader.stakater.com/auto: "true"
- provider: nextdns
- env:
- - name: EXTERNAL_DNS_NEXTDNS_PROFILE_ID
- value: ""
- - name: EXTERNAL_DNS_NEXTDNS_API_KEY
- value: ""
- publishHostIP: false
- publishInternalServices: true
- rbac:
- apiVersion: v1
- clusterRole: true
- create: true
- pspEnabled: false
- registry: noop
- replicaCount: 1
- resources:
- limits:
- cpu: 250m
- memory: 512Mi
- requests:
- cpu: 70m
- memory: 150Mi
- rfc2136:
- minTTL: 0s
- port: 53
- rfc3645Enabled: false
- tsigAxfr: true
- tsigKeyname: externaldns-key
- tsigSecretAlg: hmac-sha256
- service:
- enabled: true
- externalTrafficPolicy: Cluster
- ports:
- http: 7979
- sessionAffinity: None
- type: ClusterIP
- serviceAccount:
- automountServiceAccountToken: true
- create: true
- updateStrategy:
- type: Recreate
- args:
- - --events
- - --log-level=info
- - --source=service
- - --source=ingress
- - --provider=nextdns
- - --registry=noop
- - --interval=1m
- sources:
- - service
- - ingress
- triggerLoopOnEvent: false
- useDaemonset: false
- watchReleaseNamespace: false
- destination:
- namespace: networking
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: false
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - ApplyOutOfSyncOnly=false
- - Prune=true
- - RespectIgnoreDifferences=true
- - ServerSideApply=true
- retry:
- limit: 5
- backoff:
- duration: 60s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/networking/issuer.yaml b/apps/argocd/base/networking/issuer.yaml
index c85a70cf0..3fb858951 100644
--- a/apps/argocd/base/networking/issuer.yaml
+++ b/apps/argocd/base/networking/issuer.yaml
@@ -1,7 +1,7 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
- name: certmanager-clusterissuer
+ name: certmanager-resources
spec:
project: networking
source:
@@ -15,15 +15,9 @@ spec:
automated:
prune: true
selfHeal: true
- allowEmpty: true
syncOptions:
- - Validate=true
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- - Replace=true
+ - Prune=true
+ - ServerSideApply=true
retry:
limit: 5
backoff:
diff --git a/apps/argocd/base/networking/kube-vip.yaml b/apps/argocd/base/networking/kube-vip.yaml
index f3a07b9ec..64d772496 100644
--- a/apps/argocd/base/networking/kube-vip.yaml
+++ b/apps/argocd/base/networking/kube-vip.yaml
@@ -1,12 +1,12 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
- name: kube-vip
+ name: kubevip
spec:
project: networking
source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/networking/kube-vip
+ repoURL: "https://github.com/gruberdev/homelab.git"
+ path: apps/networking/kubevip
targetRevision: main
destination:
namespace: kube-system
@@ -15,16 +15,22 @@ spec:
automated:
prune: true
selfHeal: true
- allowEmpty: true
syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=false
- - Prune=false
+ - ServerSideApply=true
+ - Prune=true
retry:
- limit: 10
+ limit: 5
backoff:
duration: 20s
factor: 2
maxDuration: 15m
+ info:
+ - name: "Github Repository:"
+ value: >-
+ https://github.com/kube-vip/kube-vip
+ - name: "Github releases:"
+ value: >-
+ https://github.com/kube-vip/kube-vip/releases
+ - name: "Official documentation:"
+ value: >-
+ https://kube-vip.io/docs/
diff --git a/apps/argocd/base/networking/kustomization.yaml b/apps/argocd/base/networking/kustomization.yaml
index b14a76b20..f43632f07 100644
--- a/apps/argocd/base/networking/kustomization.yaml
+++ b/apps/argocd/base/networking/kustomization.yaml
@@ -2,16 +2,17 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- - ./external-dns
+ - unifi-controller.yaml
+ - external-dns.yaml
- cert-manager.yaml
- nginx-ingress.yaml
- tailscale-operator.yaml
- - tailscale.yaml
- issuer.yaml
- - kube-vip.yaml
- - unifi-controller.yaml
+ - cloud-controller.yaml
+ - kubevip.yaml
+ # - contour.yaml
namespace: argocd
-commonLabels:
- app.kubernetes.io/category: networking
+commonAnnotations:
+ argocd.argoproj.io/sync-wave: "2"
diff --git a/apps/argocd/base/networking/nginx-ingress.yaml b/apps/argocd/base/networking/nginx-ingress.yaml
index ac74d1bf7..276eb4d3d 100644
--- a/apps/argocd/base/networking/nginx-ingress.yaml
+++ b/apps/argocd/base/networking/nginx-ingress.yaml
@@ -2,8 +2,6 @@ apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: ingress-nginx
- finalizers:
- - resources-finalizer.argocd.argoproj.io
spec:
project: networking
source:
@@ -11,24 +9,28 @@ spec:
path: apps/networking/ingress-nginx
targetRevision: main
destination:
- namespace: networking
+ namespace: kube-system
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
- allowEmpty: true
syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - ApplyOutOfSyncOnly=false
- - Prune=true
- - RespectIgnoreDifferences=true
- - ServerSideApply=true
+ - ServerSideApply=true
+ - Prune=true
retry:
- limit: 10
+ limit: 5
backoff:
duration: 20s
factor: 2
maxDuration: 15m
+ info:
+ - name: "Github Repository:"
+ value: >-
+ https://github.com/kubernetes/ingress-nginx
+ - name: "Official documentation:"
+ value: >-
+ https://kubernetes.github.io/ingress-nginx/
+ - name: "Github Helm chart:"
+ value: >-
+ https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml
diff --git a/apps/argocd/base/networking/tailscale-operator.yaml b/apps/argocd/base/networking/tailscale-operator.yaml
index 5509558eb..cde5b211d 100644
--- a/apps/argocd/base/networking/tailscale-operator.yaml
+++ b/apps/argocd/base/networking/tailscale-operator.yaml
@@ -2,18 +2,12 @@ apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: tailscale-operator
- finalizers:
- - resources-finalizer.argocd.argoproj.io
spec:
project: networking
source:
repoURL: "https://github.com/gruberdev/homelab.git"
path: apps/networking/tailscale/operator
targetRevision: main
- kustomize:
- commonLabels:
- app.kubernetes.io/app: tailscale-operator
- app.kubernetes.io/category: networking
destination:
namespace: tailscale
name: in-cluster
@@ -24,11 +18,15 @@ spec:
managedNamespaceMetadata:
labels:
prometheus: enabled
+ pod-security.kubernetes.io/enforce: privileged
+ pod-security.kubernetes.io/audit: privileged
+ pod-security.kubernetes.io/warn: privileged
syncOptions:
- Prune=true
- ServerSideApply=true
+ - CreateNamespace=true
retry:
- limit: 3
+ limit: 5
backoff:
duration: 20s
factor: 2
@@ -40,6 +38,6 @@ spec:
- name: "Github feature issue:"
value: >-
https://github.com/tailscale/tailscale/issues/502
- - name: "Documentation:"
+ - name: "Official Documentation:"
value: >-
https://tailscale.com/kb/1236/kubernetes-operator/
diff --git a/apps/argocd/base/networking/tailscale.yaml b/apps/argocd/base/networking/tailscale.yaml
deleted file mode 100644
index fd77ee879..000000000
--- a/apps/argocd/base/networking/tailscale.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: tailscale
-spec:
- project: networking
- source:
- repoURL: "https://github.com/gruberdev/homelab.git"
- path: apps/networking/tailscale
- targetRevision: main
- destination:
- namespace: kube-system
- name: in-cluster
- syncPolicy:
- automated:
- prune: false
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=false
- - ApplyOutOfSyncOnly=false
- - Prune=false
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/networking/unifi-controller.yaml b/apps/argocd/base/networking/unifi-controller.yaml
index a08e978a5..657a41d31 100644
--- a/apps/argocd/base/networking/unifi-controller.yaml
+++ b/apps/argocd/base/networking/unifi-controller.yaml
@@ -9,21 +9,35 @@ spec:
path: apps/networking/unifi/controller
targetRevision: main
kustomize:
- commonLabels:
- app.kubernetes.io/category: networking
+ commonAnnotations:
+ reloader.stakater.com/auto: "true"
destination:
- namespace: unifi
+ namespace: networking
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
+ managedNamespaceMetadata:
+ labels:
+ prometheus: enabled
+ pod-security.kubernetes.io/enforce: privileged
+ pod-security.kubernetes.io/audit: privileged
+ pod-security.kubernetes.io/warn: privileged
syncOptions:
- - Prune=true
+ - CreateNamespace=true
- ServerSideApply=true
+ - Prune=true
retry:
- limit: 10
+ limit: 5
backoff:
- duration: 60s
+ duration: 20s
factor: 2
maxDuration: 15m
+ info:
+ - name: "Github Repository:"
+ value: >-
+ https://github.com/jacobalberty/unifi-docker
+ - name: "Image registry:"
+ value: >-
+ https://github.com/jacobalberty/unifi-docker/pkgs/container/unifi-docker
diff --git a/apps/argocd/base/projects/apps.yaml b/apps/argocd/base/projects/apps.yaml
index 66359ca09..b169b7b57 100644
--- a/apps/argocd/base/projects/apps.yaml
+++ b/apps/argocd/base/projects/apps.yaml
@@ -35,12 +35,8 @@ spec:
server: https://kubernetes.default.svc
- namespace: milvus-system
server: https://kubernetes.default.svc
- - namespace: chatgpt
- server: https://kubernetes.default.svc
- namespace: mlops
server: https://kubernetes.default.svc
- - namespace: gitea
- server: https://kubernetes.default.svc
- namespace: crossplane
server: https://kubernetes.default.svc
clusterResourceWhitelist:
diff --git a/apps/argocd/base/projects/kustomization.yaml b/apps/argocd/base/projects/kustomization.yaml
new file mode 100644
index 000000000..261f416cb
--- /dev/null
+++ b/apps/argocd/base/projects/kustomization.yaml
@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- apps.yaml
+- cluster.yaml
+- core.yaml
+- mlops.yaml
+- monitoring.yaml
+- networking.yaml
+
+commonAnnotations:
+ argocd.argoproj.io/sync-wave: "1"
diff --git a/apps/argocd/base/projects/matrix.yaml b/apps/argocd/base/projects/matrix.yaml
deleted file mode 100644
index 7b68185a6..000000000
--- a/apps/argocd/base/projects/matrix.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: AppProject
-metadata:
- name: matrix
-spec:
- description: Matrix Project
- sourceRepos:
- - '*'
- destinations:
- - namespace: matrix
- server: https://kubernetes.default.svc
- - namespace: matrix1
- server: https://kubernetes.default.svc
- - namespace: matrix-bots
- server: https://kubernetes.default.svc
- clusterResourceWhitelist:
- - group: '*'
- kind: '*'
- orphanedResources:
- warn: false
diff --git a/apps/argocd/base/projects/monitoring.yaml b/apps/argocd/base/projects/monitoring.yaml
index 7315e4ccb..49bd4a3a3 100644
--- a/apps/argocd/base/projects/monitoring.yaml
+++ b/apps/argocd/base/projects/monitoring.yaml
@@ -11,6 +11,8 @@ spec:
server: https://kubernetes.default.svc
- namespace: kube-system
server: https://kubernetes.default.svc
+ - namespace: networking
+ server: https://kubernetes.default.svc
- namespace: argocd
server: https://kubernetes.default.svc
- namespace: databases
@@ -21,8 +23,6 @@ spec:
server: https://kubernetes.default.svc
- namespace: services
server: https://kubernetes.default.svc
- - namespace: longhorn-system
- server: https://kubernetes.default.svc
clusterResourceWhitelist:
- group: '*'
kind: '*'
diff --git a/apps/argocd/base/projects/networking.yaml b/apps/argocd/base/projects/networking.yaml
index c39e4a669..7555f18e2 100644
--- a/apps/argocd/base/projects/networking.yaml
+++ b/apps/argocd/base/projects/networking.yaml
@@ -25,6 +25,8 @@ spec:
server: https://kubernetes.default.svc
- namespace: unifi
server: https://kubernetes.default.svc
+ - namespace: contour-system
+ server: https://kubernetes.default.svc
clusterResourceWhitelist:
- group: "*"
kind: "*"
diff --git a/apps/argocd/base/services/ofx-exporter.yaml b/apps/argocd/base/services/4get.yaml
similarity index 51%
rename from apps/argocd/base/services/ofx-exporter.yaml
rename to apps/argocd/base/services/4get.yaml
index a6883a295..8c9115bbf 100644
--- a/apps/argocd/base/services/ofx-exporter.yaml
+++ b/apps/argocd/base/services/4get.yaml
@@ -1,14 +1,12 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
- name: ofx-exporter
- finalizers:
- - resources-finalizer.argocd.argoproj.io
+ name: 4get
spec:
project: apps
source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/services/finances/exporter
+ repoURL: "https://github.com/gruberdev/homelab.git"
+ path: apps/services/4get
targetRevision: main
destination:
namespace: services
@@ -17,16 +15,19 @@ spec:
automated:
prune: true
selfHeal: true
- allowEmpty: false
syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - ApplyOutOfSyncOnly=false
- - Prune=true
+ - Prune=true
+ - ServerSideApply=true
retry:
limit: 10
backoff:
duration: 20s
factor: 2
maxDuration: 15m
+ info:
+ - name: 'Git Repository:'
+ value: >-
+ https://git.lolcat.ca/lolcat/4get
+ - name: 'Official Docs:'
+ value: >-
+ https://git.lolcat.ca/lolcat/4get/src/branch/master/docs/
diff --git a/apps/argocd/base/services/actual.yaml b/apps/argocd/base/services/actual.yaml
index 398b20a4b..f0a6c998e 100644
--- a/apps/argocd/base/services/actual.yaml
+++ b/apps/argocd/base/services/actual.yaml
@@ -2,8 +2,6 @@ apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: actual
- finalizers:
- - resources-finalizer.argocd.argoproj.io
spec:
project: apps
source:
@@ -17,17 +15,22 @@ spec:
automated:
prune: true
selfHeal: true
- allowEmpty: true
syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
+ - Prune=true
+ - ServerSideApply=true
retry:
limit: 10
backoff:
duration: 20s
factor: 2
maxDuration: 15m
+ info:
+ - name: 'Github Repository:'
+ value: >-
+ https://github.com/actualbudget/actual
+ - name: 'Official Website:'
+ value: >-
+ https://actualbudget.org/
+ - name: 'Documentation:'
+ value: >-
+ https://actualbudget.org/docs/
diff --git a/apps/argocd/base/services/archivebox.yaml b/apps/argocd/base/services/archivebox.yaml
deleted file mode 100644
index 7c10bdcf1..000000000
--- a/apps/argocd/base/services/archivebox.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: archivebox
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: apps
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/services/archivebox
- targetRevision: main
- destination:
- namespace: services
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 10
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/services/coder.yaml b/apps/argocd/base/services/coder.yaml
new file mode 100644
index 000000000..3c7644763
--- /dev/null
+++ b/apps/argocd/base/services/coder.yaml
@@ -0,0 +1,42 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: coder
+spec:
+ project: apps
+ source:
+ repoURL: "https://github.com/gruberdev/homelab.git"
+ path: apps/services/coder
+ targetRevision: main
+ destination:
+ namespace: services
+ name: in-cluster
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true
+ syncOptions:
+ - Prune=true
+ - ServerSideApply=true
+ retry:
+ limit: 10
+ backoff:
+ duration: 20s
+ factor: 2
+ maxDuration: 15m
+ info:
+ - name: 'Github Repository:'
+ value: >-
+ https://github.com/coder/coder
+ - name: 'Official Docs:'
+ value: >-
+ https://coder.com/docs
+ - name: 'Helm chart:'
+ value: >-
+ https://github.com/coder/coder/tree/main/helm/coder
+ - name: 'Helm values example:'
+ value: >-
+ https://github.com/coder/coder/blob/main/helm/coder/values.yaml
+ - name: 'Helm documentation:'
+ value: >-
+ hhttps://coder.com/docs/install/kubernetes
diff --git a/apps/argocd/base/services/feedpushr.yaml b/apps/argocd/base/services/feedpushr.yaml
deleted file mode 100644
index 122d2b3ae..000000000
--- a/apps/argocd/base/services/feedpushr.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: feedpushr
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: apps
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/services/rss/feedpushr
- targetRevision: main
- destination:
- namespace: rss
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- - Replace=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/services/gitea-utils.yaml b/apps/argocd/base/services/gitea-utils.yaml
deleted file mode 100644
index c4f4b578a..000000000
--- a/apps/argocd/base/services/gitea-utils.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: gitea-utils
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: apps
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/services/gitea
- targetRevision: main
- destination:
- namespace: gitea
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/services/gitea.yaml b/apps/argocd/base/services/gitea.yaml
index 93abbcf82..ebfdd788f 100644
--- a/apps/argocd/base/services/gitea.yaml
+++ b/apps/argocd/base/services/gitea.yaml
@@ -2,159 +2,38 @@ apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: gitea
- finalizers:
- - resources-finalizer.argocd.argoproj.io
spec:
project: apps
source:
- repoURL: https://dl.gitea.io/charts/
- chart: gitea
- targetRevision: 9.2.0
- helm:
- releaseName: gitea
- values: |
- checkDeprecation: true
- replicaCount: 1
- clusterDomain: cluster.local
- extraVolumes:
- - name: gitea-themes
- configMap:
- name: gitea-themes
- items:
- - key: theme-catppuccin-mocha-blue.css
- path: theme-catppuccin-mocha-blue.css
- extraVolumeMounts:
- - name: gitea-themes
- readOnly: true
- mountPath: "/data/gitea/public/css"
- strategy:
- type: "Recreate"
- gitea:
- additionalConfigFromEnvs:
- - name: GITEA__DATABASE__HOST
- value: db-gitea.gitea.svc.cluster.local
- - name: GITEA__DATABASE__USER
- valueFrom:
- secretKeyRef:
- name: gitea.db-gitea.credentials.postgresql.acid.zalan.do
- key: username
- - name: GITEA__DATABASE__PASSWD
- valueFrom:
- secretKeyRef:
- name: gitea.db-gitea.credentials.postgresql.acid.zalan.do
- key: password
- additionalConfigSources:
- - configMap:
- name: gitea-app-ini
- config:
- APP_NAME: "Gitea"
- server:
- SSH_PORT: 22
- admin:
- email:
- password:
- username:
- livenessProbe:
- enabled: true
- failureThreshold: 10
- initialDelaySeconds: 200
- periodSeconds: 10
- successThreshold: 1
- tcpSocket:
- port: http
- timeoutSeconds: 1
- metrics:
- enabled: true
- serviceMonitor:
- enabled: true
- readinessProbe:
- enabled: true
- failureThreshold: 3
- initialDelaySeconds: 5
- periodSeconds: 10
- successThreshold: 1
- tcpSocket:
- port: http
- timeoutSeconds: 1
- ssh:
- logLevel: INFO
- startupProbe:
- enabled: true
- failureThreshold: 10
- initialDelaySeconds: 60
- periodSeconds: 10
- successThreshold: 1
- tcpSocket:
- port: http
- timeoutSeconds: 1
- image:
- pullPolicy: Always
- repository: gitea/gitea
- rootless: false
- ingress:
- enabled: false
- initContainers:
- resources:
- limits:
- cpu: 350m
- memory: 512Mi
- requests:
- cpu: 100m
- memory: 256Mi
- redis-cluster:
- enabled: false
- usePassword: false
- persistence:
- create: false
- mount: true
- enabled: true
- claimName: gitea-shared-storage
- podSecurityContext:
- fsGroup: 1000
- postgresql-ha:
- enabled: false
- postgresql:
- enabled: false
- replicaCount: 1
- resources:
- limits:
- cpu: 750m
- memory: 1024Mi
- requests:
- cpu: 100m
- memory: 256Mi
- service:
- http:
- port: 3000
- type: ClusterIP
- ssh:
- port: 22
- type: ClusterIP
- signing:
- enabled: false
- gpgHome: /data/git/.gnupg
- deployment:
- terminationGracePeriodSeconds: 60
- enabled: true
-
+ repoURL: "https://github.com/gruberdev/homelab.git"
+ path: apps/services/gitea
+ targetRevision: main
destination:
- namespace: gitea
+ namespace: services
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
- allowEmpty: false
syncOptions:
- - Validate=false
- - CreateNamespace=true
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
+ - Prune=true
+ - ServerSideApply=true
retry:
limit: 10
backoff:
- duration: 30s
+ duration: 20s
factor: 2
- maxDuration: 60m
+ maxDuration: 15m
+ info:
+ - name: 'Github Repository:'
+ value: >-
+ https://github.com/go-gitea/gitea
+ - name: 'Awesome Gitea:'
+ value: >-
+ https://gitea.com/gitea/awesome-gitea
+ - name: 'Official Docs:'
+ value: >-
+ https://docs.gitea.com/
+ - name: 'Helm chart:'
+ value: >-
+ https://gitea.com/gitea/helm-chart
diff --git a/apps/argocd/base/services/grocy.yaml b/apps/argocd/base/services/grocy.yaml
deleted file mode 100644
index 5e4356ee7..000000000
--- a/apps/argocd/base/services/grocy.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: grocy
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: apps
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/services/grocy
- targetRevision: main
- destination:
- namespace: services
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 10
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/services/homepage.yaml b/apps/argocd/base/services/homepage.yaml
index 58825c231..ccf146d1c 100644
--- a/apps/argocd/base/services/homepage.yaml
+++ b/apps/argocd/base/services/homepage.yaml
@@ -2,8 +2,6 @@ apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: homepage
- finalizers:
- - resources-finalizer.argocd.argoproj.io
spec:
project: apps
source:
@@ -17,13 +15,9 @@ spec:
automated:
prune: true
selfHeal: true
- allowEmpty: false
syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - Prune=true
- - ServerSideApply=true
+ - Prune=true
+ - ServerSideApply=true
retry:
limit: 10
backoff:
diff --git a/apps/argocd/base/services/jupyterlab.yaml b/apps/argocd/base/services/jupyterlab.yaml
deleted file mode 100644
index f5e27051a..000000000
--- a/apps/argocd/base/services/jupyterlab.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: jupyterlab
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: apps
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/services/jupyter
- targetRevision: main
- destination:
- namespace: mlops
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- - Replace=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/services/kustomization.yaml b/apps/argocd/base/services/kustomization.yaml
index 18455ce62..d448abe71 100644
--- a/apps/argocd/base/services/kustomization.yaml
+++ b/apps/argocd/base/services/kustomization.yaml
@@ -2,17 +2,16 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- - actual.yaml
- gitea.yaml
- # - mlops.yaml
- - n8n.yaml
- - ofx-exporter.yaml
- onchange.yaml
- - gitea-utils.yaml
- - homepage.yaml
-#- wger.yaml
+ - actual.yaml
+ - n8n.yaml
+ - miniflux.yaml
+ - s3.yaml
+ - 4get.yaml
+ - coder.yaml
namespace: argocd
-commonLabels:
- app.kubernetes.io/category: services
+commonAnnotations:
+ argocd.argoproj.io/sync-wave: "3"
diff --git a/apps/argocd/base/services/librex.yaml b/apps/argocd/base/services/librex.yaml
deleted file mode 100644
index a98bc94b9..000000000
--- a/apps/argocd/base/services/librex.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: librex
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: apps
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/services/librex
- targetRevision: main
- destination:
- namespace: services
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- - Replace=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 5m
diff --git a/apps/argocd/base/services/metabase.yaml b/apps/argocd/base/services/metabase.yaml
deleted file mode 100644
index f1d1e417a..000000000
--- a/apps/argocd/base/services/metabase.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: metabase
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: services
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/data/metabase
- targetRevision: main
- destination:
- namespace: services
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- - Replace=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/utilities/sealed.yaml b/apps/argocd/base/services/miniflux.yaml
similarity index 68%
rename from apps/argocd/base/utilities/sealed.yaml
rename to apps/argocd/base/services/miniflux.yaml
index 9bb47592d..ce04bcc6a 100644
--- a/apps/argocd/base/utilities/sealed.yaml
+++ b/apps/argocd/base/services/miniflux.yaml
@@ -1,25 +1,23 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
- name: sealed-secrets
+ name: miniflux
spec:
- project: cluster
+ project: apps
source:
repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/utilities/sealed-secrets
+ path: apps/services/rss/miniflux
targetRevision: main
destination:
- namespace: kube-system
+ namespace: rss
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
- allowEmpty: true
syncOptions:
- - RespectIgnoreDifferences=true
+ - Prune=true
- ServerSideApply=true
- - Validate=false
retry:
limit: 10
backoff:
diff --git a/apps/argocd/base/services/mlops.yaml b/apps/argocd/base/services/mlops.yaml
deleted file mode 100644
index 18803e35c..000000000
--- a/apps/argocd/base/services/mlops.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: mlops
- namespace: argocd
-spec:
- project: apps
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/argocd/base/mlops
- targetRevision: main
- destination:
- namespace: mlops
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- retry:
- limit: 10
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/services/rss-hub.yaml b/apps/argocd/base/services/rss-hub.yaml
deleted file mode 100644
index 098a8a51b..000000000
--- a/apps/argocd/base/services/rss-hub.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: rss-hub
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: apps
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/services/rss/hub
- targetRevision: main
- destination:
- namespace: rss
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=true
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- - Replace=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/services/s3.yaml b/apps/argocd/base/services/s3.yaml
new file mode 100644
index 000000000..4ce1cf1bc
--- /dev/null
+++ b/apps/argocd/base/services/s3.yaml
@@ -0,0 +1,41 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: s3
+spec:
+ project: apps
+ source:
+ repoURL: 'https://github.com/gruberdev/homelab.git'
+ path: apps/data/minio/default
+ targetRevision: main
+ kustomize:
+ patches:
+ - target:
+ kind: Tenant
+ name: s3
+ patch: |
+ apiVersion: minio.min.io/v2
+ kind: Tenant
+ metadata:
+ name: s3
+ spec:
+ buckets:
+ - name: "metrics"
+ - name: "gitea"
+ - name: "n8n"
+ destination:
+ namespace: services
+ name: in-cluster
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true
+ syncOptions:
+ - Prune=true
+ - ServerSideApply=true
+ retry:
+ limit: 10
+ backoff:
+ duration: 20s
+ factor: 2
+ maxDuration: 15m
diff --git a/apps/argocd/base/services/squid.yaml b/apps/argocd/base/services/squid.yaml
deleted file mode 100644
index eb8094e3a..000000000
--- a/apps/argocd/base/services/squid.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: squid-proxy
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: networking
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/networking/squid
- targetRevision: main
- destination:
- namespace: networking
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 10
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/home/wyze.yaml b/apps/argocd/base/services/touito.yaml
similarity index 65%
rename from apps/argocd/base/home/wyze.yaml
rename to apps/argocd/base/services/touito.yaml
index 962487a54..dae3935bd 100644
--- a/apps/argocd/base/home/wyze.yaml
+++ b/apps/argocd/base/services/touito.yaml
@@ -1,17 +1,15 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
- name: wyze
- finalizers:
- - resources-finalizer.argocd.argoproj.io
+ name: touito
spec:
project: apps
source:
- repoURL: "https://github.com/gruberdev/homelab.git"
- path: apps/home/wyze
+ repoURL: 'https://github.com/gruberdev/homelab.git'
+ path: apps/services/touito
targetRevision: main
destination:
- namespace: homeassistant
+ namespace: services
name: in-cluster
syncPolicy:
automated:
@@ -21,7 +19,7 @@ spec:
- Prune=true
- ServerSideApply=true
retry:
- limit: 5
+ limit: 10
backoff:
duration: 20s
factor: 2
diff --git a/apps/argocd/base/services/wallabag.yaml b/apps/argocd/base/services/wallabag.yaml
deleted file mode 100644
index 6391f904e..000000000
--- a/apps/argocd/base/services/wallabag.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: wallabag
- finalizers:
- - resources-finalizer.argocd.argoproj.io
- annotations:
- argocd-image-updater.argoproj.io/write-back-method: git
- argocd-image-updater.argoproj.io/write-back-target: kustomization
- argocd-image-updater.argoproj.io/git-branch: main
- argocd-image-updater.argoproj.io/image-list: wallabag=wallabag/wallabag
- argocd-image-updater.argoproj.io/wallabag.platforms: linux/arm64,linux/amd64
-spec:
- project: apps
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/services/wallabag
- targetRevision: main
- destination:
- namespace: services
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Replace=true
- - Prune=true
- retry:
- limit: 6
- backoff:
- duration: 60s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/services/wger.yaml b/apps/argocd/base/services/wger.yaml
deleted file mode 100644
index 65efc3a47..000000000
--- a/apps/argocd/base/services/wger.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: wger
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: apps
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/services/wger
- targetRevision: main
- destination:
- namespace: services
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: false
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/styles-cm.yaml b/apps/argocd/base/styles-cm.yaml
index 82073af3f..47f63a61d 100644
--- a/apps/argocd/base/styles-cm.yaml
+++ b/apps/argocd/base/styles-cm.yaml
@@ -4,6 +4,75 @@ metadata:
name: argocd-styles-cm
data:
my-styles.css: |
+ @import url('https://fonts.googleapis.com/css2?family=Inter:wght@300;700&display=swap');
+ body {
+ font-family: "Inter", sans-serif;
+ }
+ :root {
+ --sidebar-background: #32201b;
+ --page-and-panel-background: #f0ece8;
+ --button-primary: #7d7370;
+ --button-secondary: #7d7370;
+ --button-disabled: #968f8c;
+ --primary: #01894d;
+ }
+ .argo-button--base {
+ color: #f8fbfb;
+ background-color: #080909;
+ }
.nav-bar {
background: linear-gradient(to bottom, #999, #777, #333, #222, #111);
}
+ .nav-bar__logo img,
+ .sidebar__logo img,
+ .sidebar__logo__character img {
+ content: url(https://gist.githubusercontent.com/gruberdev/1c4aeaf4e44998ac0b23f69e388421a7/raw/18784fbca7282ddb58336a1d10aa83bf79bd4e6e/logo.svg.);
+ }
+ .theme-dark .argo-table-list__row{
+ background: #191a1e;
+ color: #7e7e89;
+ }
+ .applications-list__entry--health-Healthy {
+ border-left-color: #46b592;
+ }
+ .sidebar {
+ background-color: #161819;
+ }
+ .page__content-wrapper {
+ background: var(--page-and-panel-background) !important;
+ }
+
+ .sliding-panel__header,
+ .sliding-panel__body {
+ background: var(--page-and-panel-background) !important;
+ }
+
+ /* primary */
+ .argo-button--base,
+ .argo-button--base:hover {
+ background: var(--button-primary) !important;
+ }
+
+ .argo-button--base:hover {
+ background: var(--button-primary) !important;
+ opacity: 0.8 !important;
+ }
+
+ /* secondary */
+ .argo-button--base-o {
+ color: var(--button-primary) !important;
+ box-shadow: inset 0 0 0 1px var(--button-primary) !important;
+ }
+
+ .argo-button--base-o:hover,
+ .argo-button--base-o:focus {
+ background: var(--button-secondary) !important;
+ color: #fff !important;
+ box-shadow: inset 0 0 0 1px var(--button-secondary) !important;
+ }
+
+ /* disabled */
+ .argo-button.disabled,
+ .argo-button[disabled] {
+ background: var(--button-disabled) !important;
+ }
diff --git a/apps/argocd/base/svc-monitors.yaml b/apps/argocd/base/svc-monitors.yaml
new file mode 100644
index 000000000..0ab8fc388
--- /dev/null
+++ b/apps/argocd/base/svc-monitors.yaml
@@ -0,0 +1,77 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: argocd-metrics
+ labels:
+ release: prometheus-operator
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: argocd-metrics
+ endpoints:
+ - port: metrics
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: argocd-server-metrics
+ labels:
+ release: prometheus-operator
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: argocd-server-metrics
+ endpoints:
+ - port: metrics
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: argocd-repo-server-metrics
+ labels:
+ release: prometheus-operator
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: argocd-repo-server
+ endpoints:
+ - port: metrics
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: argocd-applicationset-controller-metrics
+ labels:
+ release: prometheus-operator
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: argocd-applicationset-controller
+ endpoints:
+ - port: metrics
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: argocd-redis-haproxy-metrics
+ labels:
+ release: prometheus-operator
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: argocd-redis-ha-haproxy
+ endpoints:
+ - port: http-exporter-port
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: argocd-notifications-controller
+ labels:
+ release: prometheus-operator
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: argocd-notifications-controller-metrics
+ endpoints:
+ - port: metrics
diff --git a/apps/argocd/base/utilities/agones.yaml b/apps/argocd/base/utilities/agones.yaml
new file mode 100644
index 000000000..70df4703c
--- /dev/null
+++ b/apps/argocd/base/utilities/agones.yaml
@@ -0,0 +1,283 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: agones
+spec:
+ project: cluster
+ source:
+ repoURL: https://github.com/googleforgames/agones.git
+ targetRevision: v1.40.0
+ path: install/helm/agones
+ helm:
+ releaseName: agones
+ values: |
+ agones:
+ featureGates: PlayerTracking=true&CountsAndLists=true
+ metrics:
+ serviceMonitor:
+ enabled: true
+ interval: 30s
+ rbacEnabled: true
+ registerServiceAccounts: true
+ registerWebhooks: true
+ registerApiService: true
+ crds:
+ install: true
+ cleanupOnDelete: true
+ cleanupJobTTL: 60
+ controller:
+ resources:
+ requests:
+ cpu: 10m
+ memory: 256Mi
+ limits:
+ cpu: 40m
+ memory: 512Mi
+ tolerations:
+ - key: "agones.dev/agones-system"
+ operator: "Equal"
+ value: "true"
+ effect: "NoExecute"
+ generateTLS: false
+ disableSecret: false
+ allocationApiService:
+ annotations: {}
+ disableCaBundle: false
+ validatingWebhook:
+ annotations: {}
+ disableCaBundle: false
+ mutatingWebhook:
+ annotations: {}
+ disableCaBundle: false
+ http:
+ port: 8080
+ healthCheck:
+ initialDelaySeconds: 15
+ periodSeconds: 3
+ failureThreshold: 3
+ timeoutSeconds: 1
+ allocationBatchWaitTime: 500ms
+ replicas: 1
+ pdb:
+ minAvailable: 1
+ extensions:
+ resources:
+ requests:
+ cpu: 10m
+ memory: 128Mi
+ limits:
+ cpu: 40m
+ memory: 256Mi
+ tolerations:
+ - key: "agones.dev/agones-system"
+ operator: "Equal"
+ value: "true"
+ effect: "NoExecute"
+ generateTLS: false
+ tlsCert: ""
+ tlsKey: ""
+ disableSecret: false
+ allocationApiService:
+ annotations: {}
+ disableCaBundle: false
+ validatingWebhook:
+ annotations: {}
+ disableCaBundle: false
+ mutatingWebhook:
+ annotations: {}
+ disableCaBundle: false
+ persistentLogs: true
+ persistentLogsSizeLimitMB: 10000
+ logLevel: info
+ numWorkers: 100
+ apiServerQPS: 400
+ apiServerQPSBurst: 500
+ http:
+ port: 8080
+ healthCheck:
+ initialDelaySeconds: 15
+ periodSeconds: 3
+ failureThreshold: 3
+ timeoutSeconds: 1
+ allocationBatchWaitTime: 500ms
+ pdb:
+ minAvailable: 1
+ replicas: 1
+ readiness:
+ initialDelaySeconds: 15
+ periodSeconds: 3
+ failureThreshold: 3
+ topologySpreadConstraints: {}
+ ping:
+ install: true
+ pdb:
+ enabled: false
+ updateStrategy: {}
+ resources:
+ requests:
+ cpu: 10m
+ memory: 128Mi
+ limits:
+ cpu: 35m
+ memory: 256Mi
+ nodeSelector: {}
+ annotations: {}
+ tolerations:
+ - key: "agones.dev/agones-system"
+ operator: "Equal"
+ value: "true"
+ effect: "NoExecute"
+ replicas: 1
+ http:
+ expose: true
+ response: ok
+ port: 80
+ serviceType: ClusterIP
+ udp:
+ expose: true
+ rateLimit: 20
+ port: 50000
+ serviceType: ClusterIP
+ healthCheck:
+ initialDelaySeconds: 15
+ periodSeconds: 3
+ failureThreshold: 3
+ timeoutSeconds: 1
+ allocator:
+ install: true
+ pdb:
+ enabled: false
+ minAvailable: 1
+ updateStrategy: {}
+ apiServerQPS: 400
+ apiServerQPSBurst: 500
+ logLevel: info
+ annotations: {}
+ resources:
+ requests:
+ cpu: 100m
+ memory: 256Mi
+ limits:
+ cpu: 200m
+ memory: 512Mi
+ healthCheck:
+ initialDelaySeconds: 3
+ periodSeconds: 3
+ failureThreshold: 3
+ timeoutSeconds: 1
+ readiness:
+ initialDelaySeconds: 3
+ periodSeconds: 3
+ failureThreshold: 3
+ tolerations:
+ - key: "agones.dev/agones-system"
+ operator: "Equal"
+ value: "true"
+ effect: "NoExecute"
+ replicas: 1
+ service:
+ annotations: {}
+ grpc:
+ enabled: true
+ nodePort: 30300
+ port: 443
+ portName: grpc
+ http:
+ enabled: true
+ nodePort: 30564
+ port: 443
+ portName: https
+ name: agones-allocator
+ serviceType: NodePort
+ serviceMetrics:
+ name: agones-allocator-metrics-service
+ annotations: {}
+ http:
+ enabled: true
+ port: 8080
+ portName: http
+ generateTLS: false
+ generateClientTLS: true
+ clientCAs: {}
+ disableMTLS: false
+ disableTLS: false
+ remoteAllocationTimeout: 10s
+ totalRemoteAllocationTimeout: 30s
+ allocationBatchWaitTime: 500ms
+ topologySpreadConstraints: {}
+ image:
+ registry: us-docker.pkg.dev/agones-images/release
+ tag: 1.40.0
+ controller:
+ name: agones-controller
+ pullPolicy: IfNotPresent
+ extensions:
+ name: agones-extensions
+ pullPolicy: IfNotPresent
+ sdk:
+ name: agones-sdk
+ cpuRequest: 30m
+ cpuLimit: 150m
+ memoryRequest: 128Mi
+ memoryLimit: 256Mi
+ alwaysPull: false
+ ping:
+ name: agones-ping
+ pullPolicy: IfNotPresent
+ allocator:
+ name: agones-allocator
+ pullPolicy: IfNotPresent
+ gameservers:
+ namespaces:
+ - default
+ - agones-system
+ - gaming
+ maxPort: 34000
+ minPort: 32767
+ podPreserveUnknownFields: false
+ destination:
+ namespace: agones-system
+ name: in-cluster
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true
+ managedNamespaceMetadata:
+ labels:
+ prometheus: enabled
+ pod-security.kubernetes.io/enforce: privileged
+ pod-security.kubernetes.io/audit: privileged
+ pod-security.kubernetes.io/warn: privileged
+ syncOptions:
+ - Prune=true
+ - ServerSideApply=true
+ - CreateNamespace=true
+ retry:
+ limit: 5
+ backoff:
+ duration: 20s
+ factor: 2
+ maxDuration: 15m
+ ignoreDifferences:
+ - group: "agones-sdk-access"
+ kind: "ClusterRoleBinding"
+ - group: "agones-sdk"
+ kind: "ClusterRole"
+ - group: "agones-sdk"
+ kind: "ServiceAccount"
+ info:
+ - name: "Github Repository:"
+ value: >-
+ https://github.com/googleforgames/agones
+ - name: "Official Website:"
+ value: >-
+ https://agones.dev
+ - name: "Official Documentation:"
+ value: >-
+ https://agones.dev/site/docs
+ - name: "Helm chart documentation:"
+ value: >-
+ https://agones.dev/site/docs/installation/install-agones/helm
+ - name: "Helm chart values:"
+ value: >-
+ https://github.com/googleforgames/agones/blob/main/install/helm/agones/values.yaml
diff --git a/apps/argocd/base/utilities/chaos.yaml b/apps/argocd/base/utilities/chaos.yaml
deleted file mode 100644
index bc55a932e..000000000
--- a/apps/argocd/base/utilities/chaos.yaml
+++ /dev/null
@@ -1,225 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: chaos-mesh
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: cluster
- source:
- repoURL: https://charts.botkube.io
- chart: chaos-mesh
- targetRevision: 2.5.0
- helm:
- releaseName: chaos-mesh
- values: |
- bpfki:
- create: false
- grpcPort: 50051
- image:
- repository: chaos-mesh/chaos-kernel
- imagePullPolicy: IfNotPresent
- chaosDaemon:
- grpcPort: 31767
- hostNetwork: false
- httpPort: 31766
- image:
- repository: chaos-mesh/chaos-daemon
- imagePullPolicy: IfNotPresent
- mtls:
- enabled: true
- nodeSelector:
- kubernetes.io/hostname: node-one
- podSecurityPolicy: false
- privileged: true
- resources:
- limits:
- cpu: 150m
- memory: 300Mi
- requests:
- cpu: 25m
- memory: 128Mi
- runtime: docker
- serviceAccount: chaos-daemon
- socketPath: /var/run/docker.sock
- chaosDlv:
- enable: false
- image:
- repository: chaos-mesh/chaos-dlv
- imagePullPolicy: IfNotPresent
- clusterScoped: true
- controllerManager:
- allowHostNetworkTesting: false
- chaosdSecurityMode: true
- enableFilterNamespace: false
- enabledControllers:
- - '*'
- enabledWebhooks:
- - '*'
- env:
- METRICS_PORT: 10080
- WEBHOOK_PORT: 10250
- hostNetwork: false
- image:
- repository: chaos-mesh/chaos-mesh
- imagePullPolicy: IfNotPresent
- leaderElection:
- enabled: true
- leaseDuration: 15s
- renewDeadline: 10s
- retryPeriod: 2s
- nodeSelector:
- kubernetes.io/hostname: node-one
- podChaos:
- podFailure:
- pauseImage: gcr.io/google-containers/pause:latest
- replicaCount: 1
- resources:
- limits:
- cpu: 500m
- memory: 1024Mi
- requests:
- cpu: 25m
- memory: 256Mi
- service:
- type: ClusterIP
- serviceAccount: chaos-controller-manager
- targetNamespace: chaos-mesh
- dashboard:
- create: true
- env:
- CLEAN_SYNC_PERIOD: 12h
- DATABASE_DATASOURCE: /data/core.sqlite
- DATABASE_DRIVER: sqlite3
- LISTEN_HOST: 0.0.0.0
- LISTEN_PORT: 2333
- METRIC_HOST: 0.0.0.0
- METRIC_PORT: 2334
- TTL_EVENT: 168h
- TTL_EXPERIMENT: 336h
- TTL_SCHEDULE: 336h
- TTL_WORKFLOW: 336h
- gcpSecurityMode: false
- hostNetwork: false
- image:
- repository: chaos-mesh/chaos-dashboard
- imagePullPolicy: IfNotPresent
- ingress:
- certManager: false
- enabled: false
- hosts:
- - name: dashboard.local
- tls: false
- tlsSecret: dashboard.local-tls
- paths:
- - /
- nodeSelector:
- kubernetes.io/hostname: node-one
- persistentVolume:
- enabled: false
- mountPath: /data
- size: 8Gi
- storageClassName: standard
- replicaCount: 1
- resources:
- limits:
- cpu: 150m
- memory: 300Mi
- requests:
- cpu: 25m
- memory: 128Mi
- rootUrl: http://localhost:2333
- securityMode: true
- service:
- type: NodePort
- serviceAccount: chaos-dashboard
- dnsServer:
- create: false
- env:
- LISTEN_HOST: 0.0.0.0
- LISTEN_PORT: 53
- grpcPort: 9288
- image: pingcap/coredns:v0.2.1
- imagePullPolicy: IfNotPresent
- name: chaos-mesh-dns-server
- nodeSelector:
- kubernetes.io/hostname: node-one
- replicas: 1
- resources:
- requests:
- cpu: 100m
- memory: 70Mi
- serviceAccount: chaos-dns-server
- enableCtrlServer: true
- enableProfiling: true
- images:
- registry: ghcr.io
- tag: latest
- prometheus:
- create: false
- image: prom/prometheus:v2.18.1
- imagePullPolicy: IfNotPresent
- nodeSelector:
- kubernetes.io/hostname: node-one
- resources:
- limits:
- cpu: 500m
- memory: 1024Mi
- requests:
- cpu: 250m
- memory: 512Mi
- service:
- type: ClusterIP
- serviceAccount: prometheus
- volume:
- storage: 2Gi
- storageClassName: standard
- rbac:
- create: true
- timezone: America/Sao_Paulo
- webhook:
- CRDS:
- - podchaos
- - iochaos
- - timechaos
- - networkchaos
- - kernelchaos
- - stresschaos
- - awschaos
- - azurechaos
- - gcpchaos
- - dnschaos
- - jvmchaos
- - schedule
- - workflow
- - httpchaos
- - blockchaos
- - physicalmachinechaos
- - physicalmachine
- - statuscheck
- - remotecluster
- FailurePolicy: Fail
- certManager:
- enabled: false
- timeoutSeconds: 5
- destination:
- namespace: monitoring
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=false
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/utilities/cpu-booster.yaml b/apps/argocd/base/utilities/cpu-booster.yaml
new file mode 100644
index 000000000..20ce47ac8
--- /dev/null
+++ b/apps/argocd/base/utilities/cpu-booster.yaml
@@ -0,0 +1,36 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: cpu-booster
+spec:
+ project: cluster
+ source:
+ repoURL: "https://github.com/google/kube-startup-cpu-boost.git"
+ path: ./
+ targetRevision: v0.9.0
+ kustomize:
+ images:
+ - ghcr.io/google/kube-startup-cpu-boost:v0.9.0
+ destination:
+ namespace: utilities
+ name: in-cluster
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true
+ syncOptions:
+ - Prune=true
+ - ServerSideApply=true
+ retry:
+ limit: 10
+ backoff:
+ duration: 30s
+ factor: 2
+ maxDuration: 60m
+ info:
+ - name: "Github Repository:"
+ value: >-
+ https://github.com/google/kube-startup-cpu-boost
+ - name: "Documentation:"
+ value: >-
+ https://github.com/google/kube-startup-cpu-boost#usage
diff --git a/apps/argocd/base/utilities/crossplane.yaml b/apps/argocd/base/utilities/crossplane.yaml
deleted file mode 100644
index ed25f2209..000000000
--- a/apps/argocd/base/utilities/crossplane.yaml
+++ /dev/null
@@ -1,57 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: crossplane
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: apps
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/utilities/crossplane
- targetRevision: main
- destination:
- namespace: crossplane
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: false
- managedNamespaceMetadata:
- labels:
- prometheus: enabled
- syncOptions:
- - Validate=false
- - CreateNamespace=true
- - PrunePropagationPolicy=foreground
- - ServerSideApply=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
- info:
- - name: 'Github Repository:'
- value: >-
- https://github.com/crossplane/crossplane
- - name: 'Providers marketplace:'
- value: >-
- https://marketplace.upbound.io/
- - name: 'Helm chart Github path:'
- value: >-
- https://github.com/crossplane/crossplane/tree/master/cluster/charts/crossplane
- - name: 'Official docs:'
- value: >-
- https://docs.crossplane.io/latest/
- # https://github.com/crossplane/crossplane/issues/4509
- # This was not fixed with the PR/fix and requires ArgoCD patching to sync.
- ignoreDifferences:
- - group: apps
- kind: Deployment
- jqPathExpressions:
- - .spec.template.spec.containers[].env[].valueFrom.resourceFieldRef.divisor
- - .spec.template.spec.initContainers[].env[].valueFrom.resourceFieldRef.divisor
diff --git a/apps/argocd/base/utilities/descheduler.yaml b/apps/argocd/base/utilities/descheduler.yaml
index 33d1db751..e42dc8f27 100644
--- a/apps/argocd/base/utilities/descheduler.yaml
+++ b/apps/argocd/base/utilities/descheduler.yaml
@@ -2,8 +2,6 @@ apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: descheduler
- finalizers:
- - resources-finalizer.argocd.argoproj.io
spec:
project: cluster
source:
@@ -26,3 +24,16 @@ spec:
duration: 30s
factor: 2
maxDuration: 60m
+ info:
+ - name: 'Github Repository:'
+ value: >-
+ https://github.com/kubernetes-sigs/descheduler
+ - name: 'Config examples:'
+ value: >-
+ https://github.com/kubernetes-sigs/descheduler/tree/master/examples
+ - name: 'Official Docs:'
+ value: >-
+ https://github.com/kubernetes-sigs/descheduler?tab=readme-ov-file#user-guide
+ - name: 'Base Kustomize directory:'
+ value: >-
+ https://github.com/kubernetes-sigs/descheduler/tree/master/kubernetes/deployment
diff --git a/apps/argocd/base/utilities/eraser.yaml b/apps/argocd/base/utilities/eraser.yaml
index 76f92c5c2..413856a1a 100644
--- a/apps/argocd/base/utilities/eraser.yaml
+++ b/apps/argocd/base/utilities/eraser.yaml
@@ -2,8 +2,6 @@ apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: eraser
- finalizers:
- - resources-finalizer.argocd.argoproj.io
spec:
project: cluster
source:
@@ -11,22 +9,22 @@ spec:
path: apps/utilities/eraser
targetRevision: main
destination:
- namespace: eraser-system
+ namespace: utilities
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
- allowEmpty: false
managedNamespaceMetadata:
labels:
prometheus: enabled
+ pod-security.kubernetes.io/enforce: privileged
+ pod-security.kubernetes.io/audit: privileged
+ pod-security.kubernetes.io/warn: privileged
syncOptions:
- - Validate=false
- - CreateNamespace=true
- - PrunePropagationPolicy=foreground
- - ApplyOutOfSyncOnly=false
- Prune=true
+ - ServerSideApply=true
+ - CreateNamespace=true
retry:
limit: 5
backoff:
diff --git a/apps/argocd/base/utilities/external-secrets.yaml b/apps/argocd/base/utilities/external-secrets.yaml
new file mode 100644
index 000000000..813a3d280
--- /dev/null
+++ b/apps/argocd/base/utilities/external-secrets.yaml
@@ -0,0 +1,47 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: external-secrets
+ namespace: argocd
+spec:
+ project: cluster
+ source:
+ repoURL: 'https://github.com/gruberdev/homelab.git'
+ path: apps/utilities/external-secrets
+ targetRevision: main
+ destination:
+ namespace: external-secrets
+ name: in-cluster
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true
+ managedNamespaceMetadata:
+ labels:
+ prometheus: enabled
+ pod-security.kubernetes.io/enforce: privileged
+ pod-security.kubernetes.io/audit: privileged
+ pod-security.kubernetes.io/warn: privileged
+ syncOptions:
+ - Prune=true
+ - ServerSideApply=true
+ - CreateNamespace=true
+ retry:
+ limit: 10
+ backoff:
+ duration: 20s
+ factor: 2
+ maxDuration: 15m
+ info:
+ - name: "Github Repository:"
+ value: >-
+ https://github.com/external-secrets/external-secrets
+ - name: "Chart location:"
+ value: >-
+ https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
+ - name: "Official Website:"
+ value: >-
+ https://external-secrets.io/
+ - name: "Documentation for Bitwarden provisioner:"
+ value: >-
+ https://external-secrets.io/v0.9.16/examples/bitwarden/
diff --git a/apps/argocd/base/utilities/gfd.yaml b/apps/argocd/base/utilities/gfd.yaml
deleted file mode 100644
index bb2dafcd0..000000000
--- a/apps/argocd/base/utilities/gfd.yaml
+++ /dev/null
@@ -1,114 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: gpu-feature-discovery
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: cluster
- source:
- repoURL: https://github.com/NVIDIA/gpu-feature-discovery.git
- targetRevision: v0.8.2
- path: deployments/helm/gpu-feature-discovery
- helm:
- releaseName: nfd-gfd-discovery
- values: |
- failOnInitError: true
- migStrategy: none
- noTimestamp: false
- sleepInterval: 60s
- nameOverride: ""
- fullnameOverride: ""
- selectorLabelsOverride: {}
- allowDefaultNamespace: false
- imagePullSecrets: []
- image:
- repository: nvcr.io/nvidia/gpu-feature-discovery
- pullPolicy: IfNotPresent
- # Overrides the image tag whose default is the chart appVersion.
- tag: ""
- updateStrategy:
- type: RollingUpdate
- podAnnotations: {}
- podSecurityContext: {}
- securityContext:
- privileged: true
- resources: {}
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: feature.node.kubernetes.io/pci-10de.present
- operator: In
- values:
- - "true"
- - matchExpressions:
- - key: feature.node.kubernetes.io/cpu-model.vendor_id
- operator: In
- values:
- - "NVIDIA"
- - matchExpressions:
- - key: "nvidia.com/gpu.present"
- operator: In
- values:
- - "true"
- nodeSelector:
- kubernetes.io/hostname: node-one
- tolerations:
- - key: CriticalAddonsOnly
- operator: Exists
- - key: nvidia.com/gpu
- operator: Exists
- effect: NoSchedule
- priorityClassName: "system-node-critical"
- runtimeClassName: null
- nfd:
- nameOverride: node-feature-discovery
- master:
- extraLabelNs:
- - nvidia.com
- serviceAccount:
- name: node-feature-discovery
- worker:
- tolerations:
- - key: "node-role.kubernetes.io/master"
- operator: "Equal"
- value: ""
- effect: "NoSchedule"
- - key: "nvidia.com/gpu"
- operator: "Equal"
- value: "present"
- effect: "NoSchedule"
- config:
- sources:
- pci:
- deviceClassWhitelist:
- - "02"
- - "0200"
- - "0207"
- - "0300"
- - "0302"
- deviceLabelFields:
- - vendor
- destination:
- namespace: kube-system
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - PruneLast=false
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/utilities/kube-fledged.yaml b/apps/argocd/base/utilities/kube-fledged.yaml
index 7c59e9f77..c00d71aa8 100644
--- a/apps/argocd/base/utilities/kube-fledged.yaml
+++ b/apps/argocd/base/utilities/kube-fledged.yaml
@@ -1,75 +1,13 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
- name: fledged-app
- finalizers:
- - resources-finalizer.argocd.argoproj.io
+ name: kube-fledged
spec:
project: cluster
source:
- repoURL: 'https://github.com/senthilrch/kube-fledged.git'
- targetRevision: v0.10.0
- path: deploy/kubefledged-operator/helm-charts/kubefledged
- helm:
- releaseName: kube-fledged
- values: |
- args:
- controllerImageCacheRefreshFrequency: 15m
- controllerImageDeleteJobHostNetwork: false
- controllerImagePullDeadlineDuration: 5m
- controllerImagePullPolicy: IfNotPresent
- controllerJobRetentionPolicy: delete
- controllerLogLevel: INFO
- webhookServerCertFile: /var/run/secrets/webhook-server/tls.crt
- webhookServerKeyFile: /var/run/secrets/webhook-server/tls.key
- webhookServerLogLevel: INFO
- webhookServerPort: 443
- clusterRole:
- create: true
- clusterRoleBinding:
- create: true
- command:
- kubefledgedControllerCommand:
- - /opt/bin/kubefledged-controller
- kubefledgedWebhookServerCommand:
- - /opt/bin/kubefledged-webhook-server
- controller:
- hostNetwork: false
- controllerReplicaCount: 1
- image:
- busyboxImageRepository: senthilrch/busybox
- busyboxImageVersion: 1.35.0
- kubefledgedCRIClientRepository: docker.io/senthilrch/kubefledged-cri-client
- kubefledgedControllerRepository: docker.io/senthilrch/kubefledged-controller
- kubefledgedWebhookServerRepository: docker.io/senthilrch/kubefledged-webhook-server
- pullPolicy: Always
- ingress:
- enabled: false
- nodeSelector:
- kubernetes.io/arch: amd64
- resources:
- limits:
- cpu: 120m
- memory: 256Mi
- requests:
- cpu: 20m
- memory: 64Mi
- service:
- port: 80
- type: ClusterIP
- serviceAccount:
- create: true
- validatingWebhook:
- create: true
- webhookServer:
- enable: true
- hostNetwork: false
- webhookServerReplicaCount: 1
- webhookService:
- create: true
- port: 3443
- targetPort: 443
- type: ClusterIP
+ repoURL: "https://github.com/gruberdev/homelab.git"
+ path: apps/utilities/kube-fledged
+ targetRevision: main
destination:
namespace: kube-system
name: in-cluster
@@ -77,17 +15,22 @@ spec:
automated:
prune: true
selfHeal: true
- allowEmpty: false
syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=background
- - ServerSideApply=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
+ - Prune=true
+ - ServerSideApply=true
retry:
- limit: 5
+ limit: 10
backoff:
- duration: 5s
+ duration: 30s
factor: 2
- maxDuration: 3m
+ maxDuration: 60m
+ info:
+ - name: "Github Repository:"
+ value: >-
+ https://github.com/senthilrch/kube-fledged
+ - name: "Helm chart values:"
+ value: >-
+ https://github.com/senthilrch/kube-fledged/blob/master/deploy/kubefledged-operator/helm-charts/kubefledged/values.yaml
+ - name: "Helm chart documentation:"
+ value: >-
+ https://github.com/senthilrch/kube-fledged/blob/master/docs/helm-parameters.md
diff --git a/apps/argocd/base/utilities/kured.yaml b/apps/argocd/base/utilities/kured.yaml
deleted file mode 100644
index 9b7134261..000000000
--- a/apps/argocd/base/utilities/kured.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: kured
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: cluster
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/utilities/kured
- targetRevision: main
- destination:
- namespace: kube-system
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: false
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/utilities/kustomization.yaml b/apps/argocd/base/utilities/kustomization.yaml
index 9168080d0..7778e3acf 100644
--- a/apps/argocd/base/utilities/kustomization.yaml
+++ b/apps/argocd/base/utilities/kustomization.yaml
@@ -2,18 +2,16 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
+ - nvidia.yaml
- kube-fledged.yaml
- reflector.yaml
- - reloader.yaml
- - snapshot.yaml
- - sealed.yaml
- - crossplane.yaml
+ - cpu-booster.yaml
- descheduler.yaml
-# - eraser.yaml
-# - kured.yaml
-# - wavy.yaml
+ - eraser.yaml
+ - agones.yaml
+ - external-secrets.yaml
namespace: argocd
-commonLabels:
- app.kubernetes.io/category: utilities
+commonAnnotations:
+ argocd.argoproj.io/sync-wave: "1"
diff --git a/apps/argocd/base/utilities/nvidia.yaml b/apps/argocd/base/utilities/nvidia.yaml
new file mode 100644
index 000000000..f39a3f945
--- /dev/null
+++ b/apps/argocd/base/utilities/nvidia.yaml
@@ -0,0 +1,39 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: nvidia-device-plugin
+spec:
+ project: cluster
+ source:
+ repoURL: "https://github.com/gruberdev/homelab.git"
+ path: apps/utilities/nvidia
+ targetRevision: main
+ destination:
+ namespace: utilities
+ name: in-cluster
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true
+ syncOptions:
+ - Prune=true
+ - ServerSideApply=true
+ retry:
+ limit: 10
+ backoff:
+ duration: 30s
+ factor: 2
+ maxDuration: 60m
+ info:
+ - name: "Github Repository:"
+ value: >-
+ https://github.com/NVIDIA/k8s-device-plugin
+ - name: "Helm chart values:"
+ value: >-
+ https://github.com/NVIDIA/k8s-device-plugin/blob/main/deployments/helm/nvidia-device-plugin/values.yaml
+ - name: "Helm chart documentation:"
+ value: >-
+ https://github.com/NVIDIA/k8s-device-plugin?tab=readme-ov-file#deployment-via-helm
+ - name: "Container image registry explorer:"
+ value: >-
+ https://explore.ggcr.dev/?repo=nvcr.io%2Fnvidia%2Fk8s-device-plugin
diff --git a/apps/argocd/base/utilities/reflector.yaml b/apps/argocd/base/utilities/reflector.yaml
index 3ba97d2e2..6b09499ca 100644
--- a/apps/argocd/base/utilities/reflector.yaml
+++ b/apps/argocd/base/utilities/reflector.yaml
@@ -1,35 +1,28 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
- name: reflector-app
- finalizers:
- - resources-finalizer.argocd.argoproj.io
+ name: reflector
spec:
project: cluster
source:
repoURL: https://emberstack.github.io/helm-charts
chart: reflector
- targetRevision: 7.1.238
+ targetRevision: 7.1.262
helm:
releaseName: reflector
destination:
- namespace: kube-system
+ namespace: utilities
name: in-cluster
syncPolicy:
automated:
prune: true
selfHeal: true
- allowEmpty: false
syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=background
- - ServerSideApply=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
+ - Prune=true
+ - ServerSideApply=true
retry:
limit: 5
backoff:
- duration: 5s
+ duration: 20s
factor: 2
- maxDuration: 3m
+ maxDuration: 15m
diff --git a/apps/argocd/base/utilities/reloader.yaml b/apps/argocd/base/utilities/reloader.yaml
deleted file mode 100644
index 6906b29ea..000000000
--- a/apps/argocd/base/utilities/reloader.yaml
+++ /dev/null
@@ -1,47 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: reloader
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: cluster
- source:
- repoURL: https://stakater.github.io/stakater-charts
- chart: reloader
- targetRevision: 1.0.69
- helm:
- releaseName: reloader
- values: |
- kubernetes:
- host: https://kubernetes.default
- reloader:
- isArgoRollouts: true
- isOpenshift: false
- ignoreSecrets: false
- ignoreConfigMaps: false
- reloadOnCreate: true
- reloadStrategy: default
- watchGlobally: true
- readOnlyRootFileSystem: false
- destination:
- namespace: kube-system
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: true
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=foreground
- - ServerSideApply=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: -1
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/utilities/snapshot.yaml b/apps/argocd/base/utilities/snapshot.yaml
deleted file mode 100644
index 78b11bef9..000000000
--- a/apps/argocd/base/utilities/snapshot.yaml
+++ /dev/null
@@ -1,56 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: snapshot-controller
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: cluster
- source:
- repoURL: 'https://github.com/democratic-csi/charts.git'
- targetRevision: snapshot-controller-0.2.4
- path: stable/snapshot-controller
- helm:
- releaseName: snapshot-controller
- values: |
- controller:
- enabled: true
- rbac:
- enabled: true
- replicaCount: 1
- image:
- repository: registry.k8s.io/sig-storage/snapshot-controller
- pullPolicy: IfNotPresent
- args:
- - "--v=5"
- - "--leader-election=true"
- - "--enable-distributed-snapshotting"
- validatingWebhook:
- enabled: false
- rbac:
- enabled: true
- replicaCount: 1
- image:
- repository: registry.k8s.io/sig-storage/snapshot-validation-webhook
- pullPolicy: IfNotPresent
- destination:
- namespace: kube-system
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: false
- syncOptions:
- - Validate=false
- - CreateNamespace=false
- - PrunePropagationPolicy=background
- - ServerSideApply=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 5
- backoff:
- duration: 15s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/base/utilities/wavy.yaml b/apps/argocd/base/utilities/wavy.yaml
deleted file mode 100644
index 43f2c4aa4..000000000
--- a/apps/argocd/base/utilities/wavy.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: wavy
- finalizers:
- - resources-finalizer.argocd.argoproj.io
-spec:
- project: cluster
- source:
- repoURL: 'https://github.com/gruberdev/homelab.git'
- path: apps/utilities/wavy
- targetRevision: main
- destination:
- namespace: utilities
- name: in-cluster
- syncPolicy:
- automated:
- prune: true
- selfHeal: true
- allowEmpty: false
- syncOptions:
- - Validate=false
- - CreateNamespace=true
- - PrunePropagationPolicy=foreground
- - PruneLast=true
- - ApplyOutOfSyncOnly=false
- - Prune=true
- retry:
- limit: 5
- backoff:
- duration: 20s
- factor: 2
- maxDuration: 15m
diff --git a/apps/argocd/kustomization.yaml b/apps/argocd/kustomization.yaml
index f950e6cb6..763e851ab 100644
--- a/apps/argocd/kustomization.yaml
+++ b/apps/argocd/kustomization.yaml
@@ -2,152 +2,169 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- # ArgoCD Projects
- - base/projects/core.yaml
- - base/projects/cluster.yaml
- - base/projects/monitoring.yaml
- - base/projects/networking.yaml
- - base/projects/apps.yaml
- # - base/projects/mlops.yaml
- - base/projects/matrix.yaml
+- base/projects
- # Core apps
- - base/core/argocd.yaml
- - base/core/data.yaml
- - base/core/home.yaml
- - base/core/nvidia.yaml
- - base/core/nvidia-extra.yaml
- - base/core/networking.yaml
- - base/core/services.yaml
- - base/core/utilities.yaml
+- base/core/argocd.yaml
+- base/core/data.yaml
+- base/core/home.yaml
+- base/core/mlops.yaml
+- base/core/networking.yaml
+- base/core/monitoring.yaml
+- base/core/services.yaml
+- base/core/utilities.yaml
+- base/core/vault.yaml
- # Applications
- - base/apps/vault.yaml
-
- # Monitoring
- - base/monitoring/kuma.yaml
- - base/monitoring/unifi-poller.yaml
- - base/monitoring/kube-prometheus.yaml
- - base/monitoring/grafana.yaml
- - base/monitoring/nvidia.yaml
-
- # ArgoCD
- - base/cmp-plugin.yaml
- - base/repo-role.yaml
- - base/repo-rb.yaml
- - github.com/argoproj-labs/argocd-extension-metrics/manifests?ref=v1.0.1
-
- - https://github.com/gruberdev/homelab/apps/networking/tailscale
- - https://github.com/gruberdev/homelab/apps/networking/cloudflared
- - https://raw.githubusercontent.com/argoproj/argo-cd/v2.9.5/manifests/install.yaml
- - base/styles-cm.yaml
- - base/metrics.yaml
+- base/cmp-plugin.yaml
+- base/repo-role.yaml
+- base/repo-rb.yaml
+- base/svc-monitors.yaml
+- github.com/argoproj-labs/argocd-extension-metrics/manifests?ref=v1.0.3
+- https://raw.githubusercontent.com/argoproj/argo-cd/v2.11.3/manifests/install.yaml
+- base/styles-cm.yaml
+- base/ingress.yaml
namespace: argocd
images:
- - name: quay.io/argoproj/argocd
- newTag: v2.9.5
+- name: quay.io/argoproj/argocd
+ newTag: v2.11.3
patches:
- - patch: |-
- - op: replace
- path: "/metadata/namespace"
- value: "monitoring"
- target:
- kind: ServiceMonitor
- - patch: |-
- - op: add
- path: "/spec/strategy"
- value:
- type: "Recreate"
- - op: replace
- path: "/spec/template/spec/serviceAccountName"
- value: "argocd-server"
- target:
- kind: Deployment
+- patch: |-
+ - op: replace
+ path: "/metadata/namespace"
+ value: "monitoring"
+ target:
+ kind: ServiceMonitor
+- patch: |-
+ - op: add
+ path: "/spec/strategy"
+ value:
+ type: "Recreate"
+ - op: replace
+ path: "/spec/template/spec/serviceAccountName"
+ value: "argocd-server"
+ target:
+ kind: Deployment
+ name: argocd-server
+- patch: |-
+ - op: add
+ path: "/spec/template/spec/containers/0/args/-"
+ value: "--insecure"
+ target:
+ kind: Deployment
+ name: argocd-server
+- patch: |
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ name: argocd-notifications-controller
+ spec:
+ template:
+ spec:
+ containers:
+ - name: argocd-notifications-controller
+ resources:
+ limits:
+ cpu: 150m
+ memory: 256Mi
+ requests:
+ cpu: 50m
+ memory: 128Mi
+- patch: |
+ apiVersion: apps/v1
+ kind: StatefulSet
+ metadata:
+ name: argocd-application-controller
+ spec:
+ template:
+ spec:
+ containers:
+ - name: argocd-application-controller
+ resources:
+ limits:
+ cpu: 2000m
+ memory: 2048Mi
+ requests:
+ cpu: 1000m
+ memory: 1024Mi
+- patch: |
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ name: argocd-redis
+ spec:
+ template:
+ spec:
+ containers:
+ - name: redis
+ resources:
+ limits:
+ cpu: 500m
+ memory: 1024Mi
+ requests:
+ cpu: 250m
+ memory: 512Mi
+ initContainers:
+ - name: secret-init
+ resources:
+ limits:
+ cpu: 250m
+ memory: 512Mi
+ requests:
+ cpu: 250m
+ memory: 256Mi
+- patch: |
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
name: argocd-server
- - patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/hostname: node-one
- kubernetes.io/arch: amd64
- target:
- kind: Deployment
- - patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/hostname: node-one
- kubernetes.io/arch: amd64
- target:
- kind: StatefulSet
- - patch: |-
- - op: replace
- path: "/spec/template/spec/volumes/0/secret/secretName"
- value: "argo-tunnel"
- target:
- kind: Deployment
- name: cloudflared
- - patch: |-
- - op: add
- path: "/spec/template/spec/containers/0/args/-"
- value: "--insecure"
- target:
- kind: Deployment
- name: argocd-server
- - path: overlay/argocd-svc.yaml
- - path: overlay/argocd-deployment.yaml
- - path: overlay/argocd-repo-deployment.yaml
- - path: overlay/argocd-cm.yaml
- - path: overlay/argocd-cmd-cm.yaml
- - path: overlay/cloudflared-cm.yaml
- - path: overlay/argocd-rbac.yaml
- - path: overlay/argocd-cr.yaml
-commonAnnotations:
- reloader.stakater.com/auto: "true"
-# Core Applications
-# - base/core/tailscale.yaml
-# - base/core/private.yaml
-# - base/core/democratic-csi.yaml
-# - base/core/router.yaml
-# Applications
-# - base/apps/golinks.yaml
-# - base/apps/agones.yaml
-# - base/apps/agones-crd.yaml
-# - base/apps/mongodb-crds.yaml
-# - base/apps/mongodb.yaml
-# - base/apps/adguard.yaml
-# Monitoring Resources
-# - base/monitoring/botkube.yaml
-# - base/monitoring/nextdns.yaml
-# - base/monitoring/pixie.yaml
-# Media Services
-# - base/services/media/jellyfin.yaml
-# - base/services/media/prowlarr.yaml
-# - base/services/media/sonarr.yaml
-# - base/services/media/qbittorrent.yaml
-# - base/services/media/ganymede.yaml
-# - base/services/media/beets.yaml
-# - base/services/media/lidarr.yaml
-# - base/services/media/bazarr.yaml
-# Matrix & utilities
-# - base/matrix/synapse.yaml
-# - base/matrix/dbs.yaml
-# - base/matrix/dendrite.yaml
-# - base/matrix/proxies.yaml
-# Matrix bridges
-# - base/matrix/whats.yaml
-# - base/matrix/instagram.yaml
-# - base/matrix/linkedin.yaml
-# - base/matrix/discord.yaml
-# - base/matrix/telegram.yaml
-# - base/matrix/steam.yaml
-# - base/matrix/signal.yaml
-# Vault plugin
-# ArgoCD Remote Resources
-# Image Updater
-# - https://github.com/argoproj-labs/argocd-image-updater/manifests/base
-# Custom CSS Styles
-# components:
-# # Extensions controller component
-# - https://github.com/argoproj-labs/argocd-extensions/manifests
+ spec:
+ template:
+ spec:
+ containers:
+ - name: argocd-server
+ resources:
+ limits:
+ cpu: 500m
+ memory: 2048Mi
+ requests:
+ cpu: 200m
+ memory: 1024Mi
+ initContainers:
+ - name: extension-metrics
+ resources:
+ limits:
+ cpu: 50m
+ memory: 64Mi
+ requests:
+ cpu: 50m
+ memory: 32Mi
+- patch: |
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ name: argocd-repo-server
+ spec:
+ strategy:
+ type: Recreate
+ template:
+ spec:
+ containers:
+ - name: argocd-repo-server
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 1024Mi
+ requests:
+ cpu: 500m
+ memory: 512Mi
+
+- path: overlay/argocd-svc.yaml
+- path: overlay/argocd-deployment.yaml
+- path: overlay/argocd-repo-deployment.yaml
+- path: overlay/argocd-cm.yaml
+- path: overlay/argocd-cmd-cm.yaml
+- path: overlay/argocd-rbac.yaml
+- path: overlay/argocd-cr.yaml
+- path: overlay/argocd-applicationset-controller.yaml
+- path: overlay/argocd-dex.yaml
+- path: overlay/argocd-metrics.yaml
diff --git a/apps/argocd/overlay/argocd-applicationset-controller.yaml b/apps/argocd/overlay/argocd-applicationset-controller.yaml
new file mode 100644
index 000000000..8d6fd4be8
--- /dev/null
+++ b/apps/argocd/overlay/argocd-applicationset-controller.yaml
@@ -0,0 +1,16 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: argocd-applicationset-controller
+spec:
+ template:
+ spec:
+ containers:
+ - name: argocd-applicationset-controller
+ resources:
+ limits:
+ cpu: 200m
+ memory: 256Mi
+ requests:
+ cpu: 120m
+ memory: 128Mi
diff --git a/apps/argocd/overlay/argocd-cm.yaml b/apps/argocd/overlay/argocd-cm.yaml
index ae845ba65..00de31b69 100644
--- a/apps/argocd/overlay/argocd-cm.yaml
+++ b/apps/argocd/overlay/argocd-cm.yaml
@@ -7,17 +7,53 @@ metadata:
app.kubernetes.io/part-of: argocd
data:
accounts.image-updater: apiKey
- kustomize.buildOptions: --enable-helm
- application.resourceTrackingMethod: annotation+label
- url: https://argo.gruber.dev.br
+ kustomize.buildOptions: --enable-helm --load-restrictor LoadRestrictionsNone
+ application.resourceTrackingMethod: annotation
+ url: https://argo.raptor-beta.ts.net
statusbadge.enabled: "true"
- statusbadge.url: "https://argo.gruber.dev.br/"
+ statusbadge.url: "https://argo.raptor-beta.ts.net/"
exec.enabled: "true"
# https://argo-cd.readthedocs.io/en/stable/operator-manual/reconcile/#system-level-configuration
resource.ignoreResourceUpdatesEnabled: "true"
- extension.config: |-
+ extension.config: |
extensions:
- name: metrics
backend:
services:
- - url: http://argocd-metrics-server.argocd.svc.cluster.local:9003
+ - url: http://argocd-metrics-server.argocd.svc.cluster.local:9003
+ resource.customizations.ignoreDifferences.Service: |
+ jsonPointers:
+ - /spec/ports/0/nodePort
+ - /spec/ports/1/nodePort
+ application.links: |
+ - url: https://github.com/gruberdev/homelab/tree/main/apps/{{.app.spec.destination.namespace}/{{.app.metadata.name}}
+ title: Github Source
+ if: application.spec.project != ""
+ resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration: |
+ jsonPointers:
+ - /webhooks/0/clientConfig/caBundle
+ - /webhooks/1/clientConfig/caBundle
+ - /webhooks/2/clientConfig/caBundle
+ - /webhooks/3/clientConfig/caBundle
+ - /webhooks/4/clientConfig/caBundle
+ - /webhooks/5/clientConfig/caBundle
+ jqPathExpressions:
+ - .webhooks[0].clientConfig.caBundle
+ managedFieldsManagers:
+ - kube-controller-manager
+ resource.customizations.ignoreDifferences.admissionregistration.k8s.io_ValidatingWebhookConfiguration: |
+ jsonPointers:
+ - /webhooks/0/clientConfig/caBundle
+ - /webhooks/1/clientConfig/caBundle
+ - /webhooks/2/clientConfig/caBundle
+ - /webhooks/3/clientConfig/caBundle
+ - /webhooks/4/clientConfig/caBundle
+ - /webhooks/5/clientConfig/caBundle
+ - /webhooks/6/clientConfig/caBundle
+ - /webhooks/7/clientConfig/caBundle
+ - /webhooks/8/clientConfig/caBundle
+ - /webhooks/9/clientConfig/caBundle
+ jqPathExpressions:
+ - .webhooks[0].clientConfig.caBundle
+ managedFieldsManagers:
+ - kube-controller-manager
diff --git a/apps/argocd/overlay/argocd-dex.yaml b/apps/argocd/overlay/argocd-dex.yaml
new file mode 100644
index 000000000..c45b4004b
--- /dev/null
+++ b/apps/argocd/overlay/argocd-dex.yaml
@@ -0,0 +1,25 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: argocd-dex-server
+spec:
+ template:
+ spec:
+ containers:
+ - name: dex
+ resources:
+ limits:
+ cpu: 200m
+ memory: 256Mi
+ requests:
+ cpu: 150m
+ memory: 128Mi
+ initContainers:
+ - name: copyutil
+ resources:
+ limits:
+ cpu: 150m
+ memory: 128Mi
+ requests:
+ cpu: 150m
+ memory: 64Mi
diff --git a/apps/argocd/overlay/argocd-metrics.yaml b/apps/argocd/overlay/argocd-metrics.yaml
new file mode 100644
index 000000000..f0f449357
--- /dev/null
+++ b/apps/argocd/overlay/argocd-metrics.yaml
@@ -0,0 +1,304 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: argocd-metrics-server-configmap
+data:
+ config.json: |
+ {
+ "prometheus": {
+ "applications": [
+ {
+ "name": "default",
+ "default": true,
+ "dashboards": [
+ {
+ "groupKind": "pod",
+ "tabs": ["Prometheus"],
+ "rows": [
+ {
+ "name": "pod",
+ "title": "Pods",
+ "tab": "Prometheus",
+ "graphs": [
+ {
+ "name": "pod_cpu_line",
+ "title": "CPU",
+ "description": "",
+ "graphType": "line",
+ "metricName": "pod",
+ "queryExpression": "sum(rate(container_cpu_usage_seconds_total{pod=~\"{{.name}}\", image!=\"\", container!=\"POD\", container!=\"\", container_name!=\"POD\"}[5m])) by (pod)"
+ },
+ {
+ "name": "pod_cpu_pie",
+ "title": "CPU Avg",
+ "description": "",
+ "graphType": "pie",
+ "metricName": "pod",
+ "queryExpression": "sum(rate(container_cpu_usage_seconds_total{pod=~\"{{.name}}\", container!=\"POD\", image!=\"\", container!=\"\", container_name!=\"POD\"}[5m])) by (pod)"
+ },
+ {
+ "name": "pod_memory_line",
+ "title": "Memory",
+ "description": "",
+ "graphType": "line",
+ "metricName": "pod",
+ "queryExpression": "sum(rate(container_memory_usage_bytes{pod=~\"{{.name}}\", container!=\"POD\", image!=\"\", container!=\"\", container_name!=\"POD\"}[5m])) by (pod)"
+ },
+ {
+ "name": "pod_memory_pie",
+ "title": "Mem Avg",
+ "description": "",
+ "graphType": "pie",
+ "metricName": "pod",
+ "queryExpression": "sum(rate(container_memory_usage_bytes{pod=~\"{{.name}}\", container!=\"POD\", image!=\"\", container!=\"\", container_name!=\"POD\"}[5m])) by (pod)"
+ }
+ ]
+ },
+ {
+ "name": "container",
+ "title": "Containers",
+ "tab": "Prometheus",
+ "graphs": [
+ {
+ "name": "container_cpu_line",
+ "title": "CPU",
+ "description": "",
+ "graphType": "line",
+ "metricName": "container",
+ "queryExpression": "sum(rate(container_cpu_usage_seconds_total{pod=~\"{{.name}}\", image!=\"\", container!=\"POD\", container!=\"\", container_name!=\"POD\"}[5m])) by (container)"
+ },
+ {
+ "name": "container_cpu_pie",
+ "title": "CPU Avg",
+ "description": "",
+ "graphType": "pie",
+ "metricName": "container",
+ "queryExpression": "sum(rate(container_cpu_usage_seconds_total{pod=~\"{{.name}}\", image!=\"\",container!=\"POD\", container!=\"\", container_name!=\"POD\"}[5m])) by (container)"
+ },
+ {
+ "name": "container_memory_line",
+ "title": "Memory",
+ "description": "",
+ "graphType": "line",
+ "metricName": "container",
+ "queryExpression": "sum(rate(container_memory_usage_bytes{pod=~\"{{.name}}\", image!=\"\", container!=\"POD\", container!=\"\", container_name!=\"POD\"}[5m])) by (container)"
+ },
+ {
+ "name": "container_memory_pie",
+ "title": "Mem Avg",
+ "description": "",
+ "graphType": "pie",
+ "metricName": "container",
+ "queryExpression": "sum(rate(container_memory_usage_bytes{pod=~\"{{.name}}\", image!=\"\", container!=\"POD\", container!=\"\", container_name!=\"POD\"}[5m])) by (container)"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "groupKind": "deployment",
+ "tabs": ["Prometheus"],
+ "rows": [
+ {
+ "name": "httplatency",
+ "title": "HTTP Latency",
+ "tab": "Prometheus",
+ "graphs": [
+ {
+ "name": "http_200_latency",
+ "title": "Latency",
+ "description": "",
+ "graphType": "line",
+ "metricName": "pod_template_hash",
+ "queryExpression": "sum(rate(http_server_requests_seconds_sum {namespace=\"{{.namespace}}\", status=\"200\"} [1m])) by (pod_template_hash)"
+ }
+ ]
+ },
+ {
+ "name": "httperrortate",
+ "title": "HTTP Error Rate",
+ "tab": "Prometheus",
+ "graphs": [
+ {
+ "name": "http_error_rate_500",
+ "title": "HTTP Error 500",
+ "description": "",
+ "graphType": "line",
+ "metricName": "pod_template_hash",
+ "queryExpression": "sum(rate(http_server_requests_seconds_count {namespace=\"{{.namespace}}\", status=\"500\"} [1m])) by (pod_template_hash)"
+ },
+ {
+ "name": "http_error_rate_400",
+ "title": "HTTP Error 400",
+ "description": "",
+ "graphType": "line",
+ "metricName": "pod_template_hash",
+ "queryExpression": "sum(rate(http_server_requests_seconds_count {namespace=\"{{.namespace}}\", status=\"404\"} [1m])) by (pod_template_hash)"
+ }
+ ]
+ },
+ {
+ "name": "httptraffic",
+ "title": "HTTP Traffic",
+ "tab": "Prometheus",
+ "graphs": [
+ {
+ "name": "http_traffic",
+ "title": "Traffic",
+ "description": "",
+ "graphType": "line",
+ "metricName": "pod_template_hash",
+ "queryExpression": "sum(rate(http_server_requests_seconds_count {namespace=\"{{.namespace}}\"} [1m])) by (pod_template_hash)"
+ }
+ ]
+ },
+ {
+ "name": "pod",
+ "title": "Pods",
+ "tab": "Prometheus",
+ "graphs": [
+ {
+ "name": "pod_cpu_line",
+ "title": "CPU",
+ "description": "",
+ "graphType": "line",
+ "metricName": "pod",
+ "queryExpression": "sum(rate(container_cpu_usage_seconds_total{pod=~\"{{.name}}\", image!=\"\", container!=\"POD\", container!=\"\", container_name!=\"POD\"}[5m])) by (pod)"
+ },
+ {
+ "name": "pod_cpu_pie",
+ "title": "CPU Avg",
+ "description": "",
+ "graphType": "pie",
+ "metricName": "pod",
+ "queryExpression": "sum(rate(container_cpu_usage_seconds_total{pod=~\"{{.name}}\", container!=\"POD\", image!=\"\", container!=\"\", container_name!=\"POD\"}[5m])) by (pod)"
+ },
+ {
+ "name": "pod_memory_line",
+ "title": "Memory",
+ "description": "",
+ "graphType": "line",
+ "metricName": "pod",
+ "queryExpression": "sum(rate(container_memory_usage_bytes{pod=~\"{{.name}}\", container!=\"POD\", image!=\"\", container!=\"\", container_name!=\"POD\"}[5m])) by (pod)"
+ },
+ {
+ "name": "pod_memory_pie",
+ "title": "Mem Avg",
+ "description": "",
+ "graphType": "pie",
+ "metricName": "pod",
+ "queryExpression": "sum(rate(container_memory_usage_bytes{pod=~\"{{.name}}\", container!=\"POD\", image!=\"\", container!=\"\", container_name!=\"POD\"}[5m])) by (pod)"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "groupKind": "rollout",
+ "tabs": ["Prometheus"],
+ "rows": [
+ {
+ "name": "httplatency",
+ "title": "HTTP Latency",
+ "tab": "Prometheus",
+ "graphs": [
+ {
+ "name": "http_200_latency",
+ "title": "Latency",
+ "description": "",
+ "graphType": "line",
+ "metricName": "rollout_template_hash",
+ "queryExpression": "sum(rate(http_server_requests_seconds_sum {namespace=\"{{.namespace}}\", status=\"200\"} [1m])) by (rollout_template_hash)"
+ }
+ ]
+ },
+ {
+ "name": "httperrortate",
+ "title": "HTTP Error Rate",
+ "tab": "Prometheus",
+ "graphs": [
+ {
+ "name": "http_error_rate_500",
+ "title": "HTTP Error 500",
+ "description": "",
+ "graphType": "line",
+ "metricName": "rollout_template_hash",
+ "queryExpression": "sum(rate(http_server_requests_seconds_count {namespace=\"{{.namespace}}\", status=\"500\"} [1m])) by (rollout_template_hash)"
+ },
+ {
+ "name": "http_error_rate_400",
+ "title": "HTTP Error 400",
+ "description": "",
+ "graphType": "line",
+ "metricName": "rollout_template_hash",
+ "queryExpression": "sum(rate(http_server_requests_seconds_count {namespace=\"{{.namespace}}\", status=\"404\"} [1m])) by (rollout_template_hash)"
+ }
+ ]
+ },
+ {
+ "name": "httptraffic",
+ "title": "HTTP Traffic",
+ "tab": "Prometheus",
+ "graphs": [
+ {
+ "name": "http_traffic",
+ "title": "Traffic",
+ "description": "",
+ "graphType": "line",
+ "metricName": "rollout_template_hash",
+ "queryExpression": "sum(rate(http_server_requests_seconds_count {namespace=\"{{.namespace}}\"} [1m])) by (rollout_template_hash)"
+ }
+ ]
+ },
+ {
+ "name": "pod",
+ "title": "Pods",
+ "tab": "Prometheus",
+ "graphs": [
+ {
+ "name": "pod_cpu_line",
+ "title": "CPU",
+ "description": "",
+ "graphType": "line",
+ "metricName": "pod",
+ "queryExpression": "sum(rate(container_cpu_usage_seconds_total{pod=~\"{{.name}}\", image!=\"\", container!=\"POD\", container!=\"\", container_name!=\"POD\"}[5m])) by (pod)"
+ },
+ {
+ "name": "pod_cpu_pie",
+ "title": "CPU Avg",
+ "description": "",
+ "graphType": "pie",
+ "metricName": "pod",
+ "queryExpression": "sum(rate(container_cpu_usage_seconds_total{pod=~\"{{.name}}\", container!=\"POD\", image!=\"\", container!=\"\", container_name!=\"POD\"}[5m])) by (pod)"
+ },
+ {
+ "name": "pod_memory_line",
+ "title": "Memory",
+ "description": "",
+ "graphType": "line",
+ "metricName": "pod",
+ "queryExpression": "sum(container_memory_working_set_bytes{namespace=\"{{.namespace}}\", pod=\"{{.pod}}\", image!=\"\", cluster=\"{{.cluster}}\"}) by (container) / sum(kube_pod_container_resource_requests{namespace=\"{{.namespace}}\", pod=\"{{.pod}}\", resource=\"memory\", job=~\"{{.job}}\", cluster=\"{{.cluster}}\"}) by (container)"
+ },
+ {
+ "name": "pod_memory_pie",
+ "title": "Mem Avg",
+ "description": "",
+ "graphType": "pie",
+ "metricName": "pod",
+ "queryExpression": "sum(rate(container_memory_usage_bytes{pod=~\"{{.name}}\", container!=\"POD\", image!=\"\", container!=\"\", container_name!=\"POD\"}[5m])) by (pod)"
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "provider":
+ {
+ "Name": "default",
+ "default": true,
+ "address": "http://prometheus-operated.monitoring.svc.cluster.local:9090"
+ }
+ }
+ }
diff --git a/apps/argocd/overlay/argocd-notification-controller.yaml b/apps/argocd/overlay/argocd-notification-controller.yaml
new file mode 100644
index 000000000..ab777453f
--- /dev/null
+++ b/apps/argocd/overlay/argocd-notification-controller.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: argocd-notifications-controller
+spec:
+ template:
+ spec:
+ containers:
+ - name: argocd-notifications-controller
+ envFrom:
+ - secretRef:
+ name: argocd-notifications-github
+ optional: true
+ - secretRef:
+ name: argocd-notifications-grafana
+ optional: true
+ - secretRef:
+ name: argocd-notifications-pushover
+ optional: true
diff --git a/apps/argocd/overlay/argocd-notifications-cm.yaml b/apps/argocd/overlay/argocd-notifications-cm.yaml
new file mode 100644
index 000000000..96bade0b2
--- /dev/null
+++ b/apps/argocd/overlay/argocd-notifications-cm.yaml
@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: argocd-notifications-cm
+data:
+ service.pushover: |
+ token: $pushover-token
+ service.grafana: |
+ apiUrl: http://kube-prometheus-grafana.svc.cluster.local/api
+ apiKey: $grafana-api-key
+ insecureSkipVerify: true
+ service.telegram: |
+ token: $telegram-token
+ service.github: |
+ appID: 901531
+ installationID: 50904587
+ privateKey: $github-privateKey
+ trigger.on-deployed: |
+ - description: Application is synced and healthy. Triggered once per commit.
+ oncePer: app.status.operationState.syncResult.revision
+ send:
+ - app-deployed
+ when: app.status.operationState.phase in ['Succeeded'] and
+ app.status.health.status == 'Healthy'
+ template.app-deployed: |
+ message: |
+ Application {{.app.metadata.name}} is now running new version of deployments manifests.
+ github:
+ repoURLPath: "{{.app.spec.source.repoURL}}"
+ revisionPath: "{{.app.status.operationState.syncResult.revision}}"
+ status:
+ state: success
+ label: "continuous-delivery/{{.app.metadata.name}}"
+ targetURL: "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
+ deployment:
+ state: success
+ environment: production
+ logURL: "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
+ requiredContexts: []
+ autoMerge: true
+ transientEnvironment: false
+ pullRequestComment:
+ content: |
+ Application {{.app.metadata.name}} is now running new version of deployments manifests.
+ See more here: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true
diff --git a/apps/argocd/overlay/argocd-rbac.yaml b/apps/argocd/overlay/argocd-rbac.yaml
index 8e9baf39e..032e2809c 100644
--- a/apps/argocd/overlay/argocd-rbac.yaml
+++ b/apps/argocd/overlay/argocd-rbac.yaml
@@ -17,7 +17,7 @@ data:
g, image-updater, role:image-updater
p, role:admin, exec, create, */*, allow
p, role:admin, extensions, invoke, metrics, allow
- p, role:readonly, extensions, invoke, httpbin, allow
+ p, role:readonly, extensions, invoke, metrics, allow
g, ext, role:extension
p, role:extension, applications, get, default/httpbin-app, allow
p, role:extension, extensions, invoke, httpbin, allow
diff --git a/apps/argocd/overlay/argocd-repo-deployment.yaml b/apps/argocd/overlay/argocd-repo-deployment.yaml
index cc7de2392..f86b88d43 100644
--- a/apps/argocd/overlay/argocd-repo-deployment.yaml
+++ b/apps/argocd/overlay/argocd-repo-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
metadata:
name: argocd-repo-server
annotations:
- link.argocd.argoproj.io/external-link: https://argo.gruber.dev.br
+ link.argocd.argoproj.io/external-link: https://argo.raptor-beta.ts.net
labels:
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/part-of: argocd
@@ -12,85 +12,119 @@ spec:
spec:
automountServiceAccountToken: true
volumes:
- - configMap:
- name: cmp-plugin
+ - configMap:
name: cmp-plugin
- - name: custom-tools
- emptyDir: {}
+ name: cmp-plugin
+ - name: custom-tools
+ emptyDir: {}
initContainers:
- name: download-tools
- image: docker.io/grubertech/argocd-sidecar:v2.8.3
+ image: docker.io/grubertech/argocd-sidecar:v2.11.3
imagePullPolicy: Always
+ resources:
+ limits:
+ cpu: 60m
+ memory: 512Mi
+ requests:
+ cpu: 10m
+ memory: 256Mi
env:
- - name: AVP_VERSION
- value: 1.16.1
+ - name: AVP_VERSION
+ value: 1.18.1
command: [sh, -c]
args:
- - >-
- curl -L https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v$(AVP_VERSION)/argocd-vault-plugin_$(AVP_VERSION)_linux_amd64 -o argocd-vault-plugin &&
- chmod +x argocd-vault-plugin &&
- mv argocd-vault-plugin /custom-tools/
+ - >-
+ curl -L https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v$(AVP_VERSION)/argocd-vault-plugin_$(AVP_VERSION)_linux_amd64 -o argocd-vault-plugin && chmod +x argocd-vault-plugin && mv argocd-vault-plugin /custom-tools/
volumeMounts:
- - mountPath: /custom-tools
- name: custom-tools
+ - mountPath: /custom-tools
+ name: custom-tools
+ - name: copyutil
+ resources:
+ limits:
+ cpu: 50m
+ memory: 256Mi
+ requests:
+ cpu: 10m
+ memory: 128Mi
containers:
- name: avp-helm
command: [/var/run/argocd/argocd-cmp-server]
- image: docker.io/grubertech/argocd-sidecar:v2.8.3
+ image: docker.io/grubertech/argocd-sidecar:v2.11.3
imagePullPolicy: Always
+ resources:
+ limits:
+ cpu: 300m
+ memory: 512Mi
+ requests:
+ cpu: 300m
+ memory: 256Mi
securityContext:
runAsNonRoot: true
runAsUser: 999
volumeMounts:
- - mountPath: /var/run/argocd
- name: var-files
- - mountPath: /home/argocd/cmp-server/plugins
- name: plugins
- - mountPath: /tmp
- name: tmp
- - mountPath: /home/argocd/cmp-server/config/plugin.yaml
- subPath: avp-helm.yaml
- name: cmp-plugin
- - name: custom-tools
- subPath: argocd-vault-plugin
- mountPath: /usr/local/bin/argocd-vault-plugin
+ - mountPath: /var/run/argocd
+ name: var-files
+ - mountPath: /home/argocd/cmp-server/plugins
+ name: plugins
+ - mountPath: /tmp
+ name: tmp
+ - mountPath: /home/argocd/cmp-server/config/plugin.yaml
+ subPath: avp-helm.yaml
+ name: cmp-plugin
+ - name: custom-tools
+ subPath: argocd-vault-plugin
+ mountPath: /usr/local/bin/argocd-vault-plugin
- name: avp-kustomize
command: [/var/run/argocd/argocd-cmp-server]
- image: docker.io/grubertech/argocd-sidecar:v2.8.3
+ image: docker.io/grubertech/argocd-sidecar:v2.11.3
imagePullPolicy: Always
+ resources:
+ limits:
+ cpu: 500m
+ memory: 1024Mi
+ requests:
+ cpu: 250m
+ memory: 756Mi
securityContext:
runAsNonRoot: true
runAsUser: 999
volumeMounts:
- - mountPath: /var/run/argocd
- name: var-files
- - mountPath: /home/argocd/cmp-server/plugins
- name: plugins
- - mountPath: /tmp
- name: tmp
- - mountPath: /home/argocd/cmp-server/config/plugin.yaml
- subPath: avp-kustomize.yaml
- name: cmp-plugin
- - name: custom-tools
- subPath: argocd-vault-plugin
- mountPath: /usr/local/bin/argocd-vault-plugin
+ - mountPath: /var/run/argocd
+ name: var-files
+ - mountPath: /home/argocd/cmp-server/plugins
+ name: plugins
+ - mountPath: /tmp
+ name: tmp
+ - mountPath: /home/argocd/cmp-server/config/plugin.yaml
+ subPath: avp-kustomize.yaml
+ name: cmp-plugin
+ - name: custom-tools
+ subPath: argocd-vault-plugin
+ mountPath: /usr/local/bin/argocd-vault-plugin
- name: avp
command: [/var/run/argocd/argocd-cmp-server]
- image: docker.io/grubertech/argocd-sidecar:v2.8.3
+ image: docker.io/grubertech/argocd-sidecar:v2.11.3
imagePullPolicy: Always
+ resources:
+ limits:
+ cpu: 300m
+ memory: 512Mi
+ requests:
+ cpu: 300m
+ memory: 256Mi
securityContext:
runAsNonRoot: true
runAsUser: 999
volumeMounts:
- - mountPath: /var/run/argocd
- name: var-files
- - mountPath: /home/argocd/cmp-server/plugins
- name: plugins
- - mountPath: /tmp
- name: tmp
- - mountPath: /home/argocd/cmp-server/config/plugin.yaml
- subPath: avp.yaml
- name: cmp-plugin
- - name: custom-tools
- subPath: argocd-vault-plugin
- mountPath: /usr/local/bin/argocd-vault-plugin
+ - mountPath: /var/run/argocd
+ name: var-files
+ - mountPath: /home/argocd/cmp-server/plugins
+ name: plugins
+ - mountPath: /tmp
+ name: tmp
+ - mountPath: /home/argocd/cmp-server/config/plugin.yaml
+ subPath: avp.yaml
+ name: cmp-plugin
+ - name: custom-tools
+ subPath: argocd-vault-plugin
+ mountPath: /usr/local/bin/argocd-vault-plugin
diff --git a/apps/argocd/overlay/argocd-svc.yaml b/apps/argocd/overlay/argocd-svc.yaml
index 68ae0bca3..49f7de46e 100644
--- a/apps/argocd/overlay/argocd-svc.yaml
+++ b/apps/argocd/overlay/argocd-svc.yaml
@@ -1,6 +1,12 @@
apiVersion: v1
kind: Service
metadata:
+ labels:
+ app.kubernetes.io/component: server
+ app.kubernetes.io/name: argocd-server
+ app.kubernetes.io/part-of: argocd
name: argocd-server
spec:
+ selector:
+ app.kubernetes.io/name: argocd-server
type: ClusterIP
diff --git a/apps/argocd/overlay/cloudflared-cm.yaml b/apps/argocd/overlay/cloudflared-cm.yaml
deleted file mode 100644
index e1e080a11..000000000
--- a/apps/argocd/overlay/cloudflared-cm.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: cloudflared
-data:
- config.yaml: |
- tunnel: argo-tunnel
- credentials-file: /etc/cloudflared/creds/credentials.json
- metrics: 0.0.0.0:2000
- no-autoupdate: true
- ingress:
- - hostname: argo.gruber.dev.br
- service: http://argocd-server:80
- - service: http_status:404
diff --git a/apps/components/ignore-ip/kustomization.yaml b/apps/components/ignore-ip/kustomization.yaml
new file mode 100644
index 000000000..23cec57a3
--- /dev/null
+++ b/apps/components/ignore-ip/kustomization.yaml
@@ -0,0 +1,20 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+metadata:
+ name: ignore-service-differences
+patches:
+ - target:
+ group: argoproj.io
+ version: v1alpha1
+ kind: Application
+ patch: |-
+ - op: add
+ path: /spec/ignoreDifferences
+ value:
+ - group: ""
+ kind: Service
+ jqPathExpressions:
+ - '.status.loadBalancer.ingress[].ipMode'
+ - op: add
+ path: /spec/syncPolicy/syncOptions/-
+ value: RespectIgnoreDifferences=true
diff --git a/apps/components/ignore/kustomization.yaml b/apps/components/ignore/kustomization.yaml
new file mode 100644
index 000000000..853620cd2
--- /dev/null
+++ b/apps/components/ignore/kustomization.yaml
@@ -0,0 +1,14 @@
+kind: Component
+metadata:
+ name: ignore-resources
+patches:
+ - target:
+ group: argoproj.io
+ version: v1alpha1
+ kind: Application
+ patch: |-
+ - op: add
+ path: /spec/ignoreApplicationDifferences
+ value:
+ - jsonPointers:
+ - /spec/syncPolicy
diff --git a/apps/services/librex/base/certificate.yaml b/apps/components/lb/internal/certificate.yaml
similarity index 58%
rename from apps/services/librex/base/certificate.yaml
rename to apps/components/lb/internal/certificate.yaml
index caa780d4b..a133e37f0 100644
--- a/apps/services/librex/base/certificate.yaml
+++ b/apps/components/lb/internal/certificate.yaml
@@ -1,12 +1,12 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
- name: librex-cloudflare
+ name: example
spec:
- secretName: librex-tls
+ secretName: example-tls
issuerRef:
name: letsencrypt-production
kind: ClusterIssuer
- commonName: g.gruber.dev.br
+ commonName: example.gruber.dev.br
dnsNames:
- - g.gruber.dev.br
+ - example.gruber.dev.br
diff --git a/apps/services/mlops/wandb/base/ingress.yaml b/apps/components/lb/internal/ingress.yaml
similarity index 58%
rename from apps/services/mlops/wandb/base/ingress.yaml
rename to apps/components/lb/internal/ingress.yaml
index ca06efc2d..a65b50e9b 100644
--- a/apps/services/mlops/wandb/base/ingress.yaml
+++ b/apps/components/lb/internal/ingress.yaml
@@ -1,26 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
- name: wandb
+ name: example
annotations:
- external-dns.alpha.kubernetes.io/hostname: ai.gruber.dev.br
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
+ external-dns.alpha.kubernetes.io/hostname: example.gruber.dev.br
external-dns.alpha.kubernetes.io/ttl: "120"
- nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
ingressClassName: nginx
rules:
- - host: ai.gruber.dev.br
+ - host: example.gruber.dev.br
http:
paths:
- path: /
pathType: Prefix
backend:
service:
- name: wandb
+ name: example-internal
port:
- name: http
+ name: example-port
tls:
- hosts:
- - ai.gruber.dev.br
- secretName: wandb-tls
+ - example.gruber.dev.br
+ secretName: example
diff --git a/apps/components/lb/internal/kustomization.yaml b/apps/components/lb/internal/kustomization.yaml
new file mode 100644
index 000000000..1d021ba70
--- /dev/null
+++ b/apps/components/lb/internal/kustomization.yaml
@@ -0,0 +1,110 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+metadata:
+ name: lb-ingress
+resources:
+ - svc.yaml
+ - certificate.yaml
+ - ingress.yaml
+
+replacements:
+ - source:
+ kind: Deployment
+ fieldPath: spec.template.spec.containers.0.ports.0.name
+ targets:
+ - select:
+ kind: Service
+ fieldPaths:
+ - spec.ports.0.name
+ - source:
+ kind: Deployment
+ fieldPath: spec.template.spec.containers.0.ports.0.containerPort
+ targets:
+ - select:
+ kind: Service
+ fieldPaths:
+ - spec.ports.0.targetPort
+ - source:
+ kind: Deployment
+ fieldPath: metadata.name
+ targets:
+ - select:
+ kind: Ingress
+ options:
+ delimiter: "."
+ index: 0
+ create: true
+ fieldPaths:
+ - spec.rules.0.host
+ - source:
+ kind: Deployment
+ fieldPath: metadata.name
+ targets:
+ - select:
+ kind: Service
+ fieldPaths:
+ - metadata.name
+ - spec.ports.0.name
+ - select:
+ kind: Ingress
+ fieldPaths:
+ - metadata.name
+ - spec.rules.0.http.paths.0.backend.service.name
+ - source:
+ kind: Deployment
+ fieldPath: metadata.name
+ targets:
+ - select:
+ kind: Ingress
+ options:
+ delimiter: "."
+ index: 0
+ fieldPaths:
+ - spec.tls.0.hosts.0
+ - source:
+ kind: Deployment
+ fieldPath: metadata.name
+ targets:
+ - select:
+ kind: Ingress
+ options:
+ create: true
+ fieldPaths:
+ - spec.tls.0.secretName
+ - source:
+ kind: Deployment
+ fieldPath: metadata.name
+ targets:
+ - select:
+ kind: Certificate
+ options:
+ delimiter: "."
+ index: 0
+ fieldPaths:
+ - metadata.name
+ - spec.secretName
+ - spec.commonName
+ - spec.dnsNames.0
+ - source:
+ kind: Deployment
+ fieldPath: spec.template.spec.containers.0.ports.0.name
+ targets:
+ - select:
+ kind: Service
+ fieldPaths:
+ - spec.ports.0.name
+ - select:
+ kind: Ingress
+ fieldPaths:
+ - spec.rules.0.http.paths.0.backend.service.port.name
+ - source:
+ kind: Deployment
+ fieldPath: metadata.name
+ targets:
+ - select:
+ kind: Ingress
+ options:
+ delimiter: "."
+ index: 0
+ fieldPaths:
+ - metadata.annotations.[external-dns.alpha.kubernetes.io/hostname]
diff --git a/apps/components/lb/internal/svc.yaml b/apps/components/lb/internal/svc.yaml
new file mode 100644
index 000000000..db09036a0
--- /dev/null
+++ b/apps/components/lb/internal/svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: example-internal
+spec:
+ ports:
+ - name: example
+ protocol: TCP
+ port: 80
+ targetPort: 8080
+ type: LoadBalancer
+ loadBalancerClass: kube-vip.io/kube-vip-class
+ loadBalancerIP: 0.0.0.0
diff --git a/apps/components/lb/kustomization.yaml b/apps/components/lb/kustomization.yaml
new file mode 100644
index 000000000..6552be198
--- /dev/null
+++ b/apps/components/lb/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+metadata:
+ name: lb-internal
+components:
+ - internal
diff --git a/apps/components/resources/large/kustomization.yaml b/apps/components/resources/large/kustomization.yaml
new file mode 100644
index 000000000..3b958597b
--- /dev/null
+++ b/apps/components/resources/large/kustomization.yaml
@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+metadata:
+ name: update-resources
+patches:
+ - patch: |-
+ - op: add
+ path: /spec/template/spec/containers/0/resources
+ value:
+ requests:
+ cpu: "600m"
+ memory: "1024Mi"
+ limits:
+ cpu: "1000m"
+ memory: "2048Mi"
+ target:
+ kind: Deployment
diff --git a/apps/components/resources/medium/kustomization.yaml b/apps/components/resources/medium/kustomization.yaml
new file mode 100644
index 000000000..f6254d6de
--- /dev/null
+++ b/apps/components/resources/medium/kustomization.yaml
@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+metadata:
+ name: update-resources
+patches:
+ - patch: |-
+ - op: add
+ path: /spec/template/spec/containers/0/resources
+ value:
+ requests:
+ cpu: "100m"
+ memory: "256Mi"
+ limits:
+ cpu: "350m"
+ memory: "768Mi"
+ target:
+ kind: Deployment
diff --git a/apps/components/resources/small/kustomization.yaml b/apps/components/resources/small/kustomization.yaml
new file mode 100644
index 000000000..fbe50c8e3
--- /dev/null
+++ b/apps/components/resources/small/kustomization.yaml
@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+metadata:
+ name: update-resources
+patches:
+ - patch: |-
+ - op: add
+ path: /spec/template/spec/containers/0/resources
+ value:
+ requests:
+ cpu: "100m"
+ memory: "128Mi"
+ limits:
+ cpu: "150m"
+ memory: "256Mi"
+ target:
+ kind: Deployment
diff --git a/apps/components/tailscale/ingress/ingress.yaml b/apps/components/tailscale/ingress/ingress.yaml
new file mode 100644
index 000000000..963484202
--- /dev/null
+++ b/apps/components/tailscale/ingress/ingress.yaml
@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: funnel
+spec:
+ rules:
+ - http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: example
+ port:
+ number: 80
+ ingressClassName: tailscale
+ tls:
+ - hosts:
+ - example
diff --git a/apps/components/tailscale/ingress/kustomization.yaml b/apps/components/tailscale/ingress/kustomization.yaml
new file mode 100644
index 000000000..73121d253
--- /dev/null
+++ b/apps/components/tailscale/ingress/kustomization.yaml
@@ -0,0 +1,38 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+metadata:
+ name: tailscale-ingress
+resources:
+ - ingress.yaml
+ - svc.yaml
+replacements:
+ - source:
+ kind: Deployment
+ fieldPath: metadata.name
+ targets:
+ - select:
+ kind: Service
+ fieldPaths:
+ - metadata.name
+ - select:
+ kind: Ingress
+ fieldPaths:
+ - metadata.name
+ - spec.rules.0.http.paths.0.backend.service.name
+ - spec.tls.0.hosts.0
+ - source:
+ kind: Deployment
+ fieldPath: spec.template.spec.containers.0.ports.0.name
+ targets:
+ - select:
+ kind: Service
+ fieldPaths:
+ - spec.ports.0.name
+ - source:
+ kind: Deployment
+ fieldPath: spec.template.spec.containers.0.ports.0.containerPort
+ targets:
+ - select:
+ kind: Service
+ fieldPaths:
+ - spec.ports.0.targetPort
diff --git a/apps/data/postgres/exporter/svc.yaml b/apps/components/tailscale/ingress/svc.yaml
similarity index 50%
rename from apps/data/postgres/exporter/svc.yaml
rename to apps/components/tailscale/ingress/svc.yaml
index f4ee255af..d9cf4e9c2 100644
--- a/apps/data/postgres/exporter/svc.yaml
+++ b/apps/components/tailscale/ingress/svc.yaml
@@ -1,13 +1,11 @@
apiVersion: v1
kind: Service
metadata:
- name: postgres-exporter
+ name: example
spec:
type: ClusterIP
ports:
- - name: metrics
- port: 80
+ - name: example
protocol: TCP
- targetPort: 80
- selector:
- name: postgres-exporter
+ port: 80
+ targetPort: 8080
diff --git a/apps/data/mayastor/README.md b/apps/data/mayastor/README.md
index 2ac1a4472..19d4a8f3f 100644
--- a/apps/data/mayastor/README.md
+++ b/apps/data/mayastor/README.md
@@ -1 +1,26 @@
-## Mayastor
+
+ 
+
+
+ 
+
+
+
+### Description
+
+> Mayastor is an open-source project aimed at enhancing the performance and scalability of cloud-native storage solutions. It's part of the larger OpenEBS initiative, designed specifically for Kubernetes environments. The core idea behind Mayastor is to utilize NVMe-oF (Non-Volatile Memory express over Fabrics) technology to provide high-speed data transfer rates and low latency storage operations.
+>
+> **I am using Mayastor as my main baremetal storage solution for my Talos Kubernetes cluster**
+
+### Relevant Links
+
+- [Github repository][gh-uri]
+- [Official Documentation][docs-uri]
+- [Helm chart repository][helm-repo]
+
+[docs-uri]: https://mayastor.gitbook.io
+[gh-uri]: https://github.com/openebs/mayastor
+[official-repo]: https://github.com/openebs/mayastor
+[mayastor-v-badge]: https://img.shields.io/github/v/release/openebs/mayastor?label=Release&logo=github&style=flat-square
+[chart-v-badge]: https://img.shields.io/github/v/release/openebs/mayastor-extensions?label=Release&logo=helm&style=flat-square
+[helm-repo]: https://github.com/openebs/mayastor-extensions/tree/develop/chart
diff --git a/apps/data/mayastor/pool.yaml b/apps/data/mayastor/pool.yaml
new file mode 100644
index 000000000..9d96843b5
--- /dev/null
+++ b/apps/data/mayastor/pool.yaml
@@ -0,0 +1,8 @@
+apiVersion: "openebs.io/v1beta2"
+kind: DiskPool
+metadata:
+ name: pool-node-one
+ namespace: mayastor
+spec:
+ node: controller-one
+ disks: ["/dev/nvme1n1"]
diff --git a/apps/data/mayastor/provisioner.yaml b/apps/data/mayastor/provisioner.yaml
new file mode 100644
index 000000000..7a3250544
--- /dev/null
+++ b/apps/data/mayastor/provisioner.yaml
@@ -0,0 +1,21 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: mayastor
+parameters:
+ ioTimeout: "30"
+ protocol: nvmf
+ repl: "1"
+provisioner: io.openebs.csi-mayastor
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: minio
+parameters:
+ ioTimeout: "30"
+ protocol: nvmf
+ repl: "1"
+provisioner: io.openebs.csi-mayastor
+volumeBindingMode: WaitForFirstConsumer
+reclaimPolicy: Retain
diff --git a/apps/data/mayastor/snapshot.yaml b/apps/data/mayastor/snapshot.yaml
new file mode 100644
index 000000000..50ca5fc4e
--- /dev/null
+++ b/apps/data/mayastor/snapshot.yaml
@@ -0,0 +1,8 @@
+kind: VolumeSnapshotClass
+apiVersion: snapshot.storage.k8s.io/v1
+metadata:
+ name: snapshot-csi
+ annotations:
+ snapshot.storage.kubernetes.io/is-default-class: "true"
+driver: io.openebs.csi-mayastor
+deletionPolicy: Delete
diff --git a/apps/data/metabase/README.md b/apps/data/metabase/README.md
deleted file mode 100644
index bb33fce3e..000000000
--- a/apps/data/metabase/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Metabase
diff --git a/apps/data/metabase/base/cm.yaml b/apps/data/metabase/base/cm.yaml
deleted file mode 100644
index 40b5af04e..000000000
--- a/apps/data/metabase/base/cm.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: metabase-cm
-data:
- JAVA_TIMEZONE: "America/Sao_Paulo"
- TZ: "America/Sao_Paulo"
- MB_APPLICATION_DB_MAX_CONNECTION_POOL_SIZE: "15"
- MB_ANON_TRACKING_ENABLED: "false"
- MB_APPLICATION_FONT: "Inter"
- MB_COLORIZE_LOGS: "true"
- MB_SITE_NAME: "Gruber Internal Analytics"
- MB_APPLICATION_NAME: "Gruber Analytics"
- MB_DB_TYPE: "postgres"
- MB_EMAIL_FROM_NAME: "Internal Metabase"
- MB_EMAIL_REPLY_TO: "noreply@metabase.org"
- MB_EMAIL_SMTP_SECURITY: "starttls"
- MB_ENABLE_EMBEDDING: "true"
- MB_ENABLE_NESTED_QUERIES: "true"
- MB_ENABLE_PASSWORD_LOGIN: "true"
- MB_ENABLE_PUBLIC_SHARING: "true"
diff --git a/apps/data/metabase/base/db.yaml b/apps/data/metabase/base/db.yaml
deleted file mode 100644
index 912a14e1b..000000000
--- a/apps/data/metabase/base/db.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: "acid.zalan.do/v1"
-kind: postgresql
-metadata:
- name: db-metabase
-spec:
- dockerImage: registry.opensource.zalan.do/acid/spilo-14:2.1-p6
- teamId: "db"
- numberOfInstances: 1
- users:
- admin:
- - superuser
- - createdb
- datuser: []
- databases:
- metabase: datauser
- postgresql:
- version: "14"
- volume:
- size: 1Gi
- storageClass: iscsi
- resources:
- requests:
- cpu: 50m
- memory: 350Mi
- limits:
- cpu: 150m
- memory: 600Mi
diff --git a/apps/data/metabase/base/deployment.yaml b/apps/data/metabase/base/deployment.yaml
deleted file mode 100644
index 67c567bea..000000000
--- a/apps/data/metabase/base/deployment.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: metabase-server
- labels:
- app: metabase-server
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: metabase-server
- template:
- metadata:
- labels:
- app: metabase-server
- spec:
- containers:
- - name: metabase
- image: metabase/metabase:latest
- envFrom:
- - configMapRef:
- name: metabase-cm
- - secretRef:
- name: metabase-vars
- ports:
- - name: web
- containerPort: 3000
- protocol: TCP
- resources:
- requests:
- cpu: "500m"
- memory: "512Mi"
- limits:
- cpu: "800m"
- memory: "1024Mi"
- volumeMounts:
- - name: data
- mountPath: /metabase-data
- volumes:
- - name: data
- persistentVolumeClaim:
- claimName: metabase-storage
diff --git a/apps/data/metabase/base/pvc.yaml b/apps/data/metabase/base/pvc.yaml
deleted file mode 100644
index e510421d6..000000000
--- a/apps/data/metabase/base/pvc.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: metabase-storage
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
- resources:
- requests:
- storage: 5Gi
diff --git a/apps/data/metabase/base/svc.yaml b/apps/data/metabase/base/svc.yaml
deleted file mode 100644
index f36797a89..000000000
--- a/apps/data/metabase/base/svc.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: metabase-svc
- labels:
- app: metabase-server
-spec:
- type: ClusterIP
- selector:
- app: metabase-server
- ports:
- - name: web
- port: 80
- targetPort: 3000
- protocol: TCP
diff --git a/apps/data/metabase/kustomization.yaml b/apps/data/metabase/kustomization.yaml
deleted file mode 100644
index 7c6f3dcd6..000000000
--- a/apps/data/metabase/kustomization.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-- https://github.com/gruberdev/homelab/apps/networking/tailscale
-
-namespace: services
-
-patches:
-- path: https://raw.githubusercontent.com/gruberdev/homelab/main/apps/networking/tailscale/patch.yaml
- target:
- kind: Deployment
- name: metabase-server
-- patch: |-
- - op: replace
- path: "/spec/template/spec/containers/0/env/2"
- value:
- name: TS_HOSTNAME
- value: "metabase"
- - op: replace
- path: "/spec/template/spec/containers/0/env/3"
- value:
- name: DEST_PORT
- value: "3000"
- target:
- kind: Deployment
- name: metabase-server
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/data/minio/README.md b/apps/data/minio/README.md
deleted file mode 100644
index fbac17561..000000000
--- a/apps/data/minio/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## MinIO Operator
diff --git a/apps/data/mysql/app.yaml b/apps/data/mysql/app.yaml
new file mode 100644
index 000000000..b35d24e89
--- /dev/null
+++ b/apps/data/mysql/app.yaml
@@ -0,0 +1,70 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: mariadb-operator
+ namespace: argocd
+spec:
+ project: cluster
+ source:
+ repoURL: https://mariadb-operator.github.io/mariadb-operator
+ chart: mariadb-operator
+ targetRevision: 0.27.0
+ helm:
+ releaseName: mariadb-operator
+ values: |
+ fullnameOverride: "mariadb-operator"
+ clusterName: cluster.local
+ metrics:
+ enabled: true
+ resources:
+ requests:
+ cpu: 100m
+ memory: 128Mi
+ limits:
+ cpu: 200m
+ memory: 256Mi
+ webhook:
+ cert:
+ certManager:
+ enabled: false
+ serviceMonitor:
+ enabled: true
+ resources:
+ requests:
+ cpu: 100m
+ memory: 128Mi
+ limits:
+ cpu: 200m
+ memory: 256Mi
+ certController:
+ enabled: true
+ resources:
+ requests:
+ cpu: 100m
+ memory: 128Mi
+ limits:
+ cpu: 200m
+ memory: 256Mi
+ destination:
+ namespace: mysql-operator
+ name: in-cluster
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true
+ managedNamespaceMetadata:
+ labels:
+ prometheus: enabled
+ pod-security.kubernetes.io/enforce: privileged
+ pod-security.kubernetes.io/audit: privileged
+ pod-security.kubernetes.io/warn: privileged
+ syncOptions:
+ - CreateNamespace=true
+ - ServerSideApply=true
+ - Prune=true
+ retry:
+ limit: 10
+ backoff:
+ duration: 20s
+ factor: 2
+ maxDuration: 15m
diff --git a/apps/data/mysql/crd/kustomization.yaml b/apps/data/mysql/crd/kustomization.yaml
new file mode 100644
index 000000000..54c2cbfc6
--- /dev/null
+++ b/apps/data/mysql/crd/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ - https://raw.githubusercontent.com/mariadb-operator/mariadb-operator/v0.0.27/deploy/crds/crds.yaml
+
+commonAnnotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true,ServerSideApply=true,Replace=true,Validate=false
diff --git a/apps/services/grocy/base/kustomization.yaml b/apps/data/mysql/kustomization.yaml
similarity index 65%
rename from apps/services/grocy/base/kustomization.yaml
rename to apps/data/mysql/kustomization.yaml
index b9919a7e8..9be8063bd 100644
--- a/apps/services/grocy/base/kustomization.yaml
+++ b/apps/data/mysql/kustomization.yaml
@@ -1,6 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
-- deployment.yaml
-- svc.yaml
-- cm.yaml
+- app.yaml
+- crd
diff --git a/apps/data/postgres/cloudnative/default/backup-sechedule.yaml b/apps/data/postgres/cloudnative/default/backup-sechedule.yaml
new file mode 100644
index 000000000..b6b61c43f
--- /dev/null
+++ b/apps/data/postgres/cloudnative/default/backup-sechedule.yaml
@@ -0,0 +1,9 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: ScheduledBackup
+metadata:
+ name: daily-backup-postgres
+spec:
+ schedule: "0 0 0 * * *"
+ backupOwnerReference: self
+ cluster:
+ name: database
diff --git a/apps/data/postgres/cloudnative/default/cluster.yaml b/apps/data/postgres/cloudnative/default/cluster.yaml
new file mode 100644
index 000000000..54ca00b51
--- /dev/null
+++ b/apps/data/postgres/cloudnative/default/cluster.yaml
@@ -0,0 +1,38 @@
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+ name: database
+spec:
+ imageName: ghcr.io/cloudnative-pg/postgresql:16.0
+ instances: 1
+ startDelay: 60
+ stopDelay: 60
+ resources:
+ requests:
+ memory: 512Mi
+ cpu: 300m
+ limits:
+ memory: 512Mi
+ cpu: 300m
+ primaryUpdateStrategy: unsupervised
+ postgresql:
+ parameters:
+ shared_buffers: 64MB
+ timezone: America/Sao_Paulo
+ pg_stat_statements.max: "1000"
+ pg_stat_statements.track: all
+ auto_explain.log_min_duration: 10s
+ pg_hba:
+ - host all all 10.244.0.0/16 md5
+ bootstrap:
+ initdb:
+ database: example
+ owner: example
+ storage:
+ storageClass: example-csi-class
+ size: 1Gi
+ monitoring:
+ enablePodMonitor: true
+ nodeMaintenanceWindow:
+ reusePVC: true
diff --git a/apps/matrix/element/README.md b/apps/data/postgres/cloudnative/default/example-creds.yaml
similarity index 100%
rename from apps/matrix/element/README.md
rename to apps/data/postgres/cloudnative/default/example-creds.yaml
diff --git a/apps/data/metabase/base/kustomization.yaml b/apps/data/postgres/cloudnative/default/kustomization.yaml
similarity index 53%
rename from apps/data/metabase/base/kustomization.yaml
rename to apps/data/postgres/cloudnative/default/kustomization.yaml
index fcec85fbf..253c0c557 100644
--- a/apps/data/metabase/base/kustomization.yaml
+++ b/apps/data/postgres/cloudnative/default/kustomization.yaml
@@ -1,8 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
+
resources:
-- deployment.yaml
-- svc.yaml
-- pvc.yaml
-- cm.yaml
-- db.yaml
+ #- backup-sechedule.yaml
+ - cluster.yaml
+ - monitoring.yaml
diff --git a/apps/data/postgres/cloudnative/default/monitoring.yaml b/apps/data/postgres/cloudnative/default/monitoring.yaml
new file mode 100644
index 000000000..a7dd810a7
--- /dev/null
+++ b/apps/data/postgres/cloudnative/default/monitoring.yaml
@@ -0,0 +1,12 @@
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+ labels:
+ app.kubernetes.io/name: cloudnative-pg
+ name: pod-monitor
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: cloudnative-pg
+ podMetricsEndpoints:
+ - port: metrics
diff --git a/apps/data/postgres/cloudnative/kustomization.yaml b/apps/data/postgres/cloudnative/kustomization.yaml
index 295d0d83d..bac61dd1b 100644
--- a/apps/data/postgres/cloudnative/kustomization.yaml
+++ b/apps/data/postgres/cloudnative/kustomization.yaml
@@ -1,461 +1,66 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
-
-patchesStrategicMerge:
-- overlay/crb-patch.yaml
-
helmCharts:
-- name: cloudnative-pg
- releaseName: cnpg
+- includeCRDs: true
+ name: cloudnative-pg
namespace: cnpg-system
- includeCRDs: true
- version: 0.20.1
+ releaseName: cnpg
repo: https://cloudnative-pg.github.io/charts
valuesInline:
- replicaCount: 1
- image:
- repository: ghcr.io/cloudnative-pg/cloudnative-pg
- pullPolicy: IfNotPresent
- tag: 1.20.2
- imagePullSecrets: []
- nameOverride: ''
- fullnameOverride: ''
- crds:
- create: true
- webhook:
- port: 9443
- mutating:
- create: true
- failurePolicy: Fail
- validating:
- create: true
- failurePolicy: Fail
- livenessProbe:
- initialDelaySeconds: 35
- readinessProbe:
- initialDelaySeconds: 10
config:
create: true
- name: cnpg-controller-manager-config
- secret: false
data:
- ENABLE_INSTANCE_MANAGER_INPLACE_UPDATES: "true"
CREATE_ANY_SERVICE: "true"
- additionalArgs: []
- serviceAccount:
- create: true
- name: ''
- rbac:
- create: true
- aggregateClusterRoles: true
- commonAnnotations:
- reloader.stakater.com/auto: "true"
- podAnnotations:
- reloader.stakater.com/auto: "true"
- podLabels: {}
+ ENABLE_INSTANCE_MANAGER_INPLACE_UPDATES: "true"
+ INHERITED_ANNOTATIONS: "argocd.argoproj.io/sync-options/*"
+ name: cnpg-controller-manager-config
+ secret: false
containerSecurityContext:
allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsUser: 10001
- runAsGroup: 10001
capabilities:
drop:
- - ALL
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 10001
+ runAsUser: 10001
+ crds:
+ create: true
+ image:
+ pullPolicy: IfNotPresent
+ repository: ghcr.io/cloudnative-pg/cloudnative-pg
+ tag: 1.22.3
+ monitoring:
+ podMonitorEnabled: true
+ nodeSelector:
+ kubernetes.io/arch: amd64
podSecurityContext:
runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
- priorityClassName: ''
- service:
- type: ClusterIP
- name: cnpg-webhook-service
- port: 443
+ rbac:
+ aggregateClusterRoles: true
+ create: true
+ replicaCount: 1
resources:
limits:
- cpu: 400m
+ cpu: 100m
memory: 256Mi
requests:
- cpu: 150m
+ cpu: 100m
memory: 128Mi
- nodeSelector:
- kubernetes.io/arch: amd64
- tolerations: []
- affinity: {}
- monitoring:
- podMonitorEnabled: false
- monitoringQueriesConfigMap:
- name: cnpg-default-monitoring
- queries: |
- backends:
- query: |
- SELECT sa.datname
- , sa.usename
- , sa.application_name
- , states.state
- , COALESCE(sa.count, 0) AS total
- , COALESCE(sa.max_tx_secs, 0) AS max_tx_duration_seconds
- FROM ( VALUES ('active')
- , ('idle')
- , ('idle in transaction')
- , ('idle in transaction (aborted)')
- , ('fastpath function call')
- , ('disabled')
- ) AS states(state)
- LEFT JOIN (
- SELECT datname
- , state
- , usename
- , COALESCE(application_name, '') AS application_name
- , COUNT(*)
- , COALESCE(EXTRACT (EPOCH FROM (max(now() - xact_start))), 0) AS max_tx_secs
- FROM pg_catalog.pg_stat_activity
- GROUP BY datname, state, usename, application_name
- ) sa ON states.state = sa.state
- WHERE sa.usename IS NOT NULL
- metrics:
- - datname:
- usage: "LABEL"
- description: "Name of the database"
- - usename:
- usage: "LABEL"
- description: "Name of the user"
- - application_name:
- usage: "LABEL"
- description: "Name of the application"
- - state:
- usage: "LABEL"
- description: "State of the backend"
- - total:
- usage: "GAUGE"
- description: "Number of backends"
- - max_tx_duration_seconds:
- usage: "GAUGE"
- description: "Maximum duration of a transaction in seconds"
-
- backends_waiting:
- query: |
- SELECT count(*) AS total
- FROM pg_catalog.pg_locks blocked_locks
- JOIN pg_catalog.pg_locks blocking_locks
- ON blocking_locks.locktype = blocked_locks.locktype
- AND blocking_locks.database IS NOT DISTINCT FROM blocked_locks.database
- AND blocking_locks.relation IS NOT DISTINCT FROM blocked_locks.relation
- AND blocking_locks.page IS NOT DISTINCT FROM blocked_locks.page
- AND blocking_locks.tuple IS NOT DISTINCT FROM blocked_locks.tuple
- AND blocking_locks.virtualxid IS NOT DISTINCT FROM blocked_locks.virtualxid
- AND blocking_locks.transactionid IS NOT DISTINCT FROM blocked_locks.transactionid
- AND blocking_locks.classid IS NOT DISTINCT FROM blocked_locks.classid
- AND blocking_locks.objid IS NOT DISTINCT FROM blocked_locks.objid
- AND blocking_locks.objsubid IS NOT DISTINCT FROM blocked_locks.objsubid
- AND blocking_locks.pid != blocked_locks.pid
- JOIN pg_catalog.pg_stat_activity blocking_activity ON blocking_activity.pid = blocking_locks.pid
- WHERE NOT blocked_locks.granted
- metrics:
- - total:
- usage: "GAUGE"
- description: "Total number of backends that are currently waiting on other queries"
-
- pg_database:
- query: |
- SELECT datname
- , pg_catalog.pg_database_size(datname) AS size_bytes
- , pg_catalog.age(datfrozenxid) AS xid_age
- , pg_catalog.mxid_age(datminmxid) AS mxid_age
- FROM pg_catalog.pg_database
- metrics:
- - datname:
- usage: "LABEL"
- description: "Name of the database"
- - size_bytes:
- usage: "GAUGE"
- description: "Disk space used by the database"
- - xid_age:
- usage: "GAUGE"
- description: "Number of transactions from the frozen XID to the current one"
- - mxid_age:
- usage: "GAUGE"
- description: "Number of multiple transactions (Multixact) from the frozen XID to the current one"
-
- pg_postmaster:
- query: |
- SELECT EXTRACT(EPOCH FROM pg_postmaster_start_time) AS start_time
- FROM pg_catalog.pg_postmaster_start_time()
- metrics:
- - start_time:
- usage: "GAUGE"
- description: "Time at which postgres started (based on epoch)"
-
- pg_replication:
- query: "SELECT CASE WHEN NOT pg_catalog.pg_is_in_recovery()
- THEN 0
- ELSE GREATEST (0,
- EXTRACT(EPOCH FROM (now() - pg_catalog.pg_last_xact_replay_timestamp())))
- END AS lag,
- pg_catalog.pg_is_in_recovery() AS in_recovery,
- EXISTS (TABLE pg_stat_wal_receiver) AS is_wal_receiver_up,
- (SELECT count(*) FROM pg_stat_replication) AS streaming_replicas"
- metrics:
- - lag:
- usage: "GAUGE"
- description: "Replication lag behind primary in seconds"
- - in_recovery:
- usage: "GAUGE"
- description: "Whether the instance is in recovery"
- - is_wal_receiver_up:
- usage: "GAUGE"
- description: "Whether the instance wal_receiver is up"
- - streaming_replicas:
- usage: "GAUGE"
- description: "Number of streaming replicas connected to the instance"
-
- pg_replication_slots:
- query: |
- SELECT slot_name,
- slot_type,
- database,
- active,
- pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), restart_lsn)
- FROM pg_catalog.pg_replication_slots
- WHERE NOT temporary
- metrics:
- - slot_name:
- usage: "LABEL"
- description: "Name of the replication slot"
- - slot_type:
- usage: "LABEL"
- description: "Type of the replication slot"
- - database:
- usage: "LABEL"
- description: "Name of the database"
- - active:
- usage: "GAUGE"
- description: "Flag indicating whether the slot is active"
- - pg_wal_lsn_diff:
- usage: "GAUGE"
- description: "Replication lag in bytes"
-
- pg_stat_archiver:
- query: |
- SELECT archived_count
- , failed_count
- , COALESCE(EXTRACT(EPOCH FROM (now() - last_archived_time)), -1) AS seconds_since_last_archival
- , COALESCE(EXTRACT(EPOCH FROM (now() - last_failed_time)), -1) AS seconds_since_last_failure
- , COALESCE(EXTRACT(EPOCH FROM last_archived_time), -1) AS last_archived_time
- , COALESCE(EXTRACT(EPOCH FROM last_failed_time), -1) AS last_failed_time
- , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_archived_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_archived_wal_start_lsn
- , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_failed_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_failed_wal_start_lsn
- , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time
- FROM pg_catalog.pg_stat_archiver
- metrics:
- - archived_count:
- usage: "COUNTER"
- description: "Number of WAL files that have been successfully archived"
- - failed_count:
- usage: "COUNTER"
- description: "Number of failed attempts for archiving WAL files"
- - seconds_since_last_archival:
- usage: "GAUGE"
- description: "Seconds since the last successful archival operation"
- - seconds_since_last_failure:
- usage: "GAUGE"
- description: "Seconds since the last failed archival operation"
- - last_archived_time:
- usage: "GAUGE"
- description: "Epoch of the last time WAL archiving succeeded"
- - last_failed_time:
- usage: "GAUGE"
- description: "Epoch of the last time WAL archiving failed"
- - last_archived_wal_start_lsn:
- usage: "GAUGE"
- description: "Archived WAL start LSN"
- - last_failed_wal_start_lsn:
- usage: "GAUGE"
- description: "Last failed WAL LSN"
- - stats_reset_time:
- usage: "GAUGE"
- description: "Time at which these statistics were last reset"
-
- pg_stat_bgwriter:
- query: |
- SELECT checkpoints_timed
- , checkpoints_req
- , checkpoint_write_time
- , checkpoint_sync_time
- , buffers_checkpoint
- , buffers_clean
- , maxwritten_clean
- , buffers_backend
- , buffers_backend_fsync
- , buffers_alloc
- FROM pg_catalog.pg_stat_bgwriter
- metrics:
- - checkpoints_timed:
- usage: "COUNTER"
- description: "Number of scheduled checkpoints that have been performed"
- - checkpoints_req:
- usage: "COUNTER"
- description: "Number of requested checkpoints that have been performed"
- - checkpoint_write_time:
- usage: "COUNTER"
- description: "Total amount of time that has been spent in the portion of checkpoint processing where files are written to disk, in milliseconds"
- - checkpoint_sync_time:
- usage: "COUNTER"
- description: "Total amount of time that has been spent in the portion of checkpoint processing where files are synchronized to disk, in milliseconds"
- - buffers_checkpoint:
- usage: "COUNTER"
- description: "Number of buffers written during checkpoints"
- - buffers_clean:
- usage: "COUNTER"
- description: "Number of buffers written by the background writer"
- - maxwritten_clean:
- usage: "COUNTER"
- description: "Number of times the background writer stopped a cleaning scan because it had written too many buffers"
- - buffers_backend:
- usage: "COUNTER"
- description: "Number of buffers written directly by a backend"
- - buffers_backend_fsync:
- usage: "COUNTER"
- description: "Number of times a backend had to execute its own fsync call (normally the background writer handles those even when the backend does its own write)"
- - buffers_alloc:
- usage: "COUNTER"
- description: "Number of buffers allocated"
-
- pg_stat_database:
- query: |
- SELECT datname
- , xact_commit
- , xact_rollback
- , blks_read
- , blks_hit
- , tup_returned
- , tup_fetched
- , tup_inserted
- , tup_updated
- , tup_deleted
- , conflicts
- , temp_files
- , temp_bytes
- , deadlocks
- , blk_read_time
- , blk_write_time
- FROM pg_catalog.pg_stat_database
- metrics:
- - datname:
- usage: "LABEL"
- description: "Name of this database"
- - xact_commit:
- usage: "COUNTER"
- description: "Number of transactions in this database that have been committed"
- - xact_rollback:
- usage: "COUNTER"
- description: "Number of transactions in this database that have been rolled back"
- - blks_read:
- usage: "COUNTER"
- description: "Number of disk blocks read in this database"
- - blks_hit:
- usage: "COUNTER"
- description: "Number of times disk blocks were found already in the buffer cache, so that a read was not necessary (this only includes hits in the PostgreSQL buffer cache, not the operating system's file system cache)"
- - tup_returned:
- usage: "COUNTER"
- description: "Number of rows returned by queries in this database"
- - tup_fetched:
- usage: "COUNTER"
- description: "Number of rows fetched by queries in this database"
- - tup_inserted:
- usage: "COUNTER"
- description: "Number of rows inserted by queries in this database"
- - tup_updated:
- usage: "COUNTER"
- description: "Number of rows updated by queries in this database"
- - tup_deleted:
- usage: "COUNTER"
- description: "Number of rows deleted by queries in this database"
- - conflicts:
- usage: "COUNTER"
- description: "Number of queries canceled due to conflicts with recovery in this database"
- - temp_files:
- usage: "COUNTER"
- description: "Number of temporary files created by queries in this database"
- - temp_bytes:
- usage: "COUNTER"
- description: "Total amount of data written to temporary files by queries in this database"
- - deadlocks:
- usage: "COUNTER"
- description: "Number of deadlocks detected in this database"
- - blk_read_time:
- usage: "COUNTER"
- description: "Time spent reading data file blocks by backends in this database, in milliseconds"
- - blk_write_time:
- usage: "COUNTER"
- description: "Time spent writing data file blocks by backends in this database, in milliseconds"
-
- pg_stat_replication:
- primary: true
- query: |
- SELECT usename
- , COALESCE(application_name, '') AS application_name
- , COALESCE(client_addr::text, '') AS client_addr
- , EXTRACT(EPOCH FROM backend_start) AS backend_start
- , COALESCE(pg_catalog.age(backend_xmin), 0) AS backend_xmin_age
- , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), sent_lsn) AS sent_diff_bytes
- , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), write_lsn) AS write_diff_bytes
- , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), flush_lsn) AS flush_diff_bytes
- , COALESCE(pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), replay_lsn),0) AS replay_diff_bytes
- , COALESCE((EXTRACT(EPOCH FROM write_lag)),0)::float AS write_lag_seconds
- , COALESCE((EXTRACT(EPOCH FROM flush_lag)),0)::float AS flush_lag_seconds
- , COALESCE((EXTRACT(EPOCH FROM replay_lag)),0)::float AS replay_lag_seconds
- FROM pg_catalog.pg_stat_replication
- metrics:
- - usename:
- usage: "LABEL"
- description: "Name of the replication user"
- - application_name:
- usage: "LABEL"
- description: "Name of the application"
- - client_addr:
- usage: "LABEL"
- description: "Client IP address"
- - backend_start:
- usage: "COUNTER"
- description: "Time when this process was started"
- - backend_xmin_age:
- usage: "COUNTER"
- description: "The age of this standby's xmin horizon"
- - sent_diff_bytes:
- usage: "GAUGE"
- description: "Difference in bytes from the last write-ahead log location sent on this connection"
- - write_diff_bytes:
- usage: "GAUGE"
- description: "Difference in bytes from the last write-ahead log location written to disk by this standby server"
- - flush_diff_bytes:
- usage: "GAUGE"
- description: "Difference in bytes from the last write-ahead log location flushed to disk by this standby server"
- - replay_diff_bytes:
- usage: "GAUGE"
- description: "Difference in bytes from the last write-ahead log location replayed into the database on this standby server"
- - write_lag_seconds:
- usage: "GAUGE"
- description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written it"
- - flush_lag_seconds:
- usage: "GAUGE"
- description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written and flushed it"
- - replay_lag_seconds:
- usage: "GAUGE"
- description: "Time elapsed between flushing recent WAL locally and receiving notification that this standby server has written, flushed and applied it"
- pg_settings:
- query: |
- SELECT name,
- CASE setting WHEN 'on' THEN '1' WHEN 'off' THEN '0' ELSE setting END AS setting
- FROM pg_catalog.pg_settings
- WHERE vartype IN ('integer', 'real', 'bool')
- ORDER BY 1
- metrics:
- - name:
- usage: "LABEL"
- description: "Name of the setting"
- - setting:
- usage: "GAUGE"
- description: "Setting value"
-
+ webhook:
+ livenessProbe:
+ initialDelaySeconds: 35
+ mutating:
+ create: true
+ failurePolicy: Fail
+ port: 9443
+ readinessProbe:
+ initialDelaySeconds: 10
+ validating:
+ create: true
+ failurePolicy: Fail
+ version: 0.21.4
namespace: cnpg-system
+
+patches:
+- path: overlay/crb-patch.yaml
diff --git a/apps/data/postgres/exporter/cm.yaml b/apps/data/postgres/exporter/cm.yaml
deleted file mode 100644
index 962b99721..000000000
--- a/apps/data/postgres/exporter/cm.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: postgres-exporter-cm
-data:
- PG_EXPORTER_WEB_LISTEN_ADDRESS: ":9187"
- PG_EXPORTER_WEB_TELEMETRY_PATH: "/metrics"
- PG_EXPORTER_DISABLE_DEFAULT_METRICS: "false"
- PG_EXPORTER_DISABLE_SETTINGS_METRICS: "false"
- PG_EXPORTER_AUTO_DISCOVER_DATABASES: "true"
- PG_EXPORTER_METRIC_PREFIX: "pg"
diff --git a/apps/data/postgres/exporter/deployment.yaml b/apps/data/postgres/exporter/deployment.yaml
deleted file mode 100644
index 3967efb53..000000000
--- a/apps/data/postgres/exporter/deployment.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: postgres-exporter
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: postgres-exporter
- template:
- metadata:
- labels:
- app: postgres-exporter
- spec:
- containers:
- - name: postgres-exporter
- image: quay.io/prometheuscommunity/postgres-exporter:latest
- env:
- - name: DATA_SOURCE_URI
- value: example-uri
- - name: DATA_SOURCE_USER
- valueFrom: { secretKeyRef: { name: cluster-name.team-name.credentials.postgresql.acid.zalan.do, key: username } }
- - name: DATA_SOURCE_PASS
- valueFrom: { secretKeyRef: { name: cluster-name.team-name.credentials.postgresql.acid.zalan.do, key: password } }
- envFrom:
- - configMapRef:
- name: postgres-exporter-cm
- ports:
- - name: metrics
- containerPort: 9187
- resources:
- limits:
- cpu: 100m
- memory: 200Mi
- requests:
- cpu: 50m
- memory: 100Mi
diff --git a/apps/data/postgres/exporter/kustomization.yaml b/apps/data/postgres/exporter/kustomization.yaml
deleted file mode 100644
index d5b8a7127..000000000
--- a/apps/data/postgres/exporter/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- deployment.yaml
-- cm.yaml
-- svc.yaml
diff --git a/apps/data/redis/kustomization.yaml b/apps/data/redis/kustomization.yaml
index f2b50e8fa..61b8b78ae 100644
--- a/apps/data/redis/kustomization.yaml
+++ b/apps/data/redis/kustomization.yaml
@@ -11,11 +11,11 @@ helmCharts:
imagePullPolicy: IfNotPresent
resources:
limits:
- cpu: 300m
- memory: 600Mi
+ cpu: 200m
+ memory: 256Mi
requests:
cpu: 100m
- memory: 200Mi
+ memory: 128Mi
replicas: 1
serviceAccountName: redis-operator
tolerateAllTaints: false
diff --git a/apps/data/storage/base/actual.yaml b/apps/data/storage/base/actual.yaml
index 510d6929c..a20e2fa44 100644
--- a/apps/data/storage/base/actual.yaml
+++ b/apps/data/storage/base/actual.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 5Gi
diff --git a/apps/data/storage/base/adguard.yaml b/apps/data/storage/base/adguard.yaml
index a31df64b8..b911ba709 100644
--- a/apps/data/storage/base/adguard.yaml
+++ b/apps/data/storage/base/adguard.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 1Gi
@@ -19,7 +19,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 1Gi
diff --git a/apps/data/storage/base/archivebox.yaml b/apps/data/storage/base/archivebox.yaml
index d292a6178..15adee73b 100644
--- a/apps/data/storage/base/archivebox.yaml
+++ b/apps/data/storage/base/archivebox.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 20Gi
diff --git a/apps/data/storage/base/beets.yaml b/apps/data/storage/base/beets.yaml
index 8dbe1438b..8a7955a5c 100644
--- a/apps/data/storage/base/beets.yaml
+++ b/apps/data/storage/base/beets.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 1Gi
diff --git a/apps/data/storage/base/change.yaml b/apps/data/storage/base/change.yaml
index 37136d7de..41f4d06d4 100644
--- a/apps/data/storage/base/change.yaml
+++ b/apps/data/storage/base/change.yaml
@@ -6,7 +6,20 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 1Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: playwright-storage
+ namespace: services
+spec:
+ accessModes:
+ - ReadWriteOnce
+ storageClassName: mayastor
+ resources:
+ requests:
+ storage: 3Gi
diff --git a/apps/data/storage/base/feedpushr.yaml b/apps/data/storage/base/feedpushr.yaml
index 345614ddc..12d904866 100644
--- a/apps/data/storage/base/feedpushr.yaml
+++ b/apps/data/storage/base/feedpushr.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 10Gi
diff --git a/apps/data/storage/base/finances.yaml b/apps/data/storage/base/finances.yaml
index 18992a86d..4c82577fe 100644
--- a/apps/data/storage/base/finances.yaml
+++ b/apps/data/storage/base/finances.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 1Gi
diff --git a/apps/data/storage/base/ganymede.yaml b/apps/data/storage/base/ganymede.yaml
index f45986630..36ac4b3c0 100644
--- a/apps/data/storage/base/ganymede.yaml
+++ b/apps/data/storage/base/ganymede.yaml
@@ -9,7 +9,7 @@ spec:
resources:
requests:
storage: 15Gi
- storageClassName: iscsi
+ storageClassName: mayastor
---
apiVersion: v1
kind: PersistentVolumeClaim
@@ -22,7 +22,7 @@ spec:
resources:
requests:
storage: 5Gi
- storageClassName: iscsi
+ storageClassName: mayastor
---
apiVersion: v1
kind: PersistentVolumeClaim
@@ -35,4 +35,4 @@ spec:
resources:
requests:
storage: 100Gi
- storageClassName: iscsi
+ storageClassName: mayastor
diff --git a/apps/data/storage/base/gitea.yaml b/apps/data/storage/base/gitea.yaml
index cbe85dd29..0ceea515b 100644
--- a/apps/data/storage/base/gitea.yaml
+++ b/apps/data/storage/base/gitea.yaml
@@ -2,11 +2,11 @@ apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-shared-storage
- namespace: gitea
+ namespace: services
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 20Gi
diff --git a/apps/data/storage/base/grocy.yaml b/apps/data/storage/base/grocy.yaml
index 1e4948f75..17e676230 100644
--- a/apps/data/storage/base/grocy.yaml
+++ b/apps/data/storage/base/grocy.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 5Gi
diff --git a/apps/data/storage/base/home/frigate.yaml b/apps/data/storage/base/home/frigate.yaml
index 88c72d444..6a7e715a0 100644
--- a/apps/data/storage/base/home/frigate.yaml
+++ b/apps/data/storage/base/home/frigate.yaml
@@ -9,7 +9,7 @@ spec:
resources:
requests:
storage: 15Gi
- storageClassName: mayastor-single-replica
+ storageClassName: mayastor
---
apiVersion: v1
kind: PersistentVolumeClaim
@@ -22,7 +22,7 @@ spec:
resources:
requests:
storage: 30Gi
- storageClassName: mayastor-single-replica
+ storageClassName: mayastor
---
apiVersion: v1
kind: PersistentVolumeClaim
@@ -35,4 +35,4 @@ spec:
resources:
requests:
storage: 80Gi
- storageClassName: mayastor-single-replica
+ storageClassName: mayastor
diff --git a/apps/data/storage/base/home/ha.yaml b/apps/data/storage/base/home/ha.yaml
index 830b1ac83..74644330c 100644
--- a/apps/data/storage/base/home/ha.yaml
+++ b/apps/data/storage/base/home/ha.yaml
@@ -3,26 +3,13 @@ kind: PersistentVolumeClaim
metadata:
name: ha-storage
namespace: homeassistant
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 5Gi
- storageClassName: iscsi
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: ha-storage-new
- namespace: homeassistant
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 40Gi
- storageClassName: iscsi
+ storageClassName: mayastor
---
apiVersion: v1
kind: PersistentVolumeClaim
@@ -35,4 +22,4 @@ spec:
resources:
requests:
storage: 1Gi
- storageClassName: iscsi
+ storageClassName: mayastor
diff --git a/apps/data/storage/base/home/kustomization.yaml b/apps/data/storage/base/home/kustomization.yaml
index 69a386580..5e79572ca 100644
--- a/apps/data/storage/base/home/kustomization.yaml
+++ b/apps/data/storage/base/home/kustomization.yaml
@@ -7,6 +7,8 @@ resources:
- whisper.yaml
- wyze.yaml
- frigate.yaml
+ - restreamer.yaml
+ - web2rtc.yaml
commonAnnotations:
argocd.argoproj.io/sync-options: Delete=false
diff --git a/apps/data/storage/base/home/openwakeword.yaml b/apps/data/storage/base/home/openwakeword.yaml
index 7e4367bb9..c03d59829 100644
--- a/apps/data/storage/base/home/openwakeword.yaml
+++ b/apps/data/storage/base/home/openwakeword.yaml
@@ -9,7 +9,7 @@ spec:
resources:
requests:
storage: 5Gi
- storageClassName: mayastor-single-replica
+ storageClassName: mayastor
---
apiVersion: v1
kind: PersistentVolumeClaim
@@ -22,4 +22,4 @@ spec:
resources:
requests:
storage: 25Gi
- storageClassName: mayastor-single-replica
+ storageClassName: mayastor
diff --git a/apps/data/storage/base/home/piper.yaml b/apps/data/storage/base/home/piper.yaml
index 9c9e48bea..9516b914c 100644
--- a/apps/data/storage/base/home/piper.yaml
+++ b/apps/data/storage/base/home/piper.yaml
@@ -9,7 +9,7 @@ spec:
resources:
requests:
storage: 5Gi
- storageClassName: mayastor-single-replica
+ storageClassName: mayastor
---
apiVersion: v1
kind: PersistentVolumeClaim
@@ -22,4 +22,4 @@ spec:
resources:
requests:
storage: 35Gi
- storageClassName: mayastor-single-replica
+ storageClassName: mayastor
diff --git a/apps/networking/adguard/base/pvc.yaml b/apps/data/storage/base/home/restreamer.yaml
similarity index 58%
rename from apps/networking/adguard/base/pvc.yaml
rename to apps/data/storage/base/home/restreamer.yaml
index 36dd6a4d4..74f6053e9 100644
--- a/apps/networking/adguard/base/pvc.yaml
+++ b/apps/data/storage/base/home/restreamer.yaml
@@ -1,23 +1,26 @@
+---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
- name: adguard-storage
+ name: restreamer-config
+ namespace: homeassistant
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
resources:
requests:
storage: 1Gi
+ storageClassName: mayastor
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
- name: adguard-logs
+ name: restreamer-data
+ namespace: homeassistant
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
resources:
requests:
- storage: 1Gi
+ storage: 20Gi
+ storageClassName: mayastor
diff --git a/apps/data/storage/base/postgres/ha.yaml b/apps/data/storage/base/home/web2rtc.yaml
similarity index 66%
rename from apps/data/storage/base/postgres/ha.yaml
rename to apps/data/storage/base/home/web2rtc.yaml
index 56d1d9dc1..fefe382bd 100644
--- a/apps/data/storage/base/postgres/ha.yaml
+++ b/apps/data/storage/base/home/web2rtc.yaml
@@ -1,12 +1,13 @@
+---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
- name: homeassistant-postgres
+ name: web2rtc-storage
namespace: homeassistant
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
resources:
requests:
- storage: 5Gi
+ storage: 2Gi
+ storageClassName: mayastor
diff --git a/apps/data/storage/base/home/whisper.yaml b/apps/data/storage/base/home/whisper.yaml
index 53c4ebef9..6525b019b 100644
--- a/apps/data/storage/base/home/whisper.yaml
+++ b/apps/data/storage/base/home/whisper.yaml
@@ -9,4 +9,4 @@ spec:
resources:
requests:
storage: 10Gi
- storageClassName: mayastor-single-replica
+ storageClassName: mayastor
diff --git a/apps/data/storage/base/home/wyze.yaml b/apps/data/storage/base/home/wyze.yaml
index 5f812eb4f..067f01d86 100644
--- a/apps/data/storage/base/home/wyze.yaml
+++ b/apps/data/storage/base/home/wyze.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: mayastor-single-replica
+ storageClassName: mayastor
resources:
requests:
storage: 2Gi
@@ -19,7 +19,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: mayastor-single-replica
+ storageClassName: mayastor
resources:
requests:
storage: 35Gi
@@ -32,7 +32,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: mayastor-single-replica
+ storageClassName: mayastor
resources:
requests:
storage: 20Gi
diff --git a/apps/data/storage/base/jellyfin.yaml b/apps/data/storage/base/jellyfin.yaml
index 0d1b8ed5a..963d237b6 100644
--- a/apps/data/storage/base/jellyfin.yaml
+++ b/apps/data/storage/base/jellyfin.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 15Gi
@@ -19,7 +19,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 10Gi
diff --git a/apps/data/storage/base/jupyterlab.yaml b/apps/data/storage/base/jupyterlab.yaml
index 4c2d4fc7d..56e6dcbbf 100644
--- a/apps/data/storage/base/jupyterlab.yaml
+++ b/apps/data/storage/base/jupyterlab.yaml
@@ -9,4 +9,4 @@ spec:
resources:
requests:
storage: 30Gi
- storageClassName: iscsi
+ storageClassName: mayastor
diff --git a/apps/data/storage/base/kuma.yaml b/apps/data/storage/base/kuma.yaml
index c97d053f8..76ffdd62a 100644
--- a/apps/data/storage/base/kuma.yaml
+++ b/apps/data/storage/base/kuma.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 1Gi
diff --git a/apps/data/storage/base/librex.yaml b/apps/data/storage/base/librex.yaml
index a7a7bd8b7..b6f3f51fe 100644
--- a/apps/data/storage/base/librex.yaml
+++ b/apps/data/storage/base/librex.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 3Gi
diff --git a/apps/data/storage/base/lidarr.yaml b/apps/data/storage/base/lidarr.yaml
index 98be96aac..e9d3bcd70 100644
--- a/apps/data/storage/base/lidarr.yaml
+++ b/apps/data/storage/base/lidarr.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 2Gi
diff --git a/apps/data/storage/base/links.yaml b/apps/data/storage/base/links.yaml
deleted file mode 100644
index 7c8ca4b54..000000000
--- a/apps/data/storage/base/links.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: golinks-storage
- namespace: networking
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
- resources:
- requests:
- storage: 10Gi
diff --git a/apps/data/storage/base/local-ai.yaml b/apps/data/storage/base/local-ai.yaml
index f8cae31d7..5e38e5efc 100644
--- a/apps/data/storage/base/local-ai.yaml
+++ b/apps/data/storage/base/local-ai.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: mayastor-single-replica
+ storageClassName: mayastor
resources:
requests:
storage: 100Gi
diff --git a/apps/data/storage/base/matrix/bridges.yaml b/apps/data/storage/base/matrix/bridges.yaml
deleted file mode 100644
index ad85a27f9..000000000
--- a/apps/data/storage/base/matrix/bridges.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: bridge-config-storage
- namespace: matrix1
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
- resources:
- requests:
- storage: 1Gi
diff --git a/apps/data/storage/base/matrix/discord.yaml b/apps/data/storage/base/matrix/discord.yaml
deleted file mode 100644
index 4db522064..000000000
--- a/apps/data/storage/base/matrix/discord.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: discord-bridge-data
- namespace: matrix1
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
- resources:
- requests:
- storage: 2Gi
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: registration-discord-matrix
- namespace: matrix1
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
- resources:
- requests:
- storage: 1Gi
diff --git a/apps/data/storage/base/matrix/instagram.yaml b/apps/data/storage/base/matrix/instagram.yaml
deleted file mode 100644
index 74526d4d3..000000000
--- a/apps/data/storage/base/matrix/instagram.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: instagram-bridge-data
- namespace: matrix1
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
- resources:
- requests:
- storage: 1Gi
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: registration-instagram-matrix
- namespace: matrix1
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
- resources:
- requests:
- storage: 1Gi
diff --git a/apps/data/storage/base/matrix/linkedin.yaml b/apps/data/storage/base/matrix/linkedin.yaml
deleted file mode 100644
index c3c607a09..000000000
--- a/apps/data/storage/base/matrix/linkedin.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: linkedin-bridge-data
- namespace: matrix1
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
- resources:
- requests:
- storage: 1Gi
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: registration-linkedin-matrix
- namespace: matrix1
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
- resources:
- requests:
- storage: 1Gi
diff --git a/apps/data/storage/base/matrix/messenger.yaml b/apps/data/storage/base/matrix/messenger.yaml
deleted file mode 100644
index c62c20b21..000000000
--- a/apps/data/storage/base/matrix/messenger.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: messenger-bridge-data
- namespace: matrix
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
- resources:
- requests:
- storage: 1Gi
diff --git a/apps/data/storage/base/matrix/signal.yaml b/apps/data/storage/base/matrix/signal.yaml
deleted file mode 100644
index 4ce589cb7..000000000
--- a/apps/data/storage/base/matrix/signal.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: signal-bridge-data
- namespace: matrix
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
- resources:
- requests:
- storage: 1Gi
diff --git a/apps/data/storage/base/matrix/skype.yaml b/apps/data/storage/base/matrix/skype.yaml
deleted file mode 100644
index 9d7809861..000000000
--- a/apps/data/storage/base/matrix/skype.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: skype-bridge-data
- namespace: matrix
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
- resources:
- requests:
- storage: 1Gi
diff --git a/apps/data/storage/base/matrix/steam.yaml b/apps/data/storage/base/matrix/steam.yaml
deleted file mode 100644
index e5e2e2fe7..000000000
--- a/apps/data/storage/base/matrix/steam.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: steam-bridge-data
- namespace: matrix
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
- resources:
- requests:
- storage: 1Gi
diff --git a/apps/data/storage/base/matrix/telegram.yaml b/apps/data/storage/base/matrix/telegram.yaml
deleted file mode 100644
index 1f4364316..000000000
--- a/apps/data/storage/base/matrix/telegram.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: telegram-bridge-data
- namespace: matrix
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
- resources:
- requests:
- storage: 1Gi
diff --git a/apps/data/storage/base/matrix/whats.yaml b/apps/data/storage/base/matrix/whats.yaml
deleted file mode 100644
index 8b1ebff0c..000000000
--- a/apps/data/storage/base/matrix/whats.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: whats-bridge-data
- namespace: matrix1
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
- resources:
- requests:
- storage: 1Gi
diff --git a/apps/data/storage/base/media.yaml b/apps/data/storage/base/media.yaml
index b40831655..eec244923 100644
--- a/apps/data/storage/base/media.yaml
+++ b/apps/data/storage/base/media.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 300Gi
@@ -19,7 +19,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 10Gi
@@ -32,7 +32,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 3Gi
@@ -45,7 +45,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 10Gi
@@ -58,7 +58,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 5Gi
@@ -71,7 +71,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 5Gi
@@ -84,7 +84,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 30Gi
@@ -97,7 +97,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 150Gi
@@ -110,7 +110,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 100Gi
diff --git a/apps/data/storage/base/milvus.yaml b/apps/data/storage/base/milvus.yaml
index fd9dfdaaa..2d870e848 100644
--- a/apps/data/storage/base/milvus.yaml
+++ b/apps/data/storage/base/milvus.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 55Gi
diff --git a/apps/data/storage/base/matrix/synapse.yaml b/apps/data/storage/base/mixpost.yaml
similarity index 57%
rename from apps/data/storage/base/matrix/synapse.yaml
rename to apps/data/storage/base/mixpost.yaml
index 1b980f7ec..33a8e726f 100644
--- a/apps/data/storage/base/matrix/synapse.yaml
+++ b/apps/data/storage/base/mixpost.yaml
@@ -1,25 +1,25 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
- name: synapse-data
- namespace: matrix1
+ name: mixpost-data
+ namespace: services
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
- storage: 15Gi
+ storage: 20Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
- name: synapse-database
- namespace: matrix1
+ name: mixpost-logs
+ namespace: services
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
- storage: 15Gi
+ storage: 5Gi
diff --git a/apps/data/storage/base/n8n.yaml b/apps/data/storage/base/n8n.yaml
index 4a8d2d7d2..db96c6deb 100644
--- a/apps/data/storage/base/n8n.yaml
+++ b/apps/data/storage/base/n8n.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 5Gi
diff --git a/apps/data/storage/base/postgres/bridges.yaml b/apps/data/storage/base/postgres/bridges.yaml
deleted file mode 100644
index c862a7c06..000000000
--- a/apps/data/storage/base/postgres/bridges.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: bridges-postgres
- namespace: matrix
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
- resources:
- requests:
- storage: 15Gi
diff --git a/apps/data/storage/base/postgres/ganymede.yaml b/apps/data/storage/base/postgres/ganymede.yaml
deleted file mode 100644
index 1b6a8b1a7..000000000
--- a/apps/data/storage/base/postgres/ganymede.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: ganymede-database
- namespace: media
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
- resources:
- requests:
- storage: 15Gi
diff --git a/apps/data/storage/base/postgres/synapse.yaml b/apps/data/storage/base/postgres/synapse.yaml
deleted file mode 100644
index abc583585..000000000
--- a/apps/data/storage/base/postgres/synapse.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: synapse-postgres
- namespace: matrix
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
- resources:
- requests:
- storage: 10Gi
diff --git a/apps/data/storage/base/snapshot/iscsi.yaml b/apps/data/storage/base/snapshot/iscsi.yaml
index 7a49b0859..b4d665ded 100644
--- a/apps/data/storage/base/snapshot/iscsi.yaml
+++ b/apps/data/storage/base/snapshot/iscsi.yaml
@@ -1,6 +1,6 @@
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshotClass
metadata:
- name: iscsi-snapshot
-driver: iscsi
+ name: mayastor-single-replica-snapshot
+driver: mayastor-single-replica
deletionPolicy: Delete
diff --git a/apps/data/storage/base/tanoshi.yaml b/apps/data/storage/base/tanoshi.yaml
index bb60eaaa5..a4290bc3b 100644
--- a/apps/data/storage/base/tanoshi.yaml
+++ b/apps/data/storage/base/tanoshi.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 4Gi
@@ -19,7 +19,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 35Gi
diff --git a/apps/data/storage/base/taskwarrior.yaml b/apps/data/storage/base/taskwarrior.yaml
index a8829f839..f518c3d4a 100644
--- a/apps/data/storage/base/taskwarrior.yaml
+++ b/apps/data/storage/base/taskwarrior.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 1Gi
@@ -19,7 +19,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 15Gi
diff --git a/apps/data/storage/base/postgres/wallabag.yaml b/apps/data/storage/base/touito.yaml
similarity index 57%
rename from apps/data/storage/base/postgres/wallabag.yaml
rename to apps/data/storage/base/touito.yaml
index 457e8f843..f2d07a9a6 100644
--- a/apps/data/storage/base/postgres/wallabag.yaml
+++ b/apps/data/storage/base/touito.yaml
@@ -1,12 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
- name: wallabag-postgres
+ name: touito-storage
namespace: services
spec:
accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
+ - ReadWriteOnce
+ storageClassName: mayastor
resources:
requests:
- storage: 10Gi
+ storage: 1Gi
diff --git a/apps/data/storage/base/transfer.yaml b/apps/data/storage/base/transfer.yaml
new file mode 100644
index 000000000..62f026d6a
--- /dev/null
+++ b/apps/data/storage/base/transfer.yaml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: transfer-cache
+ namespace: services
+spec:
+ accessModes:
+ - ReadWriteOnce
+ storageClassName: mayastor
+ resources:
+ requests:
+ storage: 5Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: transfer-data
+ namespace: services
+spec:
+ accessModes:
+ - ReadWriteOnce
+ storageClassName: mayastor
+ resources:
+ requests:
+ storage: 15Gi
diff --git a/apps/data/storage/base/turbopilot.yaml b/apps/data/storage/base/turbopilot.yaml
index e3f70a832..3619f567f 100644
--- a/apps/data/storage/base/turbopilot.yaml
+++ b/apps/data/storage/base/turbopilot.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 35Gi
diff --git a/apps/data/storage/base/unifi-poller.yaml b/apps/data/storage/base/unifi-poller.yaml
index 69bd2967d..5fd1195ec 100644
--- a/apps/data/storage/base/unifi-poller.yaml
+++ b/apps/data/storage/base/unifi-poller.yaml
@@ -2,11 +2,11 @@ apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: unifi-poller-storage
- namespace: unifi
+ namespace: networking
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 2Gi
diff --git a/apps/data/storage/base/unifi.yaml b/apps/data/storage/base/unifi.yaml
index ca441c4cf..17fdd216f 100644
--- a/apps/data/storage/base/unifi.yaml
+++ b/apps/data/storage/base/unifi.yaml
@@ -2,37 +2,24 @@ apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: unifi-storage
- namespace: unifi
+ namespace: networking
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
- storage: 15Gi
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: unifi-storage-new
- namespace: unifi
-spec:
- accessModes:
- - ReadWriteOnce
- storageClassName: iscsi
- resources:
- requests:
- storage: 50Gi
+ storage: 20Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: unifi-certificates
- namespace: unifi
+ namespace: networking
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 2Gi
diff --git a/apps/data/storage/base/wallabag.yaml b/apps/data/storage/base/wallabag.yaml
index f2a3993bc..a595768f7 100644
--- a/apps/data/storage/base/wallabag.yaml
+++ b/apps/data/storage/base/wallabag.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 15Gi
@@ -19,7 +19,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 5Gi
diff --git a/apps/data/storage/base/wger.yaml b/apps/data/storage/base/wger.yaml
index 22ca9915c..3c24261b8 100644
--- a/apps/data/storage/base/wger.yaml
+++ b/apps/data/storage/base/wger.yaml
@@ -7,7 +7,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 5Gi
@@ -20,7 +20,7 @@ metadata:
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
storage: 25Gi
diff --git a/apps/data/storage/base/postgres/n8n.yaml b/apps/data/storage/base/yacy.yaml
similarity index 66%
rename from apps/data/storage/base/postgres/n8n.yaml
rename to apps/data/storage/base/yacy.yaml
index 38ce26fe1..9eea4c3d8 100644
--- a/apps/data/storage/base/postgres/n8n.yaml
+++ b/apps/data/storage/base/yacy.yaml
@@ -1,12 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
- name: n8n-postgres
+ name: yacy-storage
namespace: services
spec:
accessModes:
- ReadWriteOnce
- storageClassName: iscsi
+ storageClassName: mayastor
resources:
requests:
- storage: 5Gi
+ storage: 100Gi
diff --git a/apps/data/storage/kustomization.yaml b/apps/data/storage/kustomization.yaml
index ee0e69eee..b31630922 100644
--- a/apps/data/storage/kustomization.yaml
+++ b/apps/data/storage/kustomization.yaml
@@ -5,63 +5,23 @@ resources:
- base/kuma.yaml
# Home Assistant
- - base/home/
-
+ - base/home
# Networking
- # - base/adguard.yaml
+
- base/unifi.yaml
- base/unifi-poller.yaml
- # Media Services
- # - base/jellyfin.yaml
- # - base/tanoshi.yaml
- # - base/media.yaml
- # - base/beets.yaml
- # - base/lidarr.yaml
- # - base/ganymede.yaml
-
# Services
- base/n8n.yaml
- base/gitea.yaml
- - base/links.yaml
- - base/wger.yaml
- # - base/grocy.yaml
- # - base/archivebox.yaml
+
+ - base/touito.yaml
+ - base/mixpost.yaml
+
- base/change.yaml
- # - base/taskwarrior.yaml
- # - base/wallabag.yaml
- # - base/milvus.yaml
- base/actual.yaml
- base/finances.yaml
- # - base/jupyterlab.yaml
- # - base/librex.yaml
- base/local-ai.yaml
- - base/turbopilot.yaml
-
- # Postgres Storage
- - base/postgres/ha.yaml
- - base/postgres/n8n.yaml
- # - base/postgres/wallabag.yaml
- # - base/postgres/ganymede.yaml
-
- # Matrix
- # - base/matrix/synapse.yaml
- # - base/matrix/bridges.yaml
- # - base/matrix/whats.yaml
- # - base/matrix/instagram.yaml
- # - base/matrix/linkedin.yaml
- # - base/matrix/discord.yaml
- # - base/matrix/messenger.yaml
- # - base/matrix/skype.yaml
- # - base/matrix/signal.yaml
- # - base/matrix/steam.yaml
-
- # - base/matrix/telegram.yaml
- # - base/postgres/bridges.yaml
- # - base/postgres/synapse.yaml
-
- # Snapshot class
- - base/snapshot/iscsi.yaml
commonAnnotations:
argocd.argoproj.io/sync-options: Delete=false
diff --git a/apps/home/ha/README.md b/apps/home/ha/README.md
index 77212080a..841b75aab 100644
--- a/apps/home/ha/README.md
+++ b/apps/home/ha/README.md
@@ -3,20 +3,26 @@
+
+
+
+
+ 
+
### What is Home Assistant?
> Home Assistant is an open-source home automation platform that allows you to automate and control various aspects of your home, such as lights, appliances, and security systems. It is designed to be easy to use and flexible, and it can be integrated with a wide range of devices and services, including smart home devices, smart speakers, and web services. With Home Assistant, you can create automations and rules to control your home automatically, and you can use it to monitor and track various aspects of your home, such as energy usage and temperature.
-
-### Associated Resources
-
-- [Postgres Operator][operator-uri]:
+>
+> #### Associated Resources
+>
+> - [Postgres Operator][operator-uri]:
The Home Assistant depends on the operator to create and manage its main database.
-- [ArgoCD][argo-uri]: Responsible for managing Kubernetes resources related to Home Assistant
+> - [ArgoCD][argo-uri]: Responsible for managing Kubernetes resources related to Home Assistant
-### References and links
+## References and links
- **[Home Assistant Configuration Repository][own-ha-uri]**
- [Official Website][website-uri]
@@ -26,27 +32,31 @@ The Home Assistant depends on the operator to create and manage its main databas
### Instructions for standalone deployment
```bash
-# Inside this folder
kubectl apply -k github.com/gruberdev/homelab/apps/home/ha
```
+---
+
### HACS Integrations
- [SmartIR][smartir-uri]
- [Uptime-kuma Integration][uptime-kuma]
-- [icloud3][icloud3-uri]
- [ha-floorplan][ha-floorplan]
- [ha-samsungtv-smart][ha-samsungtv-smart]
- [scheduler-component][scheduler-component]
- [ha-dual-smart-thermostat][ha-dual-smart-thermostat]
- [hass-openai-custom-conversation][hass-openai-custom-conversation]
-- [iphonedetect][iphonedetect]
- [extended_openai_conversation][extended-ai]
+- [hass-xiaomi-miot][xiaomi-auto-uri]
+- [local-tuya][local-tuya-uri]
+- [frigate][frigate-uri]
+- [hass-auto-backup][hass-backup-uri]
### Lovelace add-ons:
- [vertical-stack-in-card][vertical-stack-uri]
- [mini-graph-card][mini-graph-uri]
+- [tv-card][tv-card-uri]
- [battery-state-card][battery-uri]
- [history-explorer-card][history-card]
- [lovelace-home-feed-card][lovelace-home-feed-card]
@@ -63,6 +73,15 @@ kubectl apply -k github.com/gruberdev/homelab/apps/home/ha
- [search-card][search-card]
- [custom-sidebar][custom-sidebar]
- [navbar-position][navbar-position]
+- [frigate-card][frigate-card-uri]
+- [lovelace-mushroom][mushroom-uri]
+- [honeycombo-menu][honeycombo-uri]
+- [bubble-card][bubble-card-uri]
+- [vacuum-card][vacuum-card-uri]
+- [service-call-tile][service-call-uri]
+- [hass-simpleicons][hass-simpleicons-uri]
+- [purifier-card][purifier-card-uri]
+
### General personal documentation
@@ -86,6 +105,10 @@ kubectl apply -k github.com/gruberdev/homelab/apps/home/ha
[hass-openai-custom-conversation]: https://github.com/drndos/hass-openai-custom-conversation
[iphonedetect]: https://github.com/mudape/iphonedetect
[extended-ai]: https://github.com/jekalmin/extended_openai_conversation
+[xiaomi-auto-uri]: https://github.com/al-one/hass-xiaomi-miot
+[local-tuya-uri]: https://github.com/rospogrigio/localtuya
+[frigate-uri]: https://github.com/blakeblackshear/frigate-hass-integration
+[hass-backup-uri]: https://github.com/sabeechen/hassio-google-drive-backup
[vertical-stack-uri]: https://github.com/ofekashery/vertical-stack-in-card
[mini-graph-uri]: https://github.com/kalkih/mini-graph-card
@@ -105,6 +128,15 @@ kubectl apply -k github.com/gruberdev/homelab/apps/home/ha
[search-card]: https://github.com/postlund/search-card
[custom-sidebar]: https://github.com/elchininet/custom-sidebar
[navbar-position]: https://github.com/javawizard/ha-navbar-position
+[frigate-card-uri]: https://github.com/dermotduffy/frigate-hass-card
+[mushroom-uri]: https://github.com/piitaya/lovelace-mushroom
+[bubble-card-uri]: https://github.com/Clooos/Bubble-Card
+[vacuum-card-uri]: https://github.com/denysdovhan/vacuum-card
+[service-call-uri]: https://github.com/Nerwyn/service-call-tile-feature
+[hass-simpleicons-uri]: https://github.com/vigonotion/hass-simpleicons
+[purifier-card-uri]: https://github.com/denysdovhan/purifier-card
[ha-samsung-uri]: https://github.com/home-assistant/core/issues/70777
-[broadlink-custom-uri]: https://github.com/usernein/tv-card/blob/c8f0a76424844772934613d45691d9b3860ff36b/README.md?plain=1#L88-L130
\ No newline at end of file
+[broadlink-custom-uri]: https://github.com/usernein/tv-card/blob/c8f0a76424844772934613d45691d9b3860ff36b/README.md?plain=1#L88-L130
+[tv-card-uri]: https://github.com/usernein/tv-card
+[honeycombo-uri]: https://github.com/Sian-Lee-SA/honeycomb-menu
diff --git a/apps/services/mlops/matrix-bot/base/kustomization.yaml b/apps/home/ha/add-ons/kustomization.yaml
similarity index 64%
rename from apps/services/mlops/matrix-bot/base/kustomization.yaml
rename to apps/home/ha/add-ons/kustomization.yaml
index cba8cb583..ff49910f3 100644
--- a/apps/services/mlops/matrix-bot/base/kustomization.yaml
+++ b/apps/home/ha/add-ons/kustomization.yaml
@@ -1,6 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
-- deployment.yaml
-- cm.yaml
-- secret.yaml
+ - tailscale.yaml
diff --git a/apps/home/ha/add-ons/tailscale.yaml b/apps/home/ha/add-ons/tailscale.yaml
new file mode 100644
index 000000000..c671c1ee1
--- /dev/null
+++ b/apps/home/ha/add-ons/tailscale.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: ha-tailscale-inbound
+ annotations:
+ tailscale.com/tailnet-fqdn: ha.raptor-beta.ts.net
+spec:
+ externalName: placeholder
+ type: ExternalName
diff --git a/apps/home/ha/base/certificate.yaml b/apps/home/ha/base/certificate.yaml
index b4dea216c..f1d225413 100644
--- a/apps/home/ha/base/certificate.yaml
+++ b/apps/home/ha/base/certificate.yaml
@@ -1,7 +1,7 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
- name: ha-cloudflare
+ name: homeassistant
spec:
secretName: ha-tls
issuerRef:
@@ -9,4 +9,4 @@ spec:
kind: ClusterIssuer
commonName: home.gruber.dev.br
dnsNames:
- - home.gruber.dev.br
+ - home.gruber.dev.br
diff --git a/apps/home/ha/base/db.yaml b/apps/home/ha/base/db.yaml
deleted file mode 100644
index 968837e43..000000000
--- a/apps/home/ha/base/db.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
-apiVersion: postgresql.cnpg.io/v1
-kind: Cluster
-metadata:
- name: home-database
- namespace: homeassistant
-spec:
- imageName: ghcr.io/cloudnative-pg/postgresql:16.0
- instances: 1
- startDelay: 35
- stopDelay: 35
- resources:
- requests:
- memory: 256Mi
- cpu: 300m
- limits:
- memory: 768Mi
- cpu: 700m
- postgresql:
- pg_hba:
- - host all,replication all,replication 0.0.0.0/0 md5
- parameters:
- shared_buffers: 256MB
- timezone: "America/Sao_Paulo"
- pg_stat_statements.max: "10000"
- pg_stat_statements.track: all
- auto_explain.log_min_duration: "10s"
- bootstrap:
- initdb:
- database: home
- owner: home
- storage:
- storageClass: iscsi
- size: 40Gi
- monitoring:
- enablePodMonitor: true
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: kubernetes.io/hostname
- operator: In
- values:
- - node-one
diff --git a/apps/home/ha/base/deployment.yaml b/apps/home/ha/base/deployment.yaml
index 81fbd627b..a18ad3963 100644
--- a/apps/home/ha/base/deployment.yaml
+++ b/apps/home/ha/base/deployment.yaml
@@ -2,25 +2,24 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: home-assistant
- labels:
- app: home-assistant
annotations:
link.argocd.argoproj.io/external-link: https://home.gruber.dev.br
spec:
replicas: 1
strategy:
type: Recreate
- selector:
- matchLabels:
- app: home-assistant
template:
- metadata:
- labels:
- app: home-assistant
spec:
initContainers:
- name: hacs-install
image: alpine:3.16.2
+ resources:
+ limits:
+ cpu: 200m
+ memory: 256Mi
+ requests:
+ cpu: 100m
+ memory: 128Mi
command:
[
"sh",
@@ -41,6 +40,13 @@ spec:
- name: git-sync
image: k8s.gcr.io/git-sync/git-sync:v3.6.1
imagePullPolicy: IfNotPresent
+ resources:
+ limits:
+ cpu: 200m
+ memory: 256Mi
+ requests:
+ cpu: 100m
+ memory: 128Mi
securityContext:
runAsUser: 65533
env:
@@ -91,10 +97,10 @@ spec:
protocol: TCP
resources:
limits:
- cpu: 750m
+ cpu: 550m
memory: 2Gi
requests:
- cpu: 350m
+ cpu: 200m
memory: 1Gi
livenessProbe:
httpGet:
@@ -158,7 +164,7 @@ spec:
secretName: ha-secrets
- name: config-volume
persistentVolumeClaim:
- claimName: ha-storage-new
+ claimName: ha-storage
- name: hacs-storage
persistentVolumeClaim:
claimName: hacs-storage
diff --git a/apps/home/ha/base/ingress.yaml b/apps/home/ha/base/ingress.yaml
index dcedcc35d..e8147871f 100644
--- a/apps/home/ha/base/ingress.yaml
+++ b/apps/home/ha/base/ingress.yaml
@@ -1,26 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
- name: homeassistant
+ name: ha-internal
annotations:
- external-dns.alpha.kubernetes.io/hostname: home.gruber.dev.br
external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
+ external-dns.alpha.kubernetes.io/hostname: home.gruber.dev.br
external-dns.alpha.kubernetes.io/ttl: "120"
- nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
ingressClassName: nginx
rules:
- - host: home.gruber.dev.br
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: ha-tailscale
- port:
- name: ha
+ - host: home.gruber.dev.br
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: home-tailscale
+ port:
+ name: api
tls:
- - hosts:
- - home.gruber.dev.br
- secretName: ha-tls
+ - hosts:
+ - home.gruber.dev.br
+ secretName: ha-tls
diff --git a/apps/home/ha/base/kustomization.yaml b/apps/home/ha/base/kustomization.yaml
index bdc987ceb..65a38a505 100644
--- a/apps/home/ha/base/kustomization.yaml
+++ b/apps/home/ha/base/kustomization.yaml
@@ -2,9 +2,18 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cm.yaml
- - db.yaml
- deployment.yaml
- - svc.yaml
- - ingress.yaml
- - certificate.yaml
- secret.yaml
+ - certificate.yaml
+ - ingress.yaml
+ - svc.yaml
+
+labels:
+- includeSelectors: true
+ includeTemplates: true
+ pairs:
+ app.kubernetes.io/part-of: home
+ cluster.app: homeassistant
+
+commonAnnotations:
+ reloader.stakater.com/auto: "true"
diff --git a/apps/home/ha/base/svc.yaml b/apps/home/ha/base/svc.yaml
index 06b5a29b9..ef60d86e9 100644
--- a/apps/home/ha/base/svc.yaml
+++ b/apps/home/ha/base/svc.yaml
@@ -1,54 +1,29 @@
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app: home-assistant
- name: home-assistant
-spec:
- ports:
- - name: ha
- port: 8123
- protocol: TCP
- targetPort: 8123
- selector:
- app: home-assistant
- type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
- name: homeassistant
- labels:
- app: home-assistant
- annotations:
- kube-vip.io/vipHost: homeassistant
+ name: home-lb
spec:
ports:
- - name: ha
- port: 80
- protocol: TCP
- targetPort: 8123
- selector:
- app: home-assistant
+ - port: 80
+ targetPort: 8123
+ name: api
+ protocol: TCP
type: LoadBalancer
- loadBalancerIP: "192.168.1.137"
loadBalancerClass: kube-vip.io/kube-vip-class
+ loadBalancerIP: 0.0.0.0
---
apiVersion: v1
kind: Service
metadata:
- name: ha-tailscale
- labels:
- app: home-assistant
+ name: home-tailscale
annotations:
- tailscale.com/hostname: "home"
+ tailscale.com/hostname: ha
spec:
- selector:
- app: home-assistant
ports:
- - name: web
- port: 80
+ - port: 80
targetPort: 8123
+ name: api
protocol: TCP
- loadBalancerClass: tailscale
type: LoadBalancer
+ loadBalancerClass: tailscale
diff --git a/apps/home/ha/db/kustomization.yaml b/apps/home/ha/db/kustomization.yaml
new file mode 100644
index 000000000..5ab4a06b5
--- /dev/null
+++ b/apps/home/ha/db/kustomization.yaml
@@ -0,0 +1,46 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ - ../../../data/postgres/cloudnative/default
+
+nameSuffix: -homeassistant
+
+patches:
+ - patch: |-
+ - op: replace
+ path: /spec/cluster/name
+ value: database-homeassistant
+ target:
+ kind: ScheduledBackup
+ name: daily-backup-postgres
+ - patch: |
+ apiVersion: postgresql.cnpg.io/v1
+ kind: Cluster
+ metadata:
+ name: database
+ spec:
+ bootstrap:
+ initdb:
+ database: home
+ owner: home
+ storage:
+ storageClass: mayastor
+ size: 30Gi
+ walStorage:
+ storageClass: mayastor
+ size: 20Gi
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: kubernetes.io/hostname
+ operator: In
+ values:
+ - controller-one
+ target:
+ kind: Cluster
+ name: database
+
+commonAnnotations:
+ argocd.argoproj.io/sync-options: Delete=false
diff --git a/apps/home/ha/kustomization.yaml b/apps/home/ha/kustomization.yaml
index afc5b2ae3..0eac39ff1 100644
--- a/apps/home/ha/kustomization.yaml
+++ b/apps/home/ha/kustomization.yaml
@@ -1,16 +1,17 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
-bases:
- - ./base
-namespace: homeassistant
+resources:
+ - base
+ - db
+ - add-ons
patches:
- patch: |-
- op: add
path: "/spec/template/spec/nodeSelector"
value:
- kubernetes.io/hostname: node-two
+ kubernetes.io/hostname: worker-one
kubernetes.io/arch: amd64
target:
kind: Deployment
@@ -18,7 +19,6 @@ patches:
images:
- name: homeassistant/home-assistant
- newTag: "2024.2.1"
+ newTag: 2024.7.1
-commonAnnotations:
- reloader.stakater.com/auto: "true"
+namespace: homeassistant
diff --git a/apps/home/wyze/README.md b/apps/home/wyze/README.md
deleted file mode 100644
index 3b9bd0800..000000000
--- a/apps/home/wyze/README.md
+++ /dev/null
@@ -1 +0,0 @@
-# Wyze-bridge
diff --git a/apps/home/wyze/base/cm.yaml b/apps/home/wyze/base/cm.yaml
deleted file mode 100644
index 3a071d069..000000000
--- a/apps/home/wyze/base/cm.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: wyze-cm
-data:
- NET_MODE: "ANY"
- TZ: "America/Sao_Paulo"
- ENABLE_AUDIO: "True"
- RTSP_FW: "force"
- SNAPSHOT: "RTSP30"
- IMG_DIR: "/img/"
- IMG_TYPE: "png"
- RECORD_ALL: "False"
- CONNECT_TIMEOUT: "60"
- OFFLINE_TIME: "30"
- FRESH_DATA: "True"
- FPS_FIX: "True"
- LLHLS: "True"
- MOTION_API: "True"
- MOTION_INT: "3"
- MOTION_START: "True"
- H264_ENC: "h264_nvenc"
- ROTATE_DOOR: "True"
- ON_DEMAND: "False"
- SUBSTREAM: "True"
- NVIDIA_VISIBLE_DEVICES: "all"
- NVIDIA_DRIVER_CAPABILITIES: "all"
- NVIDIA_REQUIRE_CUDA: "cuda>=11.0"
- WB_IP: "10.43.214.110"
diff --git a/apps/home/wyze/base/deployment.yaml b/apps/home/wyze/base/deployment.yaml
deleted file mode 100644
index df8e3cfda..000000000
--- a/apps/home/wyze/base/deployment.yaml
+++ /dev/null
@@ -1,91 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: wyze-bridge
- labels:
- app: wyze-bridge
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: wyze-bridge
- template:
- metadata:
- labels:
- app: wyze-bridge
- spec:
- runtimeClassName: nvidia
- containers:
- - name: wyze-bridge
- image: mrlt8/wyze-bridge:latest-hw
- imagePullPolicy: IfNotPresent
- envFrom:
- - configMapRef:
- name: wyze-cm
- - secretRef:
- name: wyze-vars
- ports:
- - name: web
- protocol: TCP
- containerPort: 5000
- - name: rtmp
- protocol: TCP
- containerPort: 1935
- - name: rtsp
- protocol: TCP
- containerPort: 8554
- - name: hls
- protocol: TCP
- containerPort: 8888
- - name: webrtc-tcp
- protocol: TCP
- containerPort: 8889
- - name: webrtc-udp
- protocol: UDP
- containerPort: 8889
- - name: webrtc-alt-udp
- protocol: UDP
- containerPort: 8189
- startupProbe:
- tcpSocket:
- port: 5000
- initialDelaySeconds: 30
- livenessProbe:
- tcpSocket:
- port: 5000
- initialDelaySeconds: 15
- timeoutSeconds: 1
- periodSeconds: 20
- readinessProbe:
- tcpSocket:
- port: 5000
- initialDelaySeconds: 15
- timeoutSeconds: 1
- periodSeconds: 5
- resources:
- requests:
- cpu: 200m
- memory: 256Mi
- limits:
- cpu: 400m
- memory: 768Mi
- volumeMounts:
- - mountPath: /tokens
- name: config
- - mountPath: /img
- name: snapshots
- - mountPath: /record
- name: recordings
- volumes:
- - name: config
- persistentVolumeClaim:
- claimName: wyze-storage
- - name: snapshots
- persistentVolumeClaim:
- claimName: wyze-snapshots
- - name: recordings
- persistentVolumeClaim:
- claimName: wyze-recordings
diff --git a/apps/home/wyze/base/kustomization.yaml b/apps/home/wyze/base/kustomization.yaml
deleted file mode 100644
index 0292cfb79..000000000
--- a/apps/home/wyze/base/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- svc.yaml
-- cm.yaml
-- secret.yaml
diff --git a/apps/home/wyze/base/secret.yaml b/apps/home/wyze/base/secret.yaml
deleted file mode 100644
index 424d89d96..000000000
--- a/apps/home/wyze/base/secret.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
- name: wyze-vars
- annotations:
- avp.kubernetes.io/path: "kv/data/wyze"
-stringData:
- WYZE_EMAIL: ""
- WYZE_PASSWORD: ""
- TOTP_KEY: ""
diff --git a/apps/home/wyze/base/svc.yaml b/apps/home/wyze/base/svc.yaml
deleted file mode 100644
index c63f27ac8..000000000
--- a/apps/home/wyze/base/svc.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: wyze-bridge
- labels:
- app: wyze-bridge
-spec:
- selector:
- app: wyze-bridge
- ports:
- - name: web
- port: 80
- targetPort: 5000
- protocol: TCP
- - name: hls
- port: 8888
- targetPort: 8888
- protocol: TCP
- - name: webrtc-tcp
- port: 8889
- targetPort: 8889
- protocol: TCP
- - name: webrtc-udp
- port: 8889
- targetPort: 8889
- protocol: UDP
- - name: webrtc-alt-udp
- port: 8189
- targetPort: 8189
- protocol: UDP
- - name: rtsp
- protocol: TCP
- port: 8554
- targetPort: 8554
- type: ClusterIP
- clusterIP: 10.43.214.110
diff --git a/apps/home/wyze/kustomization.yaml b/apps/home/wyze/kustomization.yaml
deleted file mode 100644
index bc77b6814..000000000
--- a/apps/home/wyze/kustomization.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
- - ./base
-
-namespace: homeassistant
-patches:
- - patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/hostname: node-one
- target:
- kind: Deployment
- name: wyze-bridge
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
-
-images:
- - name: mrlt8/wyze-bridge
- newTag: 2.6.0-hw
diff --git a/apps/matrix/Dockerfile b/apps/matrix/Dockerfile
deleted file mode 100644
index c90e668c7..000000000
--- a/apps/matrix/Dockerfile
+++ /dev/null
@@ -1,5 +0,0 @@
-FROM alpine:3.19.1@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b
-RUN apk add --no-cache curl \
- && curl -L https://github.com/a8m/envsubst/releases/download/v1.2.0/envsubst-`uname -s`-`uname -m` -o envsubst \
- && chmod +x envsubst \
- && mv envsubst /usr/local/bin
diff --git a/apps/matrix/README.md b/apps/matrix/README.md
deleted file mode 100644
index e6b410c31..000000000
--- a/apps/matrix/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Matrix
diff --git a/apps/matrix/bridges/discord/README.md b/apps/matrix/bridges/discord/README.md
deleted file mode 100644
index cf7c7223f..000000000
--- a/apps/matrix/bridges/discord/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Matrix Discord Bridge
diff --git a/apps/matrix/bridges/discord/cm.yaml b/apps/matrix/bridges/discord/cm.yaml
deleted file mode 100644
index d485bcf95..000000000
--- a/apps/matrix/bridges/discord/cm.yaml
+++ /dev/null
@@ -1,66 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: discord-bridge-config
-data:
- discord.yaml.tmpl: |
- as_token: ${AS_TOKEN}
- hs_token: ${HS_TOKEN}
- id: discord-puppet
- namespaces:
- users:
- - exclusive: false
- regex: '@_discordpuppet_.*'
- rooms: []
- aliases:
- - exclusive: false
- regex: '#_discordpuppet_.*'
- protocols: []
- rate_limited: false
- sender_localpart: _discordpuppet_bot
- url: 'http://discord-bridge.matrix1.svc.cluster.local:8203'
- de.sorunome.msc2409.push_ephemeral: true
- discord-config.yaml.tmpl: |
- bridge:
- port: 8203
- bindAddress: 0.0.0.0
- domain: matrix.gruber.dev.br
- homeserverUrl: 'http://matrix-matrix-synapse.matrix1.svc.cluster.local:8008'
- loginSharedSecretMap:
- matrix.gruber.dev.br: '${SHARED_SECRET}'
- displayname: Discord Puppet Bridge
- enableGroupSync: true
- presence:
- enabled: true
- interval: 500
- provisioning:
- whitelist:
- - .*
- relay:
- whitelist:
- - '@.*'
- selfService:
- whitelist:
- - '@.*'
- homeserverUrlMap:
- matrix.gruber.dev.br: 'http://matrix-matrix-synapse.matrix1.svc.cluster.local:8008'
- namePatterns:
- user: ':name'
- userOverride: ':displayname'
- room: ':name'
- group: ':name'
- database:
- connString: >-
- postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db-matrix.matrix1.svc.cluster.local:5432/discord?sslmode=disable
- limits:
- maxAutojoinUsers: 100
- roomUserAutojoinDelay: 5000
- logging:
- console: info
- lineDateFormat: 'MMM-D HH:mm:ss.SSS'
- files:
- - file: bridge.log
- level: info
- datePattern: YYYY-MM-DD
- maxFiles: 14d
- maxSize: 50m
diff --git a/apps/matrix/bridges/discord/deployment.yaml b/apps/matrix/bridges/discord/deployment.yaml
deleted file mode 100644
index bc2564a80..000000000
--- a/apps/matrix/bridges/discord/deployment.yaml
+++ /dev/null
@@ -1,122 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: discord-bridge
- labels:
- app: discord-bridge
-spec:
- selector:
- matchLabels:
- app: discord-bridge
- replicas: 1
- strategy:
- type: Recreate
- template:
- metadata:
- labels:
- app: discord-bridge
- spec:
- initContainers:
- - name: load-config
- image: docker.io/grubertech/envsubst:v1.2.0
- imagePullPolicy: IfNotPresent
- command: ["sh"]
- args:
- - -c
- - |
- echo "Substituting variables in /template/discord-config.yaml.tmpl to /tmp/discord-config.yaml" \
- && envsubst -no-empty -i /template/discord-config.yaml.tmpl -o /tmp/discord-config.yaml \
- && echo "Removing /data/config.yaml" \
- && rm -vrf /data/config.yaml || true \
- && echo "Copying /tmp/discord-config.yaml to /data/config.yaml" \
- && cp -fv /tmp/discord-config.yaml /data/config.yaml \
- && echo "Substituting variables in /template/discord.yaml.tmpl to /tmp/discord.yaml" \
- && envsubst -no-empty -i /template/discord.yaml.tmpl -o /tmp/discord.yaml \
- && echo "Removing /bridges/discorda.yaml" \
- && rm -vrf /bridges/discord.yaml || true \
- && echo "Copying /tmp/discord.yaml to /bridges/discord.yaml" \
- && echo "Files in /bridges before copying:" \
- && ls -l /bridges \
- && cp -fv /tmp/discord.yaml /bridges/discord.yaml
- env:
- - name: POSTGRES_USER
- valueFrom: { secretKeyRef: { name: synapse.db-matrix.credentials.postgresql.acid.zalan.do, key: username } }
- - name: POSTGRES_PASSWORD
- valueFrom: { secretKeyRef: { name: synapse.db-matrix.credentials.postgresql.acid.zalan.do, key: password } }
- - name: SHARED_SECRET
- valueFrom: { secretKeyRef: { name: synapse-shared, key: SHARED_SECRET } }
- - name: AS_TOKEN
- valueFrom: { secretKeyRef: { name: synapse-shared, key: AS_DISCORD_TOKEN } }
- - name: HS_TOKEN
- valueFrom: { secretKeyRef: { name: synapse-shared, key: HS_DISCORD_TOKEN } }
- volumeMounts:
- - name: config
- mountPath: /data
- - name: temp-dir
- mountPath: /tmp
- - name: bridges
- mountPath: /bridges
- - name: template
- mountPath: /template/discord-config.yaml.tmpl
- subPath: discord-config.yaml.tmpl
- readOnly: true
- - name: template
- mountPath: /template/discord.yaml.tmpl
- subPath: discord.yaml.tmpl
- readOnly: true
- resources:
- limits:
- cpu: 400m
- memory: 512Mi
- requests:
- cpu: 300m
- memory: 256Mi
- containers:
- - name: discord
- image: docker.io/grubertech/discord:v0.1.0
- imagePullPolicy: IfNotPresent
- command: ["/usr/local/bin/node"]
- args: ["/opt/mx-puppet-discord/build/index.js", "-c", "/data/config.yaml", "-f", "/bridges/discord.yaml"]
- ports:
- - name: http
- containerPort: 8203
- protocol: TCP
- volumeMounts:
- - name: config
- mountPath: /data
- - name: bridges
- mountPath: /bridges
- resources:
- limits:
- cpu: 400m
- memory: 512Mi
- requests:
- cpu: 300m
- memory: 256Mi
- livenessProbe:
- tcpSocket:
- port: 8203
- periodSeconds: 15
- initialDelaySeconds: 30
- readinessProbe:
- tcpSocket:
- port: 8203
- periodSeconds: 5
- initialDelaySeconds: 10
- startupProbe:
- tcpSocket:
- port: 8203
- periodSeconds: 30
- initialDelaySeconds: 60
- volumes:
- - name: template
- configMap:
- name: discord-bridge-config
- - name: temp-dir
- emptyDir: {}
- - name: config
- persistentVolumeClaim:
- claimName: discord-bridge-data
- - name: bridges
- persistentVolumeClaim:
- claimName: registration-discord-matrix
diff --git a/apps/matrix/bridges/discord/kustomization.yaml b/apps/matrix/bridges/discord/kustomization.yaml
deleted file mode 100644
index 891c6a6af..000000000
--- a/apps/matrix/bridges/discord/kustomization.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- cm.yaml
-- deployment.yaml
-- svc.yaml
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/hostname: node-one
- kubernetes.io/arch: amd64
- target:
- kind: Deployment
- name: discord-bridge
diff --git a/apps/matrix/bridges/discord/svc.yaml b/apps/matrix/bridges/discord/svc.yaml
deleted file mode 100644
index 64e36829d..000000000
--- a/apps/matrix/bridges/discord/svc.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: discord-bridge
- labels:
- app: discord-bridge
-spec:
- selector:
- app: discord-bridge
- ports:
- - name: http
- protocol: TCP
- port: 8203
- targetPort: 8203
- publishNotReadyAddresses: True
diff --git a/apps/matrix/bridges/instagram/README.md b/apps/matrix/bridges/instagram/README.md
deleted file mode 100644
index fd91ec7b4..000000000
--- a/apps/matrix/bridges/instagram/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Matrix Telegram Bridge
diff --git a/apps/matrix/bridges/instagram/cm.yaml b/apps/matrix/bridges/instagram/cm.yaml
deleted file mode 100644
index 229bcb08e..000000000
--- a/apps/matrix/bridges/instagram/cm.yaml
+++ /dev/null
@@ -1,170 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: instagram-bridge-config
-data:
- instagram.yaml.tmpl: |
- id: instagram
- as_token: ${AS_TOKEN}
- hs_token: ${HS_TOKEN}
- namespaces:
- users:
- - exclusive: false
- regex: '@instagram_.*:matrix\.gruber\.dev\.br'
- - exclusive: false
- regex: '@instagram:matrix\.gruber\.dev\.br'
- aliases: []
- url: http://instagram-bridge.matrix1.svc.cluster.local:8201
- sender_localpart: tqX_lAHLX7FsdEDSe5ZujCy9WZndheNs9XzagKzCXY0GcDWQkryWs_DGfRtyO7QW
- rate_limited: false
- de.sorunome.msc2409.push_ephemeral: true
- push_ephemeral: true
- insta-config.yaml.tmpl: |
- homeserver:
- address: 'http://matrix-matrix-synapse.matrix1.svc.cluster.local:8008'
- domain: matrix.gruber.dev.br
- verify_ssl: false
- software: standard
- http_retry_count: 4
- status_endpoint: null
- message_send_checkpoint_endpoint: null
- async_media: false
- appservice:
- address: 'http://instagram-bridge.matrix1.svc.cluster.local:8201'
- tls_cert: false
- tls_key: false
- hostname: 0.0.0.0
- port: 8201
- max_body_size: 1
- database: >-
- postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db-matrix.matrix1.svc.cluster.local:5432/instagram?sslmode=require
- database_opts:
- min_size: 1
- max_size: 10
- id: instagram
- bot_username: instagram
- bot_displayname: Instagram bridge bot
- bot_avatar: 'mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv'
- ephemeral_events: true
- as_token: ${AS_TOKEN}
- hs_token: ${HS_TOKEN}
- metrics:
- enabled: false
- listen_port: 8000
- manhole:
- enabled: false
- instagram:
- device_seed: '${INSTA_SEED}'
- mqtt_keepalive: 60
- bridge:
- username_template: 'instagram_{userid}'
- displayname_template: '{displayname} (Instagram)'
- private_chat_name_template: '{displayname}'
- group_chat_name_template: '{name}'
- displayname_max_length: 100
- max_startup_thread_sync_count: 20
- sync_with_custom_puppets: true
- sync_direct_chat_list: true
- double_puppet_allow_discovery: true
- double_puppet_server_map:
- matrix.gruber.dev.br: 'http://matrix-matrix-synapse.matrix1.svc.cluster.local:8008'
- login_shared_secret_map:
- matrix.gruber.dev.br: '${SHARED_SECRET}'
- federate_rooms: true
- backfill:
- enable_initial: true
- enable: true
- msc2716: false
- double_puppet_backfill: true
- max_conversations: 20
- min_sync_thread_delay: 5
- unread_hours_threshold: 0
- backoff:
- thread_list: 300
- message_history: 300
- incremental:
- max_pages: 10
- max_total_pages: -1
- page_delay: 5
- post_batch_delay: 20
- periodic_reconnect:
- interval: 60
- resync: true
- always: true
- get_proxy_api_url: null
- use_proxy_for_media: true
- encryption:
- allow: false
- default: false
- appservice: true
- require: false
- allow_key_sharing: true
- delete_keys:
- delete_outbound_on_ack: false
- dont_store_outbound: false
- ratchet_on_decrypt: false
- delete_fully_used_on_decrypt: false
- delete_prev_on_new_session: false
- delete_on_device_delete: false
- periodically_delete_expired: false
- verification_levels:
- receive: unverified
- send: unverified
- share: cross-signed-tofu
- rotation:
- enable_custom: false
- milliseconds: 604800000
- messages: 100
- disable_device_change_key_rotation: false
- private_chat_portal_meta: always
- delivery_receipts: true
- delivery_error_reports: true
- message_status_events: false
- resend_bridge_info: false
- unimportant_bridge_notices: true
- disable_bridge_notices: false
- caption_in_message: false
- bridge_notices: true
- bridge_matrix_typing: true
- provisioning:
- enabled: true
- prefix: /_matrix/provision/v1
- shared_secret: '${SHARED_SECRET}'
- segment_key: null
- segment_user_id: null
- command_prefix: '!ig'
- permissions:
- '*': relay
- matrix.gruber.dev.br: user
- '@gruber:matrix.gruber.dev.br': admin
- relay:
- enabled: true
- message_formats:
- m.text: '$sender_displayname: $message'
- m.notice: '$sender_displayname: $message'
- m.emote: '* $sender_displayname $message'
- logging:
- version: 1
- formatters:
- colored:
- (): mautrix_instagram.util.ColorFormatter
- format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s'
- normal:
- format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s'
- handlers:
- console:
- class: logging.StreamHandler
- formatter: colored
- loggers:
- mau:
- level: DEBUG
- mauigpapi:
- level: DEBUG
- aiohttp:
- level: INFO
- paho.mqtt:
- level: INFO
- root:
- level: DEBUG
- handlers:
- - console
diff --git a/apps/matrix/bridges/instagram/deployment.yaml b/apps/matrix/bridges/instagram/deployment.yaml
deleted file mode 100644
index d50254d22..000000000
--- a/apps/matrix/bridges/instagram/deployment.yaml
+++ /dev/null
@@ -1,117 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: instagram-bridge
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: instagram-bridge
- template:
- metadata:
- labels:
- app: instagram-bridge
- spec:
- initContainers:
- - name: load-config
- image: docker.io/grubertech/envsubst:v1.2.0
- imagePullPolicy: IfNotPresent
- command: ["sh"]
- args:
- - -c
- - |
- envsubst -no-empty -i /template/insta-config.yaml.tmpl -o /tmp/insta-config.yaml \
- && cp -f /tmp/insta-config.yaml /data/config.yaml \
- && envsubst -no-empty -i /template/instagram.yaml.tmpl -o /tmp/instagram.yaml \
- && cp -f /tmp/instagram.yaml /bridges/instagram.yaml
- env:
- - name: POSTGRES_USER
- valueFrom: { secretKeyRef: { name: synapse.db-matrix.credentials.postgresql.acid.zalan.do, key: username } }
- - name: POSTGRES_PASSWORD
- valueFrom: { secretKeyRef: { name: synapse.db-matrix.credentials.postgresql.acid.zalan.do, key: password } }
- - name: SHARED_SECRET
- valueFrom: { secretKeyRef: { name: synapse-shared, key: SHARED_SECRET } }
- - name: AS_TOKEN
- valueFrom: { secretKeyRef: { name: synapse-shared, key: AS_INSTAGRAM_TOKEN } }
- - name: HS_TOKEN
- valueFrom: { secretKeyRef: { name: synapse-shared, key: HS_INSTAGRAM_TOKEN } }
- - name: INSTA_SEED
- valueFrom: { secretKeyRef: { name: synapse-shared, key: INSTA_SEED } }
- volumeMounts:
- - name: config
- mountPath: /data
- - name: temp-dir
- mountPath: /tmp
- - name: bridges
- mountPath: /bridges
- - name: template
- mountPath: /template/insta-config.yaml.tmpl
- subPath: insta-config.yaml.tmpl
- readOnly: true
- - name: template
- mountPath: /template/instagram.yaml.tmpl
- subPath: instagram.yaml.tmpl
- readOnly: true
- resources:
- limits:
- cpu: 320m
- memory: 512Mi
- requests:
- cpu: 150m
- memory: 512Mi
- containers:
- - name: bridge
- image: docker.io/grubertech/instagram:v0.4.0
- imagePullPolicy: IfNotPresent
- command: ["sh"]
- env:
- - name: MAUTRIX_DIRECT_STARTUP
- value: "true"
- args:
- - -c
- - |
- python3 -m mautrix_instagram \
- -n -c "/data/config.yaml"
- ports:
- - name: http
- containerPort: 8201
- protocol: TCP
- livenessProbe:
- tcpSocket:
- port: 8201
- periodSeconds: 15
- initialDelaySeconds: 30
- readinessProbe:
- tcpSocket:
- port: 8201
- periodSeconds: 5
- initialDelaySeconds: 10
- startupProbe:
- tcpSocket:
- port: 8201
- periodSeconds: 30
- initialDelaySeconds: 60
- volumeMounts:
- - name: config
- mountPath: /data
- resources:
- limits:
- cpu: 320m
- memory: 512Mi
- requests:
- cpu: 200m
- memory: 256Mi
- volumes:
- - name: template
- configMap:
- name: instagram-bridge-config
- - name: temp-dir
- emptyDir: {}
- - name: config
- persistentVolumeClaim:
- claimName: instagram-bridge-data
- - name: bridges
- persistentVolumeClaim:
- claimName: registration-instagram-matrix
diff --git a/apps/matrix/bridges/instagram/kustomization.yaml b/apps/matrix/bridges/instagram/kustomization.yaml
deleted file mode 100644
index 164994c82..000000000
--- a/apps/matrix/bridges/instagram/kustomization.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- cm.yaml
-- deployment.yaml
-- svc.yaml
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/arch: amd64
- kubernetes.io/hostname: node-one
- target:
- kind: Deployment
- name: instagram-bridge
diff --git a/apps/matrix/bridges/instagram/svc.yaml b/apps/matrix/bridges/instagram/svc.yaml
deleted file mode 100644
index 5ed911934..000000000
--- a/apps/matrix/bridges/instagram/svc.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: instagram-bridge
- labels:
- app: instagram-bridge
-spec:
- selector:
- app: instagram-bridge
- ports:
- - name: http
- protocol: TCP
- port: 8201
- targetPort: 8201
- publishNotReadyAddresses: True
diff --git a/apps/matrix/bridges/linkedin/README.md b/apps/matrix/bridges/linkedin/README.md
deleted file mode 100644
index 7a4c6c2c2..000000000
--- a/apps/matrix/bridges/linkedin/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Linkedin Matrix Bridge
diff --git a/apps/matrix/bridges/linkedin/cm.yaml b/apps/matrix/bridges/linkedin/cm.yaml
deleted file mode 100644
index 57ef0c71b..000000000
--- a/apps/matrix/bridges/linkedin/cm.yaml
+++ /dev/null
@@ -1,146 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: linkedin-bridge-config
-data:
- linkedin.yaml.tmpl: |
- id: linkedin
- as_token: ${AS_TOKEN}
- hs_token: ${HS_TOKEN}
- namespaces:
- users:
- - exclusive: false
- regex: '@linkedin_.*:matrix\.gruber\.dev\.br'
- - exclusive: false
- regex: '@linkedinbot:matrix\.gruber\.dev\.br'
- aliases: []
- url: http://linkedin-bridge.matrix1.svc.cluster.local:8202
- sender_localpart: M_RbjmixHLPrAlHKuj90r9MP1Wcq-gR7DA4_Jdr_SsNJUeUzTAho7yY51vb8LxE3
- rate_limited: false
- linkedin-config.yaml.tmpl: |
- homeserver:
- address: 'http://matrix-matrix-synapse.matrix1.svc.cluster.local:8008'
- domain: matrix.gruber.dev.br
- verify_ssl: false
- software: standard
- http_retry_count: 4
- status_endpoint: null
- message_send_checkpoint_endpoint: null
- async_media: false
- appservice:
- address: 'http://linkedin-bridge.matrix1.svc.cluster.local:8202'
- hostname: 0.0.0.0
- port: 8202
- max_body_size: 1
- database: >-
- postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db-matrix.matrix1.svc.cluster.local:5432/linkedin?sslmode=require
- database_opts:
- min_size: 1
- max_size: 10
- provisioning:
- enabled: true
- prefix: /_matrix/provision/v1
- shared_secret: '${SHARED_SECRET}'
- segment_key: null
- segment_user_id: null
- id: linkedin
- bot_username: linkedinbot
- bot_displayname: LinkedIn bridge bot
- bot_avatar: 'mxc://nevarro.space/cwsWnmeMpWSMZLUNblJHaIvP'
- ephemeral_events: false
- as_token: '${AS_TOKEN}'
- hs_token: '${HS_TOKEN}'
- metrics:
- enabled: false
- manhole:
- enabled: false
- bridge:
- username_template: 'linkedin_{userid}'
- space_support:
- enable: true
- name: LinkedIn
- displayname_template: '{displayname} (LinkedIn)'
- displayname_preference:
- - name
- - first_name
- set_topic_on_dms: true
- command_prefix: '!li'
- initial_chat_sync: 20
- invite_own_puppet_to_pm: false
- sync_with_custom_puppets: true
- sync_direct_chat_list: false
- double_puppet_server_map:
- matrix.gruber.dev.br: 'http://matrix-matrix-synapse.matrix1.svc.cluster.local:8008'
- double_puppet_allow_discovery: true
- login_shared_secret_map:
- matrix.gruber.dev.br: '${SHARED_SECRET}'
- presence: true
- update_avatar_initial_sync: true
- federate_rooms: true
- private_chat_portal_meta: always
- encryption:
- allow: false
- default: false
- appservice: true
- require: false
- allow_key_sharing: true
- delete_keys:
- delete_outbound_on_ack: false
- dont_store_outbound: false
- ratchet_on_decrypt: false
- delete_fully_used_on_decrypt: false
- delete_prev_on_new_session: false
- delete_on_device_delete: false
- periodically_delete_expired: false
- verification_levels:
- receive: unverified
- send: unverified
- share: cross-signed-tofu
- rotation:
- enable_custom: false
- milliseconds: 604800000
- messages: 100
- disable_device_change_key_rotation: false
- delivery_receipts: true
- allow_invites: true
- backfill:
- invite_own_puppet: true
- initial_limit: 0
- missed_limit: 1000
- disable_notifications: false
- unread_hours_threshold: 0
- periodic_reconnect:
- interval: -1
- mode: refresh
- always: true
- resync_max_disconnected_time: 5
- temporary_disconnect_notices: true
- refresh_on_reconnection_fail: true
- resend_bridge_info: false
- mute_bridging: false
- tag_only_on_create: true
- permissions:
- '*': relaybot
- matrix.gruber.dev.br: user
- '@gruber:matrix.gruber.dev.br': admin
- logging:
- version: 1
- formatters:
- colored:
- (): mautrix.util.logging.color.ColorFormatter
- format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s'
- normal:
- format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s'
- handlers:
- console:
- class: logging.StreamHandler
- formatter: colored
- loggers:
- mau:
- level: DEBUG
- aiohttp:
- level: INFO
- root:
- level: DEBUG
- handlers:
- - console
diff --git a/apps/matrix/bridges/linkedin/deployment.yaml b/apps/matrix/bridges/linkedin/deployment.yaml
deleted file mode 100644
index 77ee8d6fa..000000000
--- a/apps/matrix/bridges/linkedin/deployment.yaml
+++ /dev/null
@@ -1,115 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: linkedin-bridge
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: linkedin-bridge
- template:
- metadata:
- labels:
- app: linkedin-bridge
- spec:
- initContainers:
- - name: load-config
- image: docker.io/grubertech/envsubst:v1.2.0
- imagePullPolicy: IfNotPresent
- command: ["sh"]
- args:
- - -c
- - |
- envsubst -no-empty -i /template/linkedin-config.yaml.tmpl -o /tmp/linkedin-config.yaml \
- && cp -f /tmp/linkedin-config.yaml /data/config.yaml \
- && envsubst -no-empty -i /template/linkedin.yaml.tmpl -o /tmp/linkedin.yaml \
- && cp -f /tmp/linkedin.yaml /bridges/linkedin.yaml
- env:
- - name: POSTGRES_USER
- valueFrom: { secretKeyRef: { name: synapse.db-matrix.credentials.postgresql.acid.zalan.do, key: username } }
- - name: POSTGRES_PASSWORD
- valueFrom: { secretKeyRef: { name: synapse.db-matrix.credentials.postgresql.acid.zalan.do, key: password } }
- - name: SHARED_SECRET
- valueFrom: { secretKeyRef: { name: synapse-shared, key: SHARED_SECRET } }
- - name: AS_TOKEN
- valueFrom: { secretKeyRef: { name: synapse-shared, key: AS_LINKEDIN_TOKEN } }
- - name: HS_TOKEN
- valueFrom: { secretKeyRef: { name: synapse-shared, key: HS_LINKEDIN_TOKEN } }
- volumeMounts:
- - name: config
- mountPath: /data
- - name: temp-dir
- mountPath: /tmp
- - name: bridges
- mountPath: /bridges
- - name: template
- mountPath: /template/linkedin-config.yaml.tmpl
- subPath: linkedin-config.yaml.tmpl
- readOnly: true
- - name: template
- mountPath: /template/linkedin.yaml.tmpl
- subPath: linkedin.yaml.tmpl
- readOnly: true
- resources:
- limits:
- cpu: 320m
- memory: 512Mi
- requests:
- cpu: 150m
- memory: 512Mi
- containers:
- - name: bridge
- image: ghcr.io/beeper/linkedin:168399d77f81d5c3bcbb22fb40ced814774ec770
- imagePullPolicy: IfNotPresent
- command: ["sh"]
- env:
- - name: MAUTRIX_DIRECT_STARTUP
- value: "true"
- args:
- - -c
- - |
- python3 -m linkedin_matrix \
- -n -c "/data/config.yaml"
- ports:
- - name: http
- containerPort: 8202
- protocol: TCP
- livenessProbe:
- tcpSocket:
- port: 8202
- periodSeconds: 15
- initialDelaySeconds: 30
- readinessProbe:
- tcpSocket:
- port: 8202
- periodSeconds: 5
- initialDelaySeconds: 10
- startupProbe:
- tcpSocket:
- port: 8202
- periodSeconds: 30
- initialDelaySeconds: 60
- volumeMounts:
- - name: config
- mountPath: /data
- resources:
- limits:
- cpu: 320m
- memory: 512Mi
- requests:
- cpu: 200m
- memory: 256Mi
- volumes:
- - name: template
- configMap:
- name: linkedin-bridge-config
- - name: temp-dir
- emptyDir: {}
- - name: config
- persistentVolumeClaim:
- claimName: linkedin-bridge-data
- - name: bridges
- persistentVolumeClaim:
- claimName: registration-linkedin-matrix
diff --git a/apps/matrix/bridges/linkedin/kustomization.yaml b/apps/matrix/bridges/linkedin/kustomization.yaml
deleted file mode 100644
index d007fff25..000000000
--- a/apps/matrix/bridges/linkedin/kustomization.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- cm.yaml
-- deployment.yaml
-- svc.yaml
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/hostname: node-one
- kubernetes.io/arch: amd64
- target:
- kind: Deployment
- name: linkedin-bridge
diff --git a/apps/matrix/bridges/linkedin/svc.yaml b/apps/matrix/bridges/linkedin/svc.yaml
deleted file mode 100644
index b51da92e8..000000000
--- a/apps/matrix/bridges/linkedin/svc.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: linkedin-bridge
- labels:
- app: linkedin-bridge
-spec:
- type: ClusterIP
- selector:
- app: linkedin-bridge
- ports:
- - name: http
- port: 8202
- targetPort: 8202
- protocol: TCP
diff --git a/apps/matrix/bridges/signal/README.md b/apps/matrix/bridges/signal/README.md
deleted file mode 100644
index 64cbfbf69..000000000
--- a/apps/matrix/bridges/signal/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Matrix signal Bridge
diff --git a/apps/matrix/bridges/signal/cm.yaml b/apps/matrix/bridges/signal/cm.yaml
deleted file mode 100644
index 0e76b15a9..000000000
--- a/apps/matrix/bridges/signal/cm.yaml
+++ /dev/null
@@ -1,137 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: signal-bridge-config
-data:
- config.yaml.tmpl: |
- homeserver:
- address: http://matrix-matrix-synapse.matrix.svc.cluster.local:8008
- domain: matrix.gruber.dev.br
- verify_ssl: false
- software: standard
- http_retry_count: 4
- status_endpoint: null
- message_send_checkpoint_endpoint: null
- connection_limit: 100
- async_media: false
- appservice:
- address: http://signal-bridge.matrix.svc.cluster.local:80
- tls_cert: false
- tls_key: false
- hostname: 0.0.0.0
- port: 29328
- max_body_size: 1
- database: postgres://${BRIDGE_DB_USERNAME}:${BRIDGE_DB_PASSWORD}@db-bridges.matrix.svc.cluster.local:5432/signal?sslmode=require
- database_opts:
- min_size: 1
- max_size: 10
- id: signal
- bot_username: signalbot
- bot_displayname: Signal bridge bot
- bot_avatar: mxc://maunium.net/wPJgTQbZOtpBFmDNkiNEMDUp
- ephemeral_events: true
- as_token: This value is generated when generating the registration
- hs_token: This value is generated when generating the registration
- metrics:
- enabled: true
- listen_port: 8000
- manhole:
- enabled: false
- signal:
- socket_path: /var/run/signald/signald.sock
- outgoing_attachment_dir: /tmp
- avatar_dir: ~/.config/signald/avatars
- data_dir: ~/.config/signald/data
- delete_unknown_accounts_on_start: false
- remove_file_after_handling: true
- registration_enabled: true
- enable_disappearing_messages_in_groups: false
- bridge:
- username_template: signal_{userid}
- displayname_template: '{displayname} (Signal)'
- contact_list_names: disallow
- displayname_preference:
- - full_name
- - phone
- autocreate_group_portal: true
- autocreate_contact_portal: true
- public_portals: false
- sync_with_custom_puppets: true
- sync_direct_chat_list: true
- double_puppet_allow_discovery: false
- double_puppet_server_map:
- matrix.gruber.dev.br: http://matrix-matrix-synapse.matrix.svc.cluster.local:8008
- login_shared_secret_map:
- matrix.gruber.dev.br: ${SHARED_SECRET}
- federate_rooms: true
- encryption:
- allow: false
- default: false
- appservice: false
- require: false
- allow_key_sharing: false
- verification_levels:
- receive: unverified
- send: unverified
- share: cross-signed-tofu
- rotation:
- enable_custom: false
- milliseconds: 604800000
- messages: 100
- private_chat_portal_meta: false
- delivery_receipts: true
- delivery_error_reports: true
- message_status_events: false
- resend_bridge_info: false
- periodic_sync: 0
- bridge_matrix_leave: true
- provisioning:
- enabled: true
- prefix: /_matrix/provision
- shared_secret: ${SHARED_SECRET}
- segment_key: null
- command_prefix: '!signal'
- management_room_text:
- welcome: Hello, I'm a Signal bridge bot.
- welcome_connected: Use `help` for help.
- welcome_unconnected: Use `help` for help or `link` to log in.
- additional_help: ''
- management_room_multiple_messages: false
- permissions:
- '*': relay
- matrix.gruber.dev.br: user
- '@gruber:matrix.gruber.dev.br': admin
- relay:
- enabled: false
- message_formats:
- m.text: '$sender_displayname: $message'
- m.notice: '$sender_displayname: $message'
- m.emote: '* $sender_displayname $message'
- m.file: $sender_displayname sent a file
- m.image: $sender_displayname sent an image
- m.audio: $sender_displayname sent an audio file
- m.video: $sender_displayname sent a video
- m.location: $sender_displayname sent a location
- relaybot: '@relaybot:example.com'
- location_format: https://www.google.com/maps/place/{lat},{long}
- logging:
- version: 1
- formatters:
- colored:
- (): mautrix_signal.util.ColorFormatter
- format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s'
- normal:
- format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s'
- handlers:
- console:
- class: logging.StreamHandler
- formatter: colored
- loggers:
- mau:
- level: DEBUG
- aiohttp:
- level: INFO
- root:
- level: DEBUG
- handlers:
- - console
diff --git a/apps/matrix/bridges/signal/deployment.yaml b/apps/matrix/bridges/signal/deployment.yaml
deleted file mode 100644
index 766de6d1a..000000000
--- a/apps/matrix/bridges/signal/deployment.yaml
+++ /dev/null
@@ -1,152 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: signal-bridge
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: signal-bridge
- template:
- metadata:
- labels:
- app: signal-bridge
- spec:
- securityContext:
- runAsUser: 1000
- runAsGroup: 1000
- fsGroup: 1000
- initContainers:
- - name: load-config
- image: docker.io/grubertech/envsubst:v1.2.0
- imagePullPolicy: IfNotPresent
- command: ["sh"]
- args:
- - -c
- - |
- envsubst -no-empty -i /template/config.yaml.tmpl -o /load/config.yaml \
- && cp -f /load/config.yaml /data/config.yaml
- env:
- - name: BRIDGE_DB_USERNAME
- valueFrom: { secretKeyRef: { name: matrix.db-bridges.credentials.postgresql.acid.zalan.do, key: username } }
- - name: BRIDGE_DB_PASSWORD
- valueFrom: { secretKeyRef: { name: matrix.db-bridges.credentials.postgresql.acid.zalan.do, key: password } }
- - name: SHARED_SECRET
- valueFrom: { secretKeyRef: { name: synapse-shared, key: SHARED_SECRET } }
- volumeMounts:
- - name: config
- mountPath: /data
- - name: temp-dir
- mountPath: /load
- - name: template
- mountPath: /template
- readOnly: true
- resources:
- limits:
- cpu: 400m
- memory: 512Mi
- requests:
- cpu: 300m
- memory: 512Mi
- securityContext:
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- allowPrivilegeEscalation: false
- - name: generate-config
- image: dock.mau.dev/mautrix/signal:v0.4.1
- imagePullPolicy: IfNotPresent
- command: ["sh"]
- env:
- - name: MAUTRIX_DIRECT_STARTUP
- value: "true"
- args:
- - -c
- - |
- python3 -m mautrix_signal \
- -g -c "/data/config.yaml" \
- -r "/bridges/signal.yaml"
- volumeMounts:
- - name: config
- mountPath: /data
- - name: bridges
- mountPath: /bridges
- resources:
- limits:
- cpu: 400m
- memory: 512Mi
- requests:
- cpu: 300m
- memory: 512Mi
- securityContext:
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- allowPrivilegeEscalation: false
- containers:
- - name: bridge
- image: dock.mau.dev/mautrix/signal:v0.4.1
- imagePullPolicy: IfNotPresent
- command: ["sh"]
- env:
- - name: MAUTRIX_DIRECT_STARTUP
- value: "true"
- args:
- - -c
- - |
- python3 -m mautrix_signal \
- -n -c "/data/config.yaml"
- ports:
- - name: bridge
- containerPort: 29328
- protocol: TCP
- livenessProbe:
- tcpSocket:
- port: 29328
- periodSeconds: 15
- initialDelaySeconds: 30
- readinessProbe:
- tcpSocket:
- port: 29328
- periodSeconds: 5
- initialDelaySeconds: 10
- startupProbe:
- tcpSocket:
- port: 29328
- periodSeconds: 30
- initialDelaySeconds: 120
- volumeMounts:
- - name: config
- mountPath: /data
- resources:
- limits:
- cpu: 320m
- memory: 512Mi
- requests:
- cpu: 150m
- memory: 256Mi
- securityContext:
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- allowPrivilegeEscalation: false
- volumes:
- - name: template
- configMap:
- name: signal-bridge-config
- items:
- - key: config.yaml.tmpl
- path: config.yaml.tmpl
- - name: temp-dir
- emptyDir: {}
- - name: config
- persistentVolumeClaim:
- claimName: signal-bridge-data
- - name: bridges
- persistentVolumeClaim:
- claimName: bridge-config-storage
diff --git a/apps/matrix/bridges/signal/kustomization.yaml b/apps/matrix/bridges/signal/kustomization.yaml
deleted file mode 100644
index c0c202fc7..000000000
--- a/apps/matrix/bridges/signal/kustomization.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- cm.yaml
-- deployment.yaml
-- svc.yaml
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/hostname: node-one
- kubernetes.io/arch: amd64
- target:
- kind: Deployment
- name: signal-bridge
diff --git a/apps/matrix/bridges/signal/svc.yaml b/apps/matrix/bridges/signal/svc.yaml
deleted file mode 100644
index f011ce46c..000000000
--- a/apps/matrix/bridges/signal/svc.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: signal-bridge
- labels:
- app: signal-bridge
-spec:
- type: ClusterIP
- selector:
- app: signal-bridge
- ports:
- - name: bridge
- port: 80
- targetPort: 29328
- protocol: TCP
diff --git a/apps/matrix/bridges/steam/README.md b/apps/matrix/bridges/steam/README.md
deleted file mode 100644
index ed74d4384..000000000
--- a/apps/matrix/bridges/steam/README.md
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: steam-bridge
- labels:
- app: steam-bridge
-spec:
- type: ClusterIP
- selector:
- app: steam-bridge
- ports:
- - name: bridge
- port: 80
- targetPort: 6000
- protocol: TCP
diff --git a/apps/matrix/bridges/steam/cm.yaml b/apps/matrix/bridges/steam/cm.yaml
deleted file mode 100644
index 49eaa7a88..000000000
--- a/apps/matrix/bridges/steam/cm.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: steam-bridge-config
-data:
- config.yaml.tmpl: |
- bridge:
- port: 6000
- bindAddress: 0.0.0.0
- domain: matrix.gruber.dev.br
- homeserverUrl: http://matrix-matrix-synapse.matrix.svc.cluster.local:8008
- provisioning:
- whitelist:
- - "@*:matrix.gruber.dev.br"
- sharedSecret: ${SHARED_SECRET}
- apiPrefix: /_matrix/provision
- presence:
- enabled: true
- interval: 5000
diff --git a/apps/matrix/bridges/steam/deployment.yaml b/apps/matrix/bridges/steam/deployment.yaml
deleted file mode 100644
index f2d9bb2f5..000000000
--- a/apps/matrix/bridges/steam/deployment.yaml
+++ /dev/null
@@ -1,143 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: steam-bridge
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: steam-bridge
- template:
- metadata:
- labels:
- app: steam-bridge
- spec:
- securityContext:
- runAsUser: 1000
- runAsGroup: 1000
- fsGroup: 1000
- initContainers:
- - name: load-config
- image: docker.io/grubertech/envsubst:v1.2.0
- imagePullPolicy: IfNotPresent
- command: ["sh"]
- args:
- - -c
- - |
- envsubst -no-empty -i /template/config.yaml.tmpl -o /load/config.yaml \
- && cp -f /load/config.yaml /data/config.yaml
- env:
- - name: SHARED_SECRET
- valueFrom: { secretKeyRef: { name: synapse-shared, key: SHARED_SECRET } }
- volumeMounts:
- - name: config
- mountPath: /data
- - name: temp-dir
- mountPath: /load
- - name: template
- mountPath: /template
- readOnly: true
- resources:
- limits:
- cpu: 400m
- memory: 512Mi
- requests:
- cpu: 300m
- memory: 512Mi
- securityContext:
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- allowPrivilegeEscalation: false
- - name: generate-config
- image: grubertech/steam-bridge:latest
- imagePullPolicy: Always
- env:
- - name: CONFIG_PATH
- value: "/data/config.yaml"
- - name: REGISTRATION_PATH
- value: "/bridges/steam.yaml"
- - name: REG_GENERATE
- value: "true"
- volumeMounts:
- - name: config
- mountPath: /data
- - name: bridges
- mountPath: /bridges
- resources:
- limits:
- cpu: 300m
- memory: 512Mi
- requests:
- cpu: 150m
- memory: 512Mi
- securityContext:
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- allowPrivilegeEscalation: false
- containers:
- - name: bridge
- image: grubertech/steam-bridge:latest
- imagePullPolicy: Always
- env:
- - name: CONFIG_PATH
- value: "/data/config.yaml"
- - name: REGISTRATION_PATH
- value: "/bridges/steam.yaml"
- ports:
- - name: bridge
- containerPort: 6000
- protocol: TCP
- livenessProbe:
- tcpSocket:
- port: 6000
- periodSeconds: 15
- initialDelaySeconds: 30
- readinessProbe:
- tcpSocket:
- port: 6000
- periodSeconds: 5
- initialDelaySeconds: 10
- startupProbe:
- tcpSocket:
- port: 6000
- periodSeconds: 30
- initialDelaySeconds: 120
- volumeMounts:
- - name: config
- mountPath: /data
- - name: bridges
- mountPath: /bridges
- resources:
- limits:
- cpu: 400m
- memory: 512Mi
- requests:
- cpu: 300m
- memory: 256Mi
- securityContext:
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- allowPrivilegeEscalation: false
- volumes:
- - name: template
- configMap:
- name: steam-bridge-config
- items:
- - key: config.yaml.tmpl
- path: config.yaml.tmpl
- - name: temp-dir
- emptyDir: {}
- - name: config
- persistentVolumeClaim:
- claimName: steam-bridge-data
- - name: bridges
- persistentVolumeClaim:
- claimName: bridge-config-storage
diff --git a/apps/matrix/bridges/steam/kustomization.yaml b/apps/matrix/bridges/steam/kustomization.yaml
deleted file mode 100644
index 32f089ad7..000000000
--- a/apps/matrix/bridges/steam/kustomization.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- cm.yaml
-- deployment.yaml
-- svc.yaml
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/hostname: node-one
- kubernetes.io/arch: amd64
- target:
- kind: Deployment
- name: steam-bridge
diff --git a/apps/matrix/bridges/steam/svc.yaml b/apps/matrix/bridges/steam/svc.yaml
deleted file mode 100644
index ed74d4384..000000000
--- a/apps/matrix/bridges/steam/svc.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: steam-bridge
- labels:
- app: steam-bridge
-spec:
- type: ClusterIP
- selector:
- app: steam-bridge
- ports:
- - name: bridge
- port: 80
- targetPort: 6000
- protocol: TCP
diff --git a/apps/matrix/bridges/telegram/README.md b/apps/matrix/bridges/telegram/README.md
deleted file mode 100644
index fd91ec7b4..000000000
--- a/apps/matrix/bridges/telegram/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Matrix Telegram Bridge
diff --git a/apps/matrix/bridges/telegram/cm.yaml b/apps/matrix/bridges/telegram/cm.yaml
deleted file mode 100644
index 53a356e0d..000000000
--- a/apps/matrix/bridges/telegram/cm.yaml
+++ /dev/null
@@ -1,257 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: telegram-bridge-config
-data:
- config.yaml.tmpl: |
- homeserver:
- address: http://matrix-matrix-synapse.matrix.svc.cluster.local:8008
- domain: matrix.gruber.dev.br
- verify_ssl: false
- software: standard
- http_retry_count: 4
- status_endpoint: null
- message_send_checkpoint_endpoint: null
- async_media: false
- appservice:
- address: http://telegram-bridge.matrix.svc.cluster.local:80
- tls_cert: false
- tls_key: false
- hostname: 0.0.0.0
- port: 29317
- max_body_size: 1
- database: postgres://${POSTGRES_USER}:${BRIDGE_DB_PASSWORD}@db-bridges.matrix.svc.cluster.local:5432/telegram?sslmode=require
- database_opts:
- min_size: 1
- max_size: 10
- public:
- enabled: false
- prefix: /public
- external: https://example.com/public
- provisioning:
- enabled: true
- prefix: /_matrix/provision
- shared_secret: ${SHARED_SECRET}
- id: telegram
- bot_username: telegrambot
- bot_displayname: Telegram bridge bot
- bot_avatar: mxc://maunium.net/tJCRmUyJDsgRNgqhOgoiHWbX
- ephemeral_events: true
- as_token: This value is generated when generating the registration
- hs_token: This value is generated when generating the registration
- metrics:
- enabled: false
- listen_port: 8000
- manhole:
- enabled: false
- # The path for the unix socket.
- path: /var/tmp/mautrix-telegram.manhole
- # The list of UIDs who can be added to the whitelist.
- whitelist:
- - 0
- bridge:
- username_template: telegram_{userid}
- alias_template: telegram_{groupname}
- displayname_preference:
- - full name
- - username
- - phone number
- displayname_max_length: 100
- allow_avatar_remove: false
- max_initial_member_sync: 100
- max_member_count: -1
- sync_channel_members: false
- skip_deleted_members: true
- startup_sync: false
- sync_update_limit: 0
- sync_create_limit: 15
- sync_deferred_create_all: false
- sync_direct_chats: false
- max_telegram_delete: 10
- sync_matrix_state: true
- allow_matrix_login: true
- public_portals: false
- sync_with_custom_puppets: false
- sync_direct_chat_list: false
- double_puppet_server_map:
- matrix.gruber.dev.br: http://matrix-matrix-synapse.matrix.svc.cluster.local:8008
- double_puppet_allow_discovery: false
- login_shared_secret_map:
- matrix.gruber.dev.br: ${SHARED_SECRET}
- telegram_link_preview: true
- invite_link_resolve: false
- caption_in_message: false
- image_as_file_size: 10
- image_as_file_pixels: 16777216
- parallel_file_transfer: false
- federate_rooms: true
- always_custom_emoji_reaction: false
- animated_sticker:
- target: gif
- convert_from_webm: false
- args:
- width: 256
- height: 256
- fps: 25
- animated_emoji:
- target: webp
- args:
- width: 64
- height: 64
- fps: 25
- encryption:
- allow: false
- default: false
- appservice: false
- require: false
- allow_key_sharing: false
- verification_levels:
- receive: unverified
- send: unverified
- share: cross-signed-tofu
- rotation:
- enable_custom: false
- milliseconds: 604800000
- messages: 100
- private_chat_portal_meta: false
- delivery_receipts: false
- delivery_error_reports: false
- message_status_events: false
- resend_bridge_info: false
- mute_bridging: false
- pinned_tag: null
- archive_tag: null
- tag_only_on_create: true
- bridge_matrix_leave: true
- kick_on_logout: true
- always_read_joined_telegram_notice: true
- create_group_on_invite: true
- backfill:
- enable: true
- msc2716: false
- double_puppet_backfill: false
- normal_groups: false
- unread_hours_threshold: 720
- forward:
- initial_limit: 10
- sync_limit: 100
- incremental:
- messages_per_batch: 100
- post_batch_delay: 20
- max_batches:
- user: -1
- normal_group: -1
- supergroup: 10
- channel: -1
- initial_power_level_overrides:
- user: {}
- group: {}
- # Whether to bridge Telegram bot messages as m.notices or m.texts.
- bot_messages_as_notices: true
- bridge_notices:
- default: false
- exceptions: []
- relay_user_distinguishers:
- - 🟦
- - 🟣
- - 🟩
- - ⭕️
- - 🔶
- - ⬛️
- - �
- - 🟢
- message_formats:
- m.text: '$distinguisher $sender_displayname: $message'
- m.notice: '$distinguisher $sender_displayname: $message'
- m.emote: '* $distinguisher $sender_displayname $message'
- m.file: '$distinguisher $sender_displayname sent a file: $message'
- m.image: '$distinguisher $sender_displayname sent an image: $message'
- m.audio: '$distinguisher $sender_displayname sent an audio file: $message'
- m.video: '$distinguisher $sender_displayname sent a video: $message'
- m.location: '$distinguisher $sender_displayname sent a location: $message'
- emote_format: '* $mention $formatted_body'
- state_event_formats:
- join: $distinguisher $displayname joined the room.
- leave: $distinguisher $displayname left the room.
- name_change: $distinguisher $prev_displayname changed their name to $distinguisher $displayname
- filter:
- mode: blacklist
- list: []
- command_prefix: '!tg'
- management_room_text:
- welcome: Hello, I'm a Telegram bridge bot.
- welcome_connected: Use `help` for help.
- welcome_unconnected: Use `help` for help or `login` to log in.
- additional_help: ''
- management_room_multiple_messages: false
- permissions:
- '*': relaybot
- matrix.gruber.dev.br: user
- '@gruber:matrix.gruber.dev.br': admin
- relaybot:
- private_chat:
- invite: []
- state_changes: true
- message: This is a Matrix bridge relaybot and does not support direct chats
- group_chat_invite: []
- ignore_unbridged_group_chat: true
- authless_portals: true
- whitelist_group_admins: true
- ignore_own_incoming_events: true
- whitelist:
- - myusername
- - 12345678
- telegram:
- api_id: ${APP_ID}
- api_hash: ${APP_API_HASH}
- bot_token: disabled
- catch_up: true
- sequential_updates: true
- exit_on_update_error: false
- connection:
- timeout: 120
- retries: 5
- retry_delay: 1
- flood_sleep_threshold: 60
- request_retries: 5
- device_info:
- device_model: mautrix-telegram
- system_version: auto
- app_version: auto
- lang_code: en
- system_lang_code: en
- server:
- enabled: false
- dc: 2
- ip: 149.154.167.40
- port: 80
- proxy:
- type: disabled
- address: 127.0.0.1
- port: 1080
- rdns: true
- username: ''
- password: ''
- logging:
- version: 1
- formatters:
- colored:
- (): mautrix_telegram.util.ColorFormatter
- format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s'
- normal:
- format: '[%(asctime)s] [%(levelname)s@%(name)s] %(message)s'
- handlers:
- console:
- class: logging.StreamHandler
- formatter: colored
- loggers:
- mau:
- level: DEBUG
- telethon:
- level: INFO
- aiohttp:
- level: INFO
- root:
- level: DEBUG
- handlers:
- - console
diff --git a/apps/matrix/bridges/telegram/deployment.yaml b/apps/matrix/bridges/telegram/deployment.yaml
deleted file mode 100644
index cbe774355..000000000
--- a/apps/matrix/bridges/telegram/deployment.yaml
+++ /dev/null
@@ -1,156 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: telegram-bridge
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: telegram-bridge
- template:
- metadata:
- labels:
- app: telegram-bridge
- spec:
- securityContext:
- runAsUser: 1000
- runAsGroup: 1000
- fsGroup: 1000
- initContainers:
- - name: load-config
- image: docker.io/grubertech/envsubst:v1.2.0
- imagePullPolicy: IfNotPresent
- command: ["sh"]
- args:
- - -c
- - |
- envsubst -no-empty -i /template/config.yaml.tmpl -o /load/config.yaml \
- && cp -f /load/config.yaml /data/config.yaml
- env:
- - name: BRIDGE_DB_USERNAME
- valueFrom: { secretKeyRef: { name: matrix.db-bridges.credentials.postgresql.acid.zalan.do, key: username } }
- - name: BRIDGE_DB_PASSWORD
- valueFrom: { secretKeyRef: { name: matrix.db-bridges.credentials.postgresql.acid.zalan.do, key: password } }
- - name: SHARED_SECRET
- valueFrom: { secretKeyRef: { name: synapse-shared, key: SHARED_SECRET } }
- - name: APP_ID
- valueFrom: { secretKeyRef: { name: synapse-shared, key: TELEGRAM_API_ID } }
- - name: APP_API_HASH
- valueFrom: { secretKeyRef: { name: synapse-shared, key: TELEGRAM_API_HASH } }
- volumeMounts:
- - name: config
- mountPath: /data
- - name: temp-dir
- mountPath: /load
- - name: template
- mountPath: /template
- readOnly: true
- resources:
- limits:
- cpu: 400m
- memory: 512Mi
- requests:
- cpu: 300m
- memory: 512Mi
- securityContext:
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- allowPrivilegeEscalation: false
- - name: generate-config
- image: dock.mau.dev/mautrix/telegram:v0.12.1
- imagePullPolicy: IfNotPresent
- command: ["sh"]
- env:
- - name: MAUTRIX_DIRECT_STARTUP
- value: "true"
- args:
- - -c
- - |
- python3 -m mautrix_telegram \
- -g -c "/data/config.yaml" \
- -r "/bridges/telegram.yaml"
- volumeMounts:
- - name: config
- mountPath: /data
- - name: bridges
- mountPath: /bridges
- resources:
- limits:
- cpu: 300m
- memory: 512Mi
- requests:
- cpu: 100m
- memory: 512Mi
- securityContext:
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- allowPrivilegeEscalation: false
- containers:
- - name: bridge
- image: dock.mau.dev/mautrix/telegram:v0.12.1
- imagePullPolicy: IfNotPresent
- command: ["sh"]
- env:
- - name: MAUTRIX_DIRECT_STARTUP
- value: "true"
- args:
- - -c
- - |
- python3 -m mautrix_telegram \
- -n -c "/data/config.yaml"
- ports:
- - name: bridge
- containerPort: 29317
- protocol: TCP
- livenessProbe:
- tcpSocket:
- port: 29317
- periodSeconds: 15
- initialDelaySeconds: 30
- readinessProbe:
- tcpSocket:
- port: 29317
- periodSeconds: 5
- initialDelaySeconds: 10
- startupProbe:
- tcpSocket:
- port: 29317
- periodSeconds: 30
- initialDelaySeconds: 120
- volumeMounts:
- - name: config
- mountPath: /data
- resources:
- limits:
- cpu: 300m
- memory: 512Mi
- requests:
- cpu: 100m
- memory: 256Mi
- securityContext:
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- allowPrivilegeEscalation: false
- volumes:
- - name: template
- configMap:
- name: telegram-bridge-config
- items:
- - key: config.yaml.tmpl
- path: config.yaml.tmpl
- - name: temp-dir
- emptyDir: {}
- - name: config
- persistentVolumeClaim:
- claimName: telegram-bridge-data
- - name: bridges
- persistentVolumeClaim:
- claimName: bridge-config-storage
diff --git a/apps/matrix/bridges/telegram/kustomization.yaml b/apps/matrix/bridges/telegram/kustomization.yaml
deleted file mode 100644
index 634dbf00a..000000000
--- a/apps/matrix/bridges/telegram/kustomization.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- cm.yaml
-- deployment.yaml
-- svc.yaml
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/hostname: node-one
- kubernetes.io/arch: amd64
- target:
- kind: Deployment
- name: telegram-bridge
diff --git a/apps/matrix/bridges/telegram/svc.yaml b/apps/matrix/bridges/telegram/svc.yaml
deleted file mode 100644
index 80ff4b2d8..000000000
--- a/apps/matrix/bridges/telegram/svc.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: telegram-bridge
- labels:
- app: telegram-bridge
-spec:
- type: ClusterIP
- selector:
- app: telegram-bridge
- ports:
- - name: bridge
- port: 80
- targetPort: 29317
- protocol: TCP
diff --git a/apps/matrix/bridges/whatsapp/cm.yaml b/apps/matrix/bridges/whatsapp/cm.yaml
deleted file mode 100644
index 27a014764..000000000
--- a/apps/matrix/bridges/whatsapp/cm.yaml
+++ /dev/null
@@ -1,194 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: whats-bridge-config
-data:
- whats.yaml.tmpl: |
- id: whatsapp
- url: 'http://whats-bridge.matrix1.svc.cluster.local:8200'
- as_token: ${AS_TOKEN}
- hs_token: ${HS_TOKEN}
- sender_localpart: JIwoVfi2DvXlo3T5TBTctbpfI8KpqWAp
- rate_limited: false
- namespaces:
- users:
- - regex: '^@whatsappbot:matrix\.gruber\.dev\.br$'
- exclusive: false
- - regex: '^@whatsapp_.*:matrix\.gruber\.dev\.br$'
- exclusive: false
- de.sorunome.msc2409.push_ephemeral: true
- push_ephemeral: true
- whats-config.yaml.tmpl: |
- homeserver:
- address: 'http://matrix-matrix-synapse.matrix1.svc.cluster.local:8008'
- domain: matrix.gruber.dev.br
- software: standard
- status_endpoint: null
- message_send_checkpoint_endpoint: null
- async_media: false
- websocket: false
- ping_interval_seconds: 0
- appservice:
- address: 'http://whats-bridge.matrix1.svc.cluster.local:8200'
- hostname: 0.0.0.0
- port: 8200
- database:
- type: postgres
- uri: >-
- postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db-matrix.matrix1.svc.cluster.local:5432/whats?sslmode=require
- max_open_conns: 20
- max_idle_conns: 2
- max_conn_idle_time: null
- max_conn_lifetime: null
- id: whatsapp
- bot:
- username: whatsappbot
- displayname: WhatsApp bridge bot
- avatar: 'mxc://maunium.net/NeXNQarUbrlYBiPCpprYsRqr'
- ephemeral_events: true
- async_transactions: false
- as_token: ${AS_TOKEN}
- hs_token: ${HS_TOKEN}
- segment_key: null
- segment_user_id: null
- metrics:
- enabled: true
- listen: '127.0.0.1:8001'
- whatsapp:
- os_name: Mautrix-WhatsApp bridge
- browser_name: unknown
- bridge:
- username_template: 'whatsapp_{{.}}'
- displayname_template: '{{or .BusinessName .PushName .JID}} (WA)'
- personal_filtering_spaces: true
- delivery_receipts: true
- message_status_events: false
- message_error_notices: true
- call_start_notices: true
- identity_change_notices: true
- portal_message_buffer: 128
- history_sync:
- backfill: true
- max_initial_conversations: -1
- message_count: 50
- request_full_sync: false
- full_sync_config:
- days_limit: null
- size_mb_limit: null
- storage_quota_mb: null
- unread_hours_threshold: 0
- media_requests:
- auto_request_media: true
- request_method: immediate
- request_local_time: 120
- immediate:
- worker_count: 1
- max_events: 10
- deferred:
- - start_days_ago: 7
- max_batch_events: 20
- batch_delay: 5
- - start_days_ago: 30
- max_batch_events: 50
- batch_delay: 10
- - start_days_ago: 90
- max_batch_events: 100
- batch_delay: 10
- - start_days_ago: -1
- max_batch_events: 500
- batch_delay: 10
- user_avatar_sync: true
- bridge_matrix_leave: true
- sync_with_custom_puppets: true
- sync_direct_chat_list: true
- sync_manual_marked_unread: true
- default_bridge_receipts: true
- default_bridge_presence: true
- send_presence_on_typing: true
- force_active_delivery_receipts: false
- double_puppet_server_map:
- matrix.gruber.dev.br: 'http://matrix-matrix-synapse.matrix1.svc.cluster.local:8008'
- double_puppet_allow_discovery: true
- login_shared_secret_map:
- matrix.gruber.dev.br: '${SHARED_SECRET}'
- private_chat_portal_meta: always
- parallel_member_sync: false
- bridge_notices: true
- resend_bridge_info: true
- mute_bridging: false
- archive_tag: null
- pinned_tag: null
- tag_only_on_create: true
- enable_status_broadcast: true
- disable_status_broadcast_send: true
- mute_status_broadcast: true
- status_broadcast_tag: m.lowpriority
- whatsapp_thumbnail: false
- allow_user_invite: true
- federate_rooms: true
- disable_bridge_alerts: false
- crash_on_stream_replaced: false
- url_previews: true
- caption_in_message: false
- extev_polls: false
- cross_room_replies: false
- disable_reply_fallbacks: false
- message_handling_timeout:
- error_after: null
- deadline: 120s
- command_prefix: '!wa'
- management_room_text:
- welcome: 'Hello, I''m a WhatsApp bridge bot.'
- welcome_connected: Use `help` for help.
- welcome_unconnected: Use `help` for help or `login` to log in.
- additional_help: ''
- encryption:
- allow: false
- default: false
- appservice: true
- require: false
- allow_key_sharing: true
- plaintext_mentions: false
- delete_keys:
- delete_outbound_on_ack: false
- dont_store_outbound: false
- ratchet_on_decrypt: false
- delete_fully_used_on_decrypt: false
- delete_prev_on_new_session: false
- delete_on_device_delete: false
- periodically_delete_expired: false
- delete_outdated_inbound: false
- verification_levels:
- receive: unverified
- send: unverified
- share: cross-signed-tofu
- rotation:
- enable_custom: false
- milliseconds: 604800000
- messages: 100
- disable_device_change_key_rotation: false
- provisioning:
- prefix: /_matrix/provision
- shared_secret: '${SHARED_SECRET}'
- permissions:
- '*': relaybot
- matrix.gruber.dev.br: user
- '@gruber:matrix.gruber.dev.br': admin
- relay:
- enabled: true
- admin_only: true
- message_formats:
- m.text: '{{ .Sender.Displayname }}: {{ .Message }}'
- m.notice: '{{ .Sender.Displayname }}: {{ .Message }}'
- m.emote: '* {{ .Sender.Displayname }} {{ .Message }}'
- m.file: '{{ .Sender.Displayname }} sent a file'
- m.image: '{{ .Sender.Displayname }} sent an image'
- m.audio: '{{ .Sender.Displayname }} sent an audio file'
- m.video: '{{ .Sender.Displayname }} sent a video'
- m.location: '{{ .Sender.Displayname }} sent a location'
- logging:
- min_level: debug
- writers:
- - type: stdout
- format: pretty-colored
- version: 2
diff --git a/apps/matrix/bridges/whatsapp/deployment.yaml b/apps/matrix/bridges/whatsapp/deployment.yaml
deleted file mode 100644
index 9b2d4fce2..000000000
--- a/apps/matrix/bridges/whatsapp/deployment.yaml
+++ /dev/null
@@ -1,119 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: whats-bridge
- labels:
- app: whats-bridge
-spec:
- selector:
- matchLabels:
- app: whats-bridge
- replicas: 1
- strategy:
- type: Recreate
- template:
- metadata:
- labels:
- app: whats-bridge
- spec:
- initContainers:
- - name: load-config
- image: docker.io/grubertech/envsubst:v1.2.0
- imagePullPolicy: IfNotPresent
- command: ["sh"]
- args:
- - -c
- - |
- echo "Substituting variables in /template/whats-config.yaml.tmpl to /tmp/whats-config.yaml" \
- && envsubst -no-empty -i /template/whats-config.yaml.tmpl -o /tmp/whats-config.yaml \
- && echo "Removing /data/config.yaml" \
- && rm -vrf /data/config.yaml || true \
- && echo "Copying /tmp/whats-config.yaml to /data/config.yaml" \
- && cp -fv /tmp/whats-config.yaml /data/config.yaml \
- && echo "Substituting variables in /template/whats.yaml.tmpl to /tmp/whats.yaml" \
- && envsubst -no-empty -i /template/whats.yaml.tmpl -o /tmp/whats.yaml \
- && echo "Removing /bridges/whatsapp.yaml" \
- && rm -vrf /bridges/whatsapp.yaml || true \
- && echo "Copying /tmp/whats.yaml to /bridges/whatsapp.yaml" \
- && echo "Files in /bridges before copying:" \
- && ls -l /bridges \
- && cp -fv /tmp/whats.yaml /bridges/whatsapp.yaml
- env:
- - name: POSTGRES_USER
- valueFrom: { secretKeyRef: { name: synapse.db-matrix.credentials.postgresql.acid.zalan.do, key: username } }
- - name: POSTGRES_PASSWORD
- valueFrom: { secretKeyRef: { name: synapse.db-matrix.credentials.postgresql.acid.zalan.do, key: password } }
- - name: SHARED_SECRET
- valueFrom: { secretKeyRef: { name: synapse-shared, key: SHARED_SECRET } }
- - name: AS_TOKEN
- valueFrom: { secretKeyRef: { name: synapse-shared, key: AS_WHATS_TOKEN } }
- - name: HS_TOKEN
- valueFrom: { secretKeyRef: { name: synapse-shared, key: HS_WHATS_TOKEN } }
- volumeMounts:
- - name: config
- mountPath: /data
- - name: temp-dir
- mountPath: /tmp
- - name: bridges
- mountPath: /bridges
- - name: template
- mountPath: /template/whats-config.yaml.tmpl
- subPath: whats-config.yaml.tmpl
- readOnly: true
- - name: template
- mountPath: /template/whats.yaml.tmpl
- subPath: whats.yaml.tmpl
- readOnly: true
- resources:
- limits:
- cpu: 400m
- memory: 512Mi
- requests:
- cpu: 300m
- memory: 256Mi
- containers:
- - name: whats
- image: docker.io/grubertech/whatsapp:v0.9.0
- imagePullPolicy: IfNotPresent
- command: ["mautrix-whatsapp"]
- args: ["-n", "-c", "/data/config.yaml", "--ignore-unsupported-database", " --ignore-foreign-tables"]
- securityContext:
- privileged: true
- ports:
- - name: bridge
- containerPort: 8200
- protocol: TCP
- volumeMounts:
- - name: config
- mountPath: /data
- resources:
- limits:
- cpu: 400m
- memory: 722Mi
- requests:
- cpu: 300m
- memory: 256Mi
- livenessProbe:
- httpGet:
- path: /_matrix/mau/live
- port: 8200
- initialDelaySeconds: 60
- periodSeconds: 15
- startupProbe:
- httpGet:
- path: /_matrix/mau/live
- port: 8200
- initialDelaySeconds: 300
- periodSeconds: 15
- volumes:
- - name: template
- configMap:
- name: whats-bridge-config
- - name: temp-dir
- emptyDir: {}
- - name: config
- persistentVolumeClaim:
- claimName: whats-bridge-data
- - name: bridges
- persistentVolumeClaim:
- claimName: bridge-config-storage
diff --git a/apps/matrix/bridges/whatsapp/kustomization.yaml b/apps/matrix/bridges/whatsapp/kustomization.yaml
deleted file mode 100644
index 89a9bb5e3..000000000
--- a/apps/matrix/bridges/whatsapp/kustomization.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- cm.yaml
-- deployment.yaml
-- svc.yaml
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/arch: amd64
- kubernetes.io/hostname: node-one
- target:
- kind: Deployment
- name: whats-bridge
diff --git a/apps/matrix/bridges/whatsapp/svc.yaml b/apps/matrix/bridges/whatsapp/svc.yaml
deleted file mode 100644
index 034fe3881..000000000
--- a/apps/matrix/bridges/whatsapp/svc.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: whats-bridge
- labels:
- app: whats-bridge
-spec:
- selector:
- app: whats-bridge
- ports:
- - name: bridge
- protocol: TCP
- port: 8200
- targetPort: 8200
- publishNotReadyAddresses: True
diff --git a/apps/matrix/databases/README.md b/apps/matrix/databases/README.md
deleted file mode 100644
index f523d4883..000000000
--- a/apps/matrix/databases/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## PostgreSQL/MySQL Databases for Matrix Synapse & bridges
diff --git a/apps/matrix/databases/base/certificate.yaml b/apps/matrix/databases/base/certificate.yaml
deleted file mode 100644
index 8361942ac..000000000
--- a/apps/matrix/databases/base/certificate.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: matrix-cloudflare
-spec:
- secretName: matrix-tls
- issuerRef:
- name: letsencrypt-production
- kind: ClusterIssuer
- commonName: matrix.gruber.dev.br
- dnsNames:
- - matrix.gruber.dev.br
diff --git a/apps/matrix/databases/base/cm.yaml b/apps/matrix/databases/base/cm.yaml
deleted file mode 100644
index f1556f868..000000000
--- a/apps/matrix/databases/base/cm.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: matrix-redis-config
-data:
- redis-additional.conf: |
- appendonly yes
diff --git a/apps/matrix/databases/base/ingress.yaml b/apps/matrix/databases/base/ingress.yaml
deleted file mode 100644
index a002fb547..000000000
--- a/apps/matrix/databases/base/ingress.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: matrix
- annotations:
- external-dns.alpha.kubernetes.io/hostname: matrix.gruber.dev.br
- external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
- external-dns.alpha.kubernetes.io/ttl: "120"
- nginx.ingress.kubernetes.io/ssl-redirect: "true"
-spec:
- ingressClassName: nginx
- rules:
- - host: matrix.gruber.dev.br
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: synapse-tailscale
- port:
- name: http
- tls:
- - hosts:
- - matrix.gruber.dev.br
- secretName: matrix-tls
diff --git a/apps/matrix/databases/base/kustomization.yaml b/apps/matrix/databases/base/kustomization.yaml
deleted file mode 100644
index cf8812edc..000000000
--- a/apps/matrix/databases/base/kustomization.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- cm.yaml
-- matrix.yaml
-- redis.yaml
-- secret.yaml
-- ingress.yaml
-- certificate.yaml
-- svc.yaml
diff --git a/apps/matrix/databases/base/matrix.yaml b/apps/matrix/databases/base/matrix.yaml
deleted file mode 100644
index 87c9ec625..000000000
--- a/apps/matrix/databases/base/matrix.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-apiVersion: "acid.zalan.do/v1"
-kind: postgresql
-metadata:
- name: db-matrix
- annotations:
- argocd.argoproj.io/sync-options: Delete=false
-spec:
- dockerImage: ghcr.io/zalando/spilo-15:3.0-p1
- teamId: "db"
- numberOfInstances: 1
- users:
- admin:
- - superuser
- - createdb
- synapse: []
- databases:
- matrix: synapse
- media: synapse
- discord: synapse
- whats: synapse
- instagram: synapse
- linkedin: synapse
- telegram: synapse
- signal: synapse
- steam: synapse
- postgresql:
- version: "15"
- volume:
- size: 10Gi
- storageClass: iscsi
- additionalVolumes:
- - name: data
- mountPath: /home/postgres/pgdata/partitions
- targetContainers:
- - postgres
- volumeSource:
- PersistentVolumeClaim:
- claimName: synapse-database
- patroni:
- initdb:
- encoding: "UTF8"
- locale: "C"
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: postgres-operator
- operator: In
- values:
- - enabled
diff --git a/apps/matrix/databases/base/redis.yaml b/apps/matrix/databases/base/redis.yaml
deleted file mode 100644
index 3b0f7f126..000000000
--- a/apps/matrix/databases/base/redis.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-apiVersion: redis.redis.opstreelabs.in/v1beta1
-kind: Redis
-metadata:
- name: matrix-redis
- annotations:
- redis.opstreelabs.in/recreate-statefulset: "true"
-spec:
- redisConfig:
- additionalRedisConfig: matrix-redis-config
- kubernetesConfig:
- image: docker.io/grubertech/redis:v7.0.5
- imagePullPolicy: IfNotPresent
- redisSecret:
- name: synapse-redis
- key: passkey
- updateStrategy:
- type: OnDelete
- resources:
- requests:
- cpu: 150m
- memory: 128Mi
- limits:
- cpu: 250m
- memory: 256Mi
- storage:
- volumeClaimTemplate:
- spec:
- storageClassName: iscsi
- accessModes: ["ReadWriteOnce"]
- resources:
- requests:
- storage: 1Gi
- nodeSelector:
- kubernetes.io/arch: amd64
- redisExporter:
- enabled: false
- image: quay.io/opstree/redis-exporter:v1.44.0
- priorityClassName: system-cluster-critical
- readinessProbe:
- failureThreshold: 5
- initialDelaySeconds: 15
- periodSeconds: 15
- successThreshold: 1
- timeoutSeconds: 5
- livenessProbe:
- failureThreshold: 5
- initialDelaySeconds: 15
- periodSeconds: 15
- successThreshold: 1
- timeoutSeconds: 5
diff --git a/apps/matrix/databases/base/secret.yaml b/apps/matrix/databases/base/secret.yaml
deleted file mode 100644
index be8ce833a..000000000
--- a/apps/matrix/databases/base/secret.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
----
-kind: Secret
-apiVersion: v1
-metadata:
- name: synapse-shared
- annotations:
- avp.kubernetes.io/path: "kv/data/matrix"
-stringData:
- SHARED_SECRET:
- INSTA_SEED:
- AS_WHATS_TOKEN:
- HS_WHATS_TOKEN:
- AS_INSTAGRAM_TOKEN:
- HS_INSTAGRAM_TOKEN:
- AS_TELEGRAM_TOKEN:
- HS_TELEGRAM_TOKEN:
- AS_LINKEDIN_TOKEN:
- HS_LINKEDIN_TOKEN:
- AS_DISCORD_TOKEN:
- HS_DISCORD_TOKEN:
----
-kind: Secret
-apiVersion: v1
-metadata:
- name: synapse-redis
- annotations:
- avp.kubernetes.io/path: "kv/data/matrix"
-stringData:
- passkey:
diff --git a/apps/matrix/databases/base/svc.yaml b/apps/matrix/databases/base/svc.yaml
deleted file mode 100644
index c4ec799d2..000000000
--- a/apps/matrix/databases/base/svc.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: synapse-tailscale
- labels:
- app: synapse
- app.kubernetes.io/instance: matrix
- annotations:
- tailscale.com/hostname: "matrix"
-spec:
- selector:
- app.kubernetes.io/component: synapse
- ports:
- - name: http
- protocol: TCP
- port: 80
- targetPort: 8008
- loadBalancerClass: tailscale
- type: LoadBalancer
diff --git a/apps/matrix/databases/kustomization.yaml b/apps/matrix/databases/kustomization.yaml
deleted file mode 100644
index d5beedaf1..000000000
--- a/apps/matrix/databases/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-
-namespace: matrix1
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/matrix/dendrite/README.md b/apps/matrix/dendrite/README.md
deleted file mode 100644
index 09d7484fa..000000000
--- a/apps/matrix/dendrite/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Dendrite
diff --git a/apps/matrix/dendrite/base/certificate.yaml b/apps/matrix/dendrite/base/certificate.yaml
deleted file mode 100644
index 8361942ac..000000000
--- a/apps/matrix/dendrite/base/certificate.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: matrix-cloudflare
-spec:
- secretName: matrix-tls
- issuerRef:
- name: letsencrypt-production
- kind: ClusterIssuer
- commonName: matrix.gruber.dev.br
- dnsNames:
- - matrix.gruber.dev.br
diff --git a/apps/matrix/dendrite/base/cm.yaml b/apps/matrix/dendrite/base/cm.yaml
deleted file mode 100644
index 0bbeed643..000000000
--- a/apps/matrix/dendrite/base/cm.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: dendrite-config
-data:
- POSTGRES_HOST: "db-matrix.matrix1.svc.cluster.local"
- POSTGRES_DB: "matrix"
diff --git a/apps/matrix/dendrite/base/deployment.yaml b/apps/matrix/dendrite/base/deployment.yaml
deleted file mode 100644
index c1dc68faa..000000000
--- a/apps/matrix/dendrite/base/deployment.yaml
+++ /dev/null
@@ -1,152 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: dendrite
- labels:
- app: dendrite
-spec:
- selector:
- matchLabels:
- app: dendrite
- replicas: 1
- strategy:
- type: Recreate
- template:
- metadata:
- labels:
- app: dendrite
- spec:
- initContainers:
- - name: load-config
- image: docker.io/grubertech/envsubst:v1.2.0
- imagePullPolicy: IfNotPresent
- command: ["sh"]
- args:
- - -c
- - |
- envsubst -no-empty -i /template/config.yaml.tmpl -o /tmp/dendrite.yaml \
- && cp -f /tmp/dendrite.yaml /etc/dendrite/dendrite.yaml \
- && envsubst -no-empty -i /template/whats.yaml.tmpl -o /tmp/whats.yaml \
- && cp -f /tmp/whats.yaml /bridges/whatsapp.yaml
- env:
- - name: POSTGRES_USER
- valueFrom: { secretKeyRef: { name: synapse.db-matrix.credentials.postgresql.acid.zalan.do, key: username } }
- - name: POSTGRES_PASSWORD
- valueFrom: { secretKeyRef: { name: synapse.db-matrix.credentials.postgresql.acid.zalan.do, key: password } }
- - name: SHARED_SECRET
- valueFrom: { secretKeyRef: { name: synapse-shared, key: SHARED_SECRET } }
- - name: AS_TOKEN
- valueFrom: { secretKeyRef: { name: synapse-shared, key: AS_TOKEN } }
- - name: HS_TOKEN
- valueFrom: { secretKeyRef: { name: synapse-shared, key: HS_TOKEN } }
- envFrom:
- - configMapRef:
- name: dendrite-config
- volumeMounts:
- - name: dendrite-conf-vol
- mountPath: /etc/dendrite
- - name: temp-dir
- mountPath: /tmp
- - name: template
- mountPath: /template/config.yaml.tmpl
- subPath: config.yaml.tmpl
- readOnly: true
- - name: template
- mountPath: /template/whats.yaml.tmpl
- subPath: whats.yaml.tmpl
- readOnly: true
- - mountPath: /bridges
- name: bridges
- resources:
- limits:
- cpu: 150m
- memory: 512Mi
- requests:
- cpu: 50m
- memory: 128Mi
- securityContext:
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- allowPrivilegeEscalation: false
- containers:
- - name: dendrite
- image: ghcr.io/matrix-org/dendrite-monolith:v0.13.0
- imagePullPolicy: IfNotPresent
- args:
- - '--config'
- - '/etc/dendrite/dendrite.yaml'
- - '-really-enable-open-registration'
- ports:
- - name: http
- containerPort: 8008
- protocol: TCP
- resources:
- requests:
- cpu: 150m
- memory: 256Mi
- limits:
- cpu: 500m
- memory: 2048Mi
- volumeMounts:
- - mountPath: /etc/dendrite/
- name: dendrite-conf-vol
- - mountPath: /etc/dendrite/secrets/
- name: dendrite-signing-key
- - mountPath: /data/media_store
- name: dendrite-media
- - mountPath: /data/jetstream
- name: dendrite-jetstream
- - mountPath: /data/search
- name: dendrite-search
- - mountPath: /bridges
- name: bridges
- livenessProbe:
- initialDelaySeconds: 15
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 10
- httpGet:
- path: /_dendrite/monitor/health
- port: http
- readinessProbe:
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 10
- httpGet:
- path: /_dendrite/monitor/health
- port: http
- startupProbe:
- initialDelaySeconds: 35
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 10
- httpGet:
- path: /_dendrite/monitor/up
- port: http
- volumes:
- - name: template
- secret:
- secretName: dendrite-vars
- - name: dendrite-conf-vol
- persistentVolumeClaim:
- claimName: "matrix-config"
- - name: dendrite-signing-key
- secret:
- secretName: "dendrite-signing-key"
- - name: dendrite-jetstream
- persistentVolumeClaim:
- claimName: "matrix-jetstream"
- - name: dendrite-media
- persistentVolumeClaim:
- claimName: "matrix-media"
- - name: dendrite-search
- persistentVolumeClaim:
- claimName: "matrix-search"
- - name: temp-dir
- emptyDir: {}
- - name: bridges
- persistentVolumeClaim:
- claimName: bridge-config-storage
diff --git a/apps/matrix/dendrite/base/ingress.yaml b/apps/matrix/dendrite/base/ingress.yaml
deleted file mode 100644
index 086ef26e8..000000000
--- a/apps/matrix/dendrite/base/ingress.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: matrix
- annotations:
- external-dns.alpha.kubernetes.io/hostname: matrix.gruber.dev.br
- external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
- external-dns.alpha.kubernetes.io/ttl: "120"
- nginx.ingress.kubernetes.io/ssl-redirect: "true"
-spec:
- ingressClassName: nginx
- rules:
- - host: matrix.gruber.dev.br
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: dendrite-tailscale
- port:
- name: http
- tls:
- - hosts:
- - matrix.gruber.dev.br
- secretName: matrix-tls
diff --git a/apps/matrix/dendrite/base/jobs.yaml b/apps/matrix/dendrite/base/jobs.yaml
deleted file mode 100644
index 0ba4edaea..000000000
--- a/apps/matrix/dendrite/base/jobs.yaml
+++ /dev/null
@@ -1,86 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: dendrite-signing-key
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: dendrite-signing-key
-rules:
- - apiGroups:
- - ""
- resources:
- - secrets
- resourceNames:
- - dendrite-signing-key
- verbs:
- - get
- - update
- - patch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: dendrite-signing-key
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: dendrite-signing-key
-subjects:
- - kind: ServiceAccount
- name: dendrite-signing-key
- namespace: matrix1
----
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: generate-signing-key
-spec:
- template:
- spec:
- restartPolicy: "Never"
- serviceAccount: dendrite-signing-key
- containers:
- - name: upload-key
- image: bitnami/kubectl
- command:
- - sh
- - -c
- - |
- # check if key already exists
- key=$(kubectl get secret dendrite-signing-key -o jsonpath="{.data['signing\.key']}" 2> /dev/null)
- [ $? -ne 0 ] && echo "Failed to get existing secret" && exit 1
- [ -n "$key" ] && echo "Key already created, exiting." && exit 0
- # wait for signing key
- while [ ! -f /etc/dendrite/signing-key.pem ]; do
- echo "Waiting for signing key.."
- sleep 5;
- done
- # update secret
- kubectl patch secret dendrite-signing-key -p "{\"data\":{\"signing.key\":\"$(base64 /etc/dendrite/signing-key.pem | tr -d '\n')\"}}"
- [ $? -ne 0 ] && echo "Failed to update secret." && exit 1
- echo "Signing key successfully created."
- volumeMounts:
- - mountPath: /etc/dendrite/
- name: signing-key
- readOnly: true
- - name: generate-key
- image: ghcr.io/matrix-org/dendrite-monolith:v0.13.0
- imagePullPolicy: IfNotPresent
- command:
- - sh
- - -c
- - |
- /usr/bin/generate-keys -private-key /etc/dendrite/signing-key.pem
- chown 1001:1001 /etc/dendrite/signing-key.pem
- volumeMounts:
- - mountPath: /etc/dendrite/
- name: signing-key
- volumes:
- - name: signing-key
- emptyDir: {}
- parallelism: 1
- completions: 1
- backoffLimit: 1
diff --git a/apps/matrix/dendrite/base/kustomization.yaml b/apps/matrix/dendrite/base/kustomization.yaml
deleted file mode 100644
index f80bb116e..000000000
--- a/apps/matrix/dendrite/base/kustomization.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- - cm.yaml
- - deployment.yaml
- - secret.yaml
- - svc.yaml
- - jobs.yaml
- - postgres.yaml
- - certificate.yaml
- - ingress.yaml
diff --git a/apps/matrix/dendrite/base/postgres.yaml b/apps/matrix/dendrite/base/postgres.yaml
deleted file mode 100644
index 15513b6af..000000000
--- a/apps/matrix/dendrite/base/postgres.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-apiVersion: "acid.zalan.do/v1"
-kind: postgresql
-metadata:
- name: db-matrix
- annotations:
- argocd.argoproj.io/sync-options: Delete=false
-spec:
- dockerImage: ghcr.io/zalando/spilo-15:3.0-p1
- teamId: "db"
- numberOfInstances: 1
- users:
- admin:
- - superuser
- - createdb
- synapse: []
- databases:
- matrix: synapse
- discord: synapse
- whats: synapse
- instagram: synapse
- linkedin: synapse
- telegram: synapse
- signal: synapse
- steam: synapse
- postgresql:
- version: "14"
- volume:
- size: 1Gi
- storageClass: iscsi
- additionalVolumes:
- - name: data
- mountPath: /home/postgres/pgdata/partitions
- targetContainers:
- - postgres
- volumeSource:
- PersistentVolumeClaim:
- claimName: dendrite-storage
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: postgres-operator
- operator: In
- values:
- - enabled
diff --git a/apps/matrix/dendrite/base/secret.yaml b/apps/matrix/dendrite/base/secret.yaml
deleted file mode 100644
index 1a3011bdb..000000000
--- a/apps/matrix/dendrite/base/secret.yaml
+++ /dev/null
@@ -1,166 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: dendrite-signing-key
-type: Opaque
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: dendrite-metrics-basic-auth
-type: Opaque
-stringData:
- user: "metrics"
- password: "metrics"
----
-kind: Secret
-apiVersion: v1
-metadata:
- name: synapse-shared
- annotations:
- avp.kubernetes.io/path: "kv/data/matrix"
-stringData:
- SHARED_SECRET:
- AS_TOKEN:
- HS_TOKEN:
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: dendrite-vars
-type: Opaque
-stringData:
- whats.yaml.tmpl: |
- id: whatsapp
- url: 'http://whats-bridge.matrix1.svc.cluster.local:8200'
- as_token: ${AS_TOKEN}
- hs_token: ${HS_TOKEN}
- sender_localpart: JIwoVfi2DvXlo3T5TBTctbpfI8KpqWAp
- rate_limited: false
- namespaces:
- users:
- - regex: '^@whatsappbot:matrix\.gruber\.dev\.br$'
- exclusive: false
- - regex: '^@whatsapp_.*:matrix\.gruber\.dev\.br$'
- exclusive: false
- de.sorunome.msc2409.push_ephemeral: true
- push_ephemeral: true
- config.yaml.tmpl: |
- app_service_api:
- config_files:
- - /bridges/whatsapp.yaml
- client_api:
- enable_registration_captcha: false
- guests_disabled: false
- rate_limiting:
- cooloff_ms: 500
- enabled: true
- exempt_user_ids:
- - gruber
- threshold: 20
- recaptcha_bypass_secret: ""
- recaptcha_private_key: ""
- recaptcha_public_key: ""
- recaptcha_siteverify_api: ""
- registration_disabled: false
- registration_shared_secret: ${SHARED_SECRET}
- turn:
- turn_password: ""
- turn_shared_secret: ""
- turn_uris: []
- turn_user_lifetime: 24h
- turn_username: ""
- federation_api:
- disable_http_keepalives: true
- disable_tls_validation: true
- key_perspectives:
- - keys:
- - key_id: ed25519:auto
- public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
- - key_id: ed25519:a_RXGa
- public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ
- server_name: matrix.org
- prefer_direct_fetch: false
- send_max_retries: 16
- global:
- cache:
- max_age: 1h
- max_size_estimated: 1gb
- database:
- conn_max_lifetime: -1
- connection_string: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:5432/${POSTGRES_DB}?sslmode=require
- max_idle_conns: 5
- max_open_conns: 90
- disable_federation: false
- dns_cache:
- cache_lifetime: 10m
- cache_size: 256
- enabled: true
- jetstream:
- addresses: []
- disable_tls_validation: true
- in_memory: false
- storage_path: /data/jetstream
- topic_prefix: Dendrite
- key_validity_period: 168h0m0s
- metrics:
- basic_auth:
- password: metrics
- user: metrics
- enabled: true
- presence:
- enable_inbound: true
- enable_outbound: true
- private_key: /etc/dendrite/secrets/signing.key
- profiling:
- enabled: false
- port: 65432
- report_stats:
- enabled: false
- server_name: matrix.gruber.dev.br
- server_notices:
- avatar_url: ""
- display_name: Server Alerts
- enabled: false
- local_part: _server
- room_name: Server Alerts
- trusted_third_party_id_servers:
- - matrix.org
- - vector.im
- well_known_client_name: ""
- well_known_server_name: ""
- logging:
- - level: info
- type: std
- media_api:
- base_path: /data/media_store
- dynamic_thumbnails: false
- max_file_size_bytes: 10485760
- max_thumbnail_generators: 10
- thumbnail_sizes:
- - height: 32
- method: crop
- width: 32
- - height: 96
- method: crop
- width: 96
- - height: 480
- method: scale
- width: 640
- mscs:
- mscs:
- - msc2836
- - msc2946
- sync_api:
- real_ip_header: X-Real-IP
- search:
- enabled: true
- index_path: /data/search
- language: en
- user_api:
- auto_join_rooms: []
- bcrypt_cost: 10
- openid_token_lifetime_ms: 3600000
- push_gateway_disable_tls_validation: true
- version: 2
diff --git a/apps/matrix/dendrite/base/svc.yaml b/apps/matrix/dendrite/base/svc.yaml
deleted file mode 100644
index 3b0fffe2f..000000000
--- a/apps/matrix/dendrite/base/svc.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-# Source: dendrite/templates/service.yaml
-apiVersion: v1
-kind: Service
-metadata:
- name: dendrite
- labels:
- app: dendrite
-spec:
- selector:
- app: dendrite
- ports:
- - name: http
- protocol: TCP
- port: 80
- targetPort: 8008
----
-apiVersion: v1
-kind: Service
-metadata:
- name: dendrite-tailscale
- labels:
- app: dendrite
- annotations:
- tailscale.com/hostname: "matrix"
-spec:
- selector:
- app: dendrite
- ports:
- - name: http
- protocol: TCP
- port: 80
- targetPort: 8008
- loadBalancerClass: tailscale
- type: LoadBalancer
diff --git a/apps/matrix/dendrite/kustomization.yaml b/apps/matrix/dendrite/kustomization.yaml
deleted file mode 100644
index 1a9c0f5bf..000000000
--- a/apps/matrix/dendrite/kustomization.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-
-namespace: matrix1
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/arch: amd64
- target:
- kind: Deployment
- name: dendrite
diff --git a/apps/matrix/element/base/cm.yaml b/apps/matrix/element/base/cm.yaml
deleted file mode 100644
index 53b4b3aa5..000000000
--- a/apps/matrix/element/base/cm.yaml
+++ /dev/null
@@ -1,60 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: element-cm
-data:
- config.json: |
- {
- "default_server_config": {
- "m.homeserver": {
- "base_url": "http://matrix-matrix-synapse.services.svc.cluster.local:8008",
- "server_name": "matrix.gruber.dev.br"
- },
- "m.identity_server": {
- "base_url": "https://vector.im"
- }
- },
- "disable_custom_urls": true,
- "disable_guests": true,
- "disable_login_language_selector": false,
- "disable_3pid_login": true,
- "brand": "Element",
- "integrations_ui_url": "https://scalar.vector.im/",
- "integrations_rest_url": "https://scalar.vector.im/api",
- "integrations_widgets_urls": [
- "https://scalar.vector.im/_matrix/integrations/v1",
- "https://scalar.vector.im/api",
- "https://scalar-staging.vector.im/_matrix/integrations/v1",
- "https://scalar-staging.vector.im/api",
- "https://scalar-staging.riot.im/scalar/api"
- ],
- "bug_report_endpoint_url": "https://element.io/bugreports/submit",
- "defaultCountryCode": "BR",
- "showLabsSettings": false,
- "features": {
- "feature_new_spinner": true
- },
- "default_federate": true,
- "default_theme": "light",
- "roomDirectory": {
- "servers": [
- "matrix.org"
- ]
- },
- "piwik": {
- "url": "https://piwik.riot.im/",
- "whitelistedHSUrls": ["https://matrix.org"],
- "whitelistedISUrls": ["https://vector.im", "https://matrix.org"],
- "siteId": 1
- },
- "enable_presence_by_hs_url": {
- "https://gruber.dev.br": true,
- "https://matrix.gruber.dev.br": true
- },
- "settingDefaults": {
- "breadcrumbs": false
- },
- "jitsi": {
- "preferredDomain": "jitsi.riot.im"
- }
- }
diff --git a/apps/matrix/element/base/deployment.yaml b/apps/matrix/element/base/deployment.yaml
deleted file mode 100644
index c8138b2ab..000000000
--- a/apps/matrix/element/base/deployment.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: element
- labels:
- app: element
- annotations:
- link.argocd.argoproj.io/external-link: https://chat.gruber.dev.br
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: element
- template:
- metadata:
- labels:
- app: element
- spec:
- containers:
- - name: element
- image: vectorim/element-web:v1.11.13
- envFrom:
- - configMapRef:
- name: element-cm
- ports:
- - name: http
- containerPort: 80
- protocol: TCP
- livenessProbe:
- httpGet:
- path: /
- port: http
- readinessProbe:
- httpGet:
- path: /
- port: http
- volumeMounts:
- - name: ui-config
- mountPath: /app/config.json
- subPath: config.json
- resources:
- requests:
- cpu: "300m"
- memory: "256Mi"
- limits:
- cpu: "600m"
- memory: "400Mi"
- volumes:
- - name: ui-config
- configMap:
- name: element-cm
diff --git a/apps/matrix/element/base/svc.yaml b/apps/matrix/element/base/svc.yaml
deleted file mode 100644
index a175397a4..000000000
--- a/apps/matrix/element/base/svc.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: element-svc
- labels:
- app: element
-spec:
- type: ClusterIP
- selector:
- app: element
- ports:
- - name: http
- port: 8080
- targetPort: 80
- protocol: TCP
diff --git a/apps/matrix/element/kustomization.yaml b/apps/matrix/element/kustomization.yaml
deleted file mode 100644
index 2420345d5..000000000
--- a/apps/matrix/element/kustomization.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-- https://github.com/gruberdev/homelab/apps/networking/tailscale
-
-namespace: matrix
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/hostname: node-one
- target:
- kind: Deployment
- name: element
-- patch: |-
- - op: replace
- path: "/spec/template/spec/containers/0/env/2"
- value:
- name: TS_HOSTNAME
- value: "matrix"
- - op: replace
- path: "/spec/template/spec/containers/0/env/3"
- value:
- name: DEST_PORT
- value: "80"
- target:
- kind: Deployment
- name: element
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/matrix/proxies/kustomization.yaml b/apps/matrix/proxies/kustomization.yaml
deleted file mode 100644
index d26c22a66..000000000
--- a/apps/matrix/proxies/kustomization.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- https://github.com/gruberdev/homelab/apps/networking/tailscale/proxy
-- https://github.com/gruberdev/homelab/apps/networking/tailscale
-- https://github.com/gruberdev/homelab/apps/networking/cloudflared
-
-patchesStrategicMerge:
-- overlay/cloudflared-cm.yaml
-
-namespace: matrix
-
-patches:
-- patch: |-
- - op: replace
- path: "/spec/template/spec/volumes/0/secret/secretName"
- value: "matrix-tunnel"
- target:
- kind: Deployment
- name: cloudflared
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/hostname: node-one
- target:
- kind: Deployment
- name: ts-proxy
-- patch: |-
- - op: replace
- path: "/spec/template/spec/containers/0/env/2"
- value:
- name: TS_HOSTNAME
- value: "matrix"
- - op: replace
- path: "/spec/template/spec/containers/0/env/3"
- value:
- name: DEST_PORT
- value: "8008"
- - op: replace
- path: "/spec/template/spec/containers/0/env/4"
- value:
- name: TS_DEST_SVC
- value: "matrix-matrix-synapse.matrix.svc.cluster.local"
- target:
- kind: Deployment
- name: ts-proxy
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/matrix/proxies/overlay/cloudflared-cm.yaml b/apps/matrix/proxies/overlay/cloudflared-cm.yaml
deleted file mode 100644
index 17fe125d9..000000000
--- a/apps/matrix/proxies/overlay/cloudflared-cm.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: cloudflared
-data:
- config.yaml: |
- tunnel: matrix-tunnel
- credentials-file: /etc/cloudflared/creds/credentials.json
- metrics: 0.0.0.0:2000
- no-autoupdate: true
- ingress:
- - hostname: matrix.gruber.dev.br
- service: http://matrix-matrix-synapse.matrix.svc.cluster.local:8008
- - service: http_status:404
diff --git a/apps/monitoring/kube-prometheus/kustomization.yaml b/apps/monitoring/kube-prometheus/kustomization.yaml
index 49cfb6b3c..e5456e845 100644
--- a/apps/monitoring/kube-prometheus/kustomization.yaml
+++ b/apps/monitoring/kube-prometheus/kustomization.yaml
@@ -5,4 +5,3 @@ resources:
- base/
- crds/
- core.yaml
-
diff --git a/apps/networking/adguard/Allowlist.txt b/apps/networking/adguard/Allowlist.txt
deleted file mode 100644
index 350fbe79c..000000000
--- a/apps/networking/adguard/Allowlist.txt
+++ /dev/null
@@ -1,23 +0,0 @@
-a.nel.cloudflare.com
-cloudflare.com
-chrome.cloudflare-dns.com
-cloudflare-dns.com
-api.spotify.com
-spotify.com
-spclient.wg.spotify.com
-api-partner.spotify.com
-gue1-spclient.spotify.com
-instagram.com
-events.7tv.app
-7tv.app
-twitch.com
-static.twitchcdn.net
-facebook.com
-facebook.net
-www.instagram.com
-scontent.cdninstagram.com
-edge-chat.instagram.com
-graph.instagram.com
-www.instagram.com
-i.instagram.com
-cloud-us.yeelight.com
diff --git a/apps/networking/adguard/README.md b/apps/networking/adguard/README.md
deleted file mode 100644
index bc34ce8a0..000000000
--- a/apps/networking/adguard/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Adguard Home DNS
diff --git a/apps/networking/adguard/base/cm.yaml b/apps/networking/adguard/base/cm.yaml
deleted file mode 100644
index 61a0d7ae3..000000000
--- a/apps/networking/adguard/base/cm.yaml
+++ /dev/null
@@ -1,241 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: adguard-exporter
-data:
- adguard_protocol: "http"
- adguard_hostname: "192.168.1.8"
- adguard_port: "3000"
- interval: "60s"
- log_limit: "50000"
- server_port: "9617"
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: adguard-home
-data:
- AdGuardHome.yaml: |
- bind_host: 0.0.0.0
- bind_port: 3000
- beta_bind_port: 0
- users:
- - name: gruber
- password: $2y$10$Wzj7vbAXFhp2ZNb.NYBrO.3YWao6pCZbMHlnkURBwAmgoAvZCmjcK
- auth_attempts: 5
- block_auth_min: 15
- http_proxy: ""
- language: en
- rlimit_nofile: 0
- debug_pprof: false
- web_session_ttl: 720
- dns:
- bind_hosts:
- - 0.0.0.0
- port: 53
- statistics_interval: 60
- querylog_enabled: true
- querylog_file_enabled: true
- querylog_interval: 1
- querylog_size_memory: 5000
- anonymize_client_ip: false
- protection_enabled: true
- blocking_mode: default
- blocking_ipv4: ""
- blocking_ipv6: ""
- blocked_response_ttl: 1
- parental_block_host: family-block.dns.adguard.com
- safebrowsing_block_host: standard-block.dns.adguard.com
- ratelimit: 0
- ratelimit_whitelist: []
- refuse_any: true
- upstream_dns:
- - 2a07:a8c0::13:eefe
- - 2a07:a8c1::13:eefe
- upstream_dns_file: ""
- bootstrap_dns:
- - 2001:4860:4860::8888
- - 2001:4860:4860::8844
- all_servers: false
- fastest_addr: false
- allowed_clients: []
- disallowed_clients: []
- blocked_hosts: []
- trusted_proxies:
- - 127.0.0.0/8
- - ::1/128
- cache_size: 4194304
- cache_ttl_min: 0
- cache_ttl_max: 0
- bogus_nxdomain: []
- aaaa_disabled: false
- enable_dnssec: false
- edns_client_subnet: false
- max_goroutines: 300
- ipset: []
- filtering_enabled: true
- filters_update_interval: 24
- parental_enabled: false
- safesearch_enabled: false
- use_private_ptr_resolvers: true
- safebrowsing_enabled: false
- safebrowsing_cache_size: 1048576
- safesearch_cache_size: 1048576
- parental_cache_size: 1048576
- cache_time: 30
- rewrites: []
- blocked_services: []
- local_domain_name: lan
- resolve_clients: true
- local_ptr_upstreams: []
- tls:
- enabled: false
- server_name: ""
- force_https: false
- port_https: 443
- port_dns_over_tls: 853
- port_dns_over_quic: 784
- port_dnscrypt: 0
- dnscrypt_config_file: ""
- allow_unencrypted_doh: false
- strict_sni_check: false
- certificate_chain: ""
- private_key: ""
- certificate_path: ""
- private_key_path: ""
- filters:
- - enabled: true
- url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
- name: AdGuard DNS filter
- id: 1
- - enabled: true
- url: https://adaway.org/hosts.txt
- name: AdAway
- id: 2
- - enabled: false
- url: https://easylist.to/easylist/easylist.txt
- name: EasyList
- id: 3
- - enabled: false
- url: https://secure.fanboy.co.nz/fanboy-cookiemonster.txt
- name: EasyList Cookiemonster
- id: 4
- - enabled: false
- url: https://easylist.to/easylist/easyprivacy.txt
- name: EasyPrivacy
- id: 5
- - enabled: false
- url: https://secure.fanboy.co.nz/fanboy-annoyance.txt
- name: Fanboy's Annoyance
- id: 6
- - enabled: false
- url: https://abp.oisd.nl
- name: oisd full
- id: 7
- - enabled: true
- url: https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts
- name: Unified Steven Black hosting plus Gambling
- id: 8
- - enabled: true
- url: https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
- name: anudeepND blocklist
- id: 9
- - enabled: true
- url: https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/stopforumspam_30d.ipset
- name: StopForumSpam filterlists
- id: 10
- - enabled: true
- url: https://www.github.developerdan.com/hosts/lists/tracking-aggressive-extended.txt
- name: Aggressive Extended
- id: 11
- - enabled: true
- url: https://raw.githubusercontent.com/anudeepND/youtubeadsblacklist/master/hosts.txt
- name: Youtube Adlist
- id: 12
- - enabled: true
- url: https://raw.githubusercontent.com/kboghdady/youTube_ads_4_pi-hole/master/youtubelist.txt
- name: Youtube Adlist 2
- id: 13
- - enabled: true
- url: https://raw.githubusercontent.com/arman68/noappleads/main/adguard-blocklist.txt
- name: Adguard Blocklist
- id: 14
- - enabled: true
- url: https://www.github.developerdan.com/hosts/lists/hate-and-junk-extended.txt
- name: Hate and Junk extended
- id: 15
- - enabled: true
- url: https://o0.pages.dev/Pro/hosts.txt
- name: Badmojr 1Hosts
- id: 16
- - enabled: true
- url: https://perflyst.github.io/PiHoleBlocklist/SmartTV-AGH.txt
- name: SmartTV AGH
- id: 17
- - enabled: true
- url: https://perflyst.github.io/PiHoleBlocklist/SmartTV.txt
- name: General SmartTV general list
- id: 18
- - enabled: true
- url: https://blocklistproject.github.io/Lists/ads.txt
- name: Blocklist Project
- id: 19
- - enabled: true
- url: https://raw.githubusercontent.com/bogachenko/fuckfuckadblock/master/fuckfuckadblock.txt
- name: Fuck anti-Adblock
- id: 20
- - enabled: true
- url: https://raw.githubusercontent.com/bogachenko/fuckfuckadblock/master/fuckfuckadblock.txt
- name: Fuck anti-Adblock
- id: 21
- - enabled: true
- url: https://raw.githubusercontent.com/badmojr/1Hosts/master/Xtra/hosts.txt
- name: Xtra Windows Blocklist
- id: 22
- - enabled: true
- url: https://raw.githubusercontent.com/schrebra/Windows.10.DNS.Block.List/main/hosts.txt
- name: Windows 10 DNS Blocklist
- id: 23
- whitelist_filters:
- - enabled: true
- url: https://raw.githubusercontent.com/AdguardTeam/HttpsExclusions/master/exclusions/banks.txt
- name: Banks Whitelist
- id: 1
- - enabled: true
- url: https://raw.githubusercontent.com/AdguardTeam/HttpsExclusions/master/exclusions/banks.txt
- name: Pihole General Whitelist
- id: 2
- - enabled: true
- url: https://raw.githubusercontent.com/AdguardTeam/HttpsExclusions/master/exclusions/sensitive.txt
- name: Sensitive DNS SSL Servers provided by Adguard
- id: 3
- - enabled: true
- url: https://raw.githubusercontent.com/gruberdev/homelab/main/apps/networking/adguard/Allowlist.txt
- name: Personal DNS Allowlist
- id: 4
- user_rules: []
- dhcp:
- enabled: true
- interface_name: "eth0"
- dhcpv4:
- gateway_ip: "192.168.1.1"
- subnet_mask: "255.255.255.0"
- range_start: "192.168.1.10"
- range_end: "192.168.1.150"
- lease_duration: 86400
- icmp_timeout_msec: 1000
- options: []
- dhcpv6:
- range_start: ""
- lease_duration: 86400
- ra_slaac_only: false
- ra_allow_slaac: false
- clients: []
- log_compress: false
- log_localtime: false
- log_max_backups: 0
- log_max_size: 100
- log_max_age: 3
- log_file: ""
- verbose: false
- schema_version: 10
diff --git a/apps/networking/adguard/base/deployment.yaml b/apps/networking/adguard/base/deployment.yaml
deleted file mode 100644
index ecad28401..000000000
--- a/apps/networking/adguard/base/deployment.yaml
+++ /dev/null
@@ -1,105 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: adguard-home
- labels:
- app: adguard-home
- annotations:
- link.argocd.argoproj.io/external-link: http://adguard
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: adguard-home
- template:
- metadata:
- labels:
- app: adguard-home
- spec:
- hostNetwork: true
- initContainers:
- - name: copy-configmap
- image: busybox
- imagePullPolicy: IfNotPresent
- command:
- - "sh"
- - "-c"
- - "mkdir -p /opt/adguardhome/conf && cp /tmp/AdGuardHome.yaml /opt/adguardhome/conf/AdGuardHome.yaml"
- volumeMounts:
- - name: adguard-home-configmap
- mountPath: /tmp
- - name: adguard-home-config
- mountPath: /opt/adguardhome/conf
- securityContext:
- runAsUser: 0
- containers:
- - name: adguard-home
- image: adguard/adguardhome:v0.107.18
- env:
- - name: TZ
- value: "America/Sao_Paulo"
- args:
- - "-c"
- - "/opt/adguardhome/conf/AdGuardHome.yaml"
- - "--work-dir"
- - "/opt/adguardhome/work"
- - "--no-check-update"
- securityContext:
- privileged: false
- allowPrivilegeEscalation: false
- ports:
- - name: web
- containerPort: 3000
- protocol: TCP
- - name: dns
- containerPort: 53
- protocol: UDP
- - name: dns-tcp
- containerPort: 853
- protocol: TCP
- resources:
- requests:
- memory: "128Mi"
- cpu: "200m"
- limits:
- memory: "256Mi"
- cpu: "500m"
- volumeMounts:
- - name: adguard-home-config
- mountPath: /opt/adguardhome/conf
- - name: adguard-home-logs
- mountPath: /opt/adguardhome/work
- - name: exporter
- image: ebrianne/adguard-exporter:latest
- ports:
- - name: metrics
- containerPort: 9617
- protocol: TCP
- resources:
- requests:
- memory: "128Mi"
- cpu: "100m"
- limits:
- memory: "256Mi"
- cpu: "200m"
- envFrom:
- - configMapRef:
- name: adguard-exporter
- - secretRef:
- name: adguard-exporter
- volumes:
- - name: adguard-home-configmap
- configMap:
- name: adguard-home
- items:
- - key: AdGuardHome.yaml
- path: AdGuardHome.yaml
- - name: adguard-home-config
- persistentVolumeClaim:
- claimName: adguard-storage
- - name: adguard-home-logs
- persistentVolumeClaim:
- claimName: adguard-logs
diff --git a/apps/networking/adguard/base/kustomization.yaml b/apps/networking/adguard/base/kustomization.yaml
deleted file mode 100644
index 1a6433d59..000000000
--- a/apps/networking/adguard/base/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- svc.yaml
-- cm.yaml
-- secret.yaml
-- svc-monitor.yaml
diff --git a/apps/networking/adguard/base/secret.yaml b/apps/networking/adguard/base/secret.yaml
deleted file mode 100644
index 2b6947227..000000000
--- a/apps/networking/adguard/base/secret.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-kind: Secret
-apiVersion: v1
-metadata:
- name: adguard-exporter
- annotations:
- avp.kubernetes.io/path: "kv/data/adguard"
-stringData:
- adguard_username:
- adguard_password:
diff --git a/apps/networking/adguard/base/svc-monitor.yaml b/apps/networking/adguard/base/svc-monitor.yaml
deleted file mode 100644
index 1f71179a5..000000000
--- a/apps/networking/adguard/base/svc-monitor.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
- name: adguard-home
-spec:
- endpoints:
- - interval: 60s
- port: metrics
- metricRelabelings:
- - sourceLabels: [domain]
- regex: '^.*?\.?([^.]+\.[^.]+$)'
- replacement: '$1'
- targetLabel: second_level_domain
- selector:
- matchLabels:
- app.kubernetes.io/name: adguard-home
diff --git a/apps/networking/adguard/base/svc.yaml b/apps/networking/adguard/base/svc.yaml
deleted file mode 100644
index c4f7f28f4..000000000
--- a/apps/networking/adguard/base/svc.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: adguard-svc
- labels:
- app: adguard-home
-spec:
- type: ClusterIP
- selector:
- app: adguard-home
- ports:
- - name: admin
- port: 3321
- targetPort: 3000
- protocol: TCP
- - name: web
- port: 3322
- targetPort: 80
- protocol: TCP
- - name: dns
- port: 53
- targetPort: 53
- protocol: UDP
----
-apiVersion: v1
-kind: Service
-metadata:
- name: exporter
-spec:
- type: ClusterIP
- selector:
- app: adguard-home
- ports:
- - name: metrics
- targetPort: metrics
- port: 9617
- protocol: TCP
diff --git a/apps/networking/adguard/kustomization.yaml b/apps/networking/adguard/kustomization.yaml
deleted file mode 100644
index 77b408954..000000000
--- a/apps/networking/adguard/kustomization.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-
-namespace: dns
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/hostname: node-one
- target:
- kind: Deployment
- name: adguard-home
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/networking/certmanager/clusterIssuer.yaml b/apps/networking/certmanager/clusterIssuer.yaml
index f7f4d0db5..a53630ac3 100644
--- a/apps/networking/certmanager/clusterIssuer.yaml
+++ b/apps/networking/certmanager/clusterIssuer.yaml
@@ -59,7 +59,16 @@ spec:
- gym.gruber.dev.br
- dashboard.gruber.dev.br
- dash.gruber.dev.br
+ - changedetection.gruber.dev.br
- hajimari.gruber.dev.br
+ - home-assistant.gruber.dev.br
+ - actual.gruber.dev.br
+ - miniflux.gruber.dev.br
+ - discord.gruber.dev.br
+ - mixpost.gruber.dev.br
+ - code.gruber.dev.br
+ - search.gruber.dev.br
+ - sillytavern.gruber.dev.br
dns01:
cloudflare:
email: rpg.gruber@gmail.com
diff --git a/apps/networking/certmanager/crds/kustomization.yaml b/apps/networking/certmanager/crds/kustomization.yaml
new file mode 100644
index 000000000..96327cc82
--- /dev/null
+++ b/apps/networking/certmanager/crds/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml
+
+commonAnnotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true,ServerSideApply=true,Replace=true,Validate=false
diff --git a/apps/networking/certmanager/kustomization.yaml b/apps/networking/certmanager/kustomization.yaml
index 839936169..ca81a6326 100644
--- a/apps/networking/certmanager/kustomization.yaml
+++ b/apps/networking/certmanager/kustomization.yaml
@@ -4,3 +4,4 @@ resources:
- clusterIssuer.yaml
- postgres.yaml
- secret.yaml
+- crds/
diff --git a/apps/networking/cloudflared/README.md b/apps/networking/cloudflared/README.md
deleted file mode 100644
index 20bc32150..000000000
--- a/apps/networking/cloudflared/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Cloudflared (proxies)
diff --git a/apps/networking/cloudflared/cm.yaml b/apps/networking/cloudflared/cm.yaml
deleted file mode 100644
index b4e415afd..000000000
--- a/apps/networking/cloudflared/cm.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: cloudflared
-data:
- config.yaml: |
- tunnel: flame-tunnel
- credentials-file: /etc/cloudflared/creds/credentials.json
- no-autoupdate: true
- ingress:
- - hostname: flame.gruber.dev.br
- service: http://flame-svc:5005
- - service: http_status:404
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: cf-configs
-data:
- TUNNEL_METRICS_UPDATE_FREQ: "120s"
- TUNNEL_METRICS: "0.0.0.0:2000"
- TUNNEL_RETRIES: "5"
- TUNNEL_LOGLEVEL: "warn"
- TUNNEL_PROTO_LOGLEVEL: "warn"
- TUNNEL_TRANSPORT_PROTOCOL: "auto"
- TUNNEL_ORIGIN_CERT: "~/.cloudflared/cert.pem"
diff --git a/apps/networking/cloudflared/deployment.yaml b/apps/networking/cloudflared/deployment.yaml
deleted file mode 100644
index 008501077..000000000
--- a/apps/networking/cloudflared/deployment.yaml
+++ /dev/null
@@ -1,59 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: cloudflared
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: cloudflared
- template:
- metadata:
- labels:
- app: cloudflared
- spec:
- containers:
- - name: cloudflared
- image: erisamoe/cloudflared:2022.10.2
- args:
- - tunnel
- - --config
- - /etc/cloudflared/config/config.yaml
- - run
- livenessProbe:
- httpGet:
- path: /ready
- port: 2000
- failureThreshold: 5
- initialDelaySeconds: 30
- periodSeconds: 10
- envFrom:
- - configMapRef:
- name: cf-configs
- volumeMounts:
- - name: config
- mountPath: /etc/cloudflared/config
- readOnly: true
- - name: creds
- mountPath: /etc/cloudflared/creds
- readOnly: true
- resources:
- limits:
- cpu: 200m
- memory: 400Mi
- requests:
- cpu: 75m
- memory: 128Mi
- volumes:
- - name: creds
- secret:
- secretName: tunnel-credentials
- # Create a config.yaml file from the ConfigMap below.
- - name: config
- configMap:
- name: cloudflared
- items:
- - key: config.yaml
- path: config.yaml
diff --git a/apps/networking/cloudflared/kustomization.yaml b/apps/networking/cloudflared/kustomization.yaml
deleted file mode 100644
index 0e7dbbf0f..000000000
--- a/apps/networking/cloudflared/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- cm.yaml
-- deployment.yaml
-images:
-- name: erisamoe/cloudflared
- newTag: 2024.1.5
diff --git a/apps/networking/squid/README.md b/apps/networking/squid/README.md
deleted file mode 100644
index f528e7400..000000000
--- a/apps/networking/squid/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Squid Proxy
diff --git a/apps/networking/squid/base/certificate.yaml b/apps/networking/squid/base/certificate.yaml
deleted file mode 100644
index 629fe4be5..000000000
--- a/apps/networking/squid/base/certificate.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: squid-proxy-cloudflare
-spec:
- secretName: proxy-tls
- issuerRef:
- name: letsencrypt-production
- kind: ClusterIssuer
- commonName: proxy.gruber.dev.br
- dnsNames:
- - proxy.gruber.dev.br
diff --git a/apps/networking/squid/base/cm.yaml b/apps/networking/squid/base/cm.yaml
deleted file mode 100644
index b393a0304..000000000
--- a/apps/networking/squid/base/cm.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: squid-config
-data:
- squid.conf: |
- http_port 3128
- acl twitch dstdom_regex video-weaver.*.ttvnw.net
- http_access allow twitch
- acl twitchusher dstdom_regex usher.ttvnw.net
- http_access allow twitchusher
- acl twitchgql dstdom_regex gql.twitch.tv
- http_access allow twitchgql
- acl twitchpassport dstdom_regex passport.twitch.tv
- http_access allow twitchpassport
- acl twitchwww dstdom_regex www.twitch.tv
- http_access allow twitchwww
diff --git a/apps/networking/squid/base/deployment.yaml b/apps/networking/squid/base/deployment.yaml
deleted file mode 100644
index 56b08a67a..000000000
--- a/apps/networking/squid/base/deployment.yaml
+++ /dev/null
@@ -1,56 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: squid
- labels:
- app: squid
-spec:
- replicas: 3
- strategy:
- type: RollingUpdate
- selector:
- matchLabels:
- app: squid
- template:
- metadata:
- labels:
- app: squid
- spec:
- containers:
- - name: squid
- image: ubuntu/squid:5.2-22.04_edge
- livenessProbe:
- tcpSocket:
- port: 3128
- initialDelaySeconds: 25
- periodSeconds: 10
- readinessProbe:
- tcpSocket:
- port: 3128
- initialDelaySeconds: 5
- periodSeconds: 10
- envFrom:
- - configMapRef:
- name: squid-config
- ports:
- - name: proxy
- containerPort: 3128
- protocol: TCP
- resources:
- requests:
- cpu: 80m
- memory: 64Mi
- limits:
- cpu: 150m
- memory: 256Mi
- volumeMounts:
- - name: squid-config-volume
- mountPath: /etc/squid/squid.conf
- subPath: squid.conf
- volumes:
- - name: squid-config-volume
- configMap:
- name: squid-config
- items:
- - key: squid.conf
- path: squid.conf
diff --git a/apps/networking/squid/base/ingress.yaml b/apps/networking/squid/base/ingress.yaml
deleted file mode 100644
index f4f6e9a87..000000000
--- a/apps/networking/squid/base/ingress.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: squid-proxy
- annotations:
- external-dns.alpha.kubernetes.io/hostname: proxy.gruber.dev.br
- external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
- external-dns.alpha.kubernetes.io/ttl: "120"
- nginx.ingress.kubernetes.io/ssl-redirect: "true"
-spec:
- ingressClassName: nginx
- rules:
- - host: proxy.gruber.dev.br
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: squid
- port:
- name: proxy
- tls:
- - hosts:
- - proxy.gruber.dev.br
- secretName: proxy-tls
diff --git a/apps/networking/squid/base/kustomization.yaml b/apps/networking/squid/base/kustomization.yaml
deleted file mode 100644
index 63b35a1cd..000000000
--- a/apps/networking/squid/base/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- svc.yaml
-- cm.yaml
-- certificate.yaml
-- ingress.yaml
diff --git a/apps/networking/squid/base/svc.yaml b/apps/networking/squid/base/svc.yaml
deleted file mode 100644
index 70bae4924..000000000
--- a/apps/networking/squid/base/svc.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: squid
- labels:
- app: squid
- annotations:
- tailscale.com/hostname: "proxy"
-spec:
- selector:
- app: squid
- ports:
- - name: proxy
- protocol: TCP
- port: 80
- targetPort: 3128
- loadBalancerClass: tailscale
- type: LoadBalancer
diff --git a/apps/networking/squid/kustomization.yaml b/apps/networking/squid/kustomization.yaml
deleted file mode 100644
index ddd084310..000000000
--- a/apps/networking/squid/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-
-namespace: networking
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/networking/tailscale/README.md b/apps/networking/tailscale/README.md
index b424f722e..1e7dd5255 100644
--- a/apps/networking/tailscale/README.md
+++ b/apps/networking/tailscale/README.md
@@ -2,6 +2,10 @@
+
+
+ 
+
### Description
@@ -18,6 +22,8 @@
> - [It is cheaper than Inlets Pro (even for perosnal use)][inlets-uri], [has a similar speed to ZeroTier (Benchmark link)][zero-uri] and provides more SaaS experience than [Headscale][headscale-uri], for now.
> - It is mostly open source, the only part that had proprietary code (the controller) was recently reverse-engineered through [the Headscale project][headscale-uri], which tags along Tailscale's evolving features.
+### Additional resources
+
- [Website][website-uri]
- [Official Documentation][docs-uri]
- [Tailscale *Policy as code* for this repository][acl-uri]
diff --git a/apps/networking/tailscale/cr.yaml b/apps/networking/tailscale/cr.yaml
deleted file mode 100644
index fc3a85c61..000000000
--- a/apps/networking/tailscale/cr.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: tailscale
-rules:
-- apiGroups: [""]
- resources: ["secrets"]
- verbs: ["create"]
-- apiGroups: [""]
- resources: ["secrets"]
- verbs: ["get", "update"]
diff --git a/apps/networking/tailscale/kustomization.yaml b/apps/networking/tailscale/kustomization.yaml
deleted file mode 100644
index 24501aaf0..000000000
--- a/apps/networking/tailscale/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- cr.yaml
-- rb.yaml
-- sa.yaml
diff --git a/apps/networking/tailscale/operator/base/cr.yaml b/apps/networking/tailscale/operator/base/cr.yaml
index ce75a213a..4b10b7421 100644
--- a/apps/networking/tailscale/operator/base/cr.yaml
+++ b/apps/networking/tailscale/operator/base/cr.yaml
@@ -3,12 +3,65 @@ kind: ClusterRole
metadata:
name: tailscale-operator
rules:
+- apiGroups:
+ - ''
+ resources:
+ - events
+ - services
+ - services/status
+ verbs:
+ - '*'
+- apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses
+ - ingresses/status
+ verbs:
+ - '*'
+- apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingressclasses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - tailscale.com
+ resources:
+ - connectors
+ - connectors/status
+ - proxyclasses
+ - proxyclasses/status
+ - dnsconfigs
+ - dnsconfigs/status
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+- apiGroups: ["discovery.k8s.io"]
+ resources:
+ - endpointslices
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups: ["apps"]
+ resources:
+ - deployments
+ verbs:
+ - get
+ - list
+ - watch
- apiGroups: [""]
- resources: ["services", "services/status", "ingresses"]
- verbs: ["*"]
-- apiGroups: ["networking.k8s.io"]
- resources: ["events", "ingresses", "ingresses/status"]
- verbs: ["*"]
+ resources:
+ - serviceaccounts
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -16,5 +69,5 @@ metadata:
name: tailscale-auth-proxy
rules:
- apiGroups: [""]
- resources: ["users"]
+ resources: ["users", "groups"]
verbs: ["impersonate"]
diff --git a/apps/networking/tailscale/operator/base/crb.yaml b/apps/networking/tailscale/operator/base/crb.yaml
index 6773f303d..c3725a263 100644
--- a/apps/networking/tailscale/operator/base/crb.yaml
+++ b/apps/networking/tailscale/operator/base/crb.yaml
@@ -1,15 +1,16 @@
+---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tailscale-operator
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: tailscale-operator
subjects:
- kind: ServiceAccount
name: operator
namespace: tailscale
-roleRef:
- kind: ClusterRole
- name: tailscale-operator
- apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
@@ -20,6 +21,6 @@ subjects:
name: operator
namespace: tailscale
roleRef:
+ apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tailscale-auth-proxy
- apiGroup: rbac.authorization.k8s.io
diff --git a/apps/networking/tailscale/operator/base/deployment.yaml b/apps/networking/tailscale/operator/base/deployment.yaml
index 7923dd3ef..fd8e05c0c 100644
--- a/apps/networking/tailscale/operator/base/deployment.yaml
+++ b/apps/networking/tailscale/operator/base/deployment.yaml
@@ -21,7 +21,7 @@ spec:
secretName: operator-oauth
containers:
- name: operator
- image: docker.io/tailscale/k8s-operator:unstable-v1.57.65
+ image: docker.io/tailscale/k8s-operator:unstable-v1.71.74
imagePullPolicy: IfNotPresent
resources:
requests:
@@ -31,30 +31,32 @@ spec:
cpu: 700m
memory: 512Mi
env:
+ - name: OPERATOR_INITIAL_TAGS
+ value: tag:k8s-operator
- name: OPERATOR_HOSTNAME
- value: k8s-operator
+ value: tailscale-operator
- name: OPERATOR_SECRET
value: operator
- name: OPERATOR_LOGGING
- value: debug
- - name: TS_ACCEPT_DNS
- value: "true"
+ value: info
- name: TS_ROUTES
value: "true"
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
+ - name: PROXY_FIREWALL_MODE
+ value: auto
- name: CLIENT_ID_FILE
value: /oauth/client_id
- name: CLIENT_SECRET_FILE
value: /oauth/client_secret
- name: PROXY_IMAGE
- value: docker.io/tailscale/tailscale:unstable-v1.57.65
+ value: docker.io/tailscale/tailscale:unstable-v1.71.74
- name: PROXY_TAGS
value: tag:k8s
- - name: AUTH_PROXY
- value: "false"
+ - name: APISERVER_PROXY
+ value: "noauth"
volumeMounts:
- name: oauth
mountPath: /oauth
diff --git a/apps/networking/tailscale/operator/base/ingress-class.yaml b/apps/networking/tailscale/operator/base/ingress-class.yaml
new file mode 100644
index 000000000..88fdf705d
--- /dev/null
+++ b/apps/networking/tailscale/operator/base/ingress-class.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: IngressClass
+metadata:
+ annotations: {}
+ name: tailscale
+spec:
+ controller: tailscale.com/ts-ingress
diff --git a/apps/networking/tailscale/operator/base/kustomization.yaml b/apps/networking/tailscale/operator/base/kustomization.yaml
index 4cea21157..e96dd355d 100644
--- a/apps/networking/tailscale/operator/base/kustomization.yaml
+++ b/apps/networking/tailscale/operator/base/kustomization.yaml
@@ -7,4 +7,5 @@ resources:
- rb.yaml
- role.yaml
- sa.yaml
+- ingress-class.yaml
# - secret.yaml
diff --git a/apps/networking/tailscale/operator/base/rb.yaml b/apps/networking/tailscale/operator/base/rb.yaml
index a0aa20786..68e55c937 100644
--- a/apps/networking/tailscale/operator/base/rb.yaml
+++ b/apps/networking/tailscale/operator/base/rb.yaml
@@ -1,26 +1,28 @@
+---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
- name: proxies
-subjects:
-- kind: ServiceAccount
- name: proxies
+ name: operator
namespace: tailscale
roleRef:
- kind: Role
- name: proxies
apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: operator
+subjects:
+- kind: ServiceAccount
+ name: operator
+ namespace: tailscale
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
- name: operator
+ name: proxies
namespace: tailscale
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: proxies
subjects:
- kind: ServiceAccount
- name: operator
+ name: proxies
namespace: tailscale
-roleRef:
- kind: Role
- name: operator
- apiGroup: rbac.authorization.k8s.io
diff --git a/apps/networking/tailscale/operator/base/role.yaml b/apps/networking/tailscale/operator/base/role.yaml
index 651739262..7f5e987bb 100644
--- a/apps/networking/tailscale/operator/base/role.yaml
+++ b/apps/networking/tailscale/operator/base/role.yaml
@@ -1,31 +1,31 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
- name: proxies
+ name: operator
+ namespace: tailscale
rules:
-- apiGroups: [""]
- resources: ["secrets", "ingresses", "services"]
- verbs: ["*"]
+- apiGroups:
+ - ''
+ resources:
+ - secrets
+ verbs:
+ - '*'
+- apiGroups:
+ - apps
+ resources:
+ - statefulsets
+ verbs:
+ - '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
- name: operator
+ name: proxies
+ namespace: tailscale
rules:
-- apiGroups: [""]
- resources: ["secrets", "ingresses", "services"]
- verbs: ["*"]
-- apiGroups: ["apps"]
- resources: ["statefulsets"]
- verbs: ["*"]
- apiGroups:
- - ""
- resourceNames:
- - dnsconfig
+ - ''
resources:
- - configmaps
+ - secrets
verbs:
- - get
- - watch
- - list
- - update
+ - '*'
diff --git a/apps/networking/tailscale/operator/base/sa.yaml b/apps/networking/tailscale/operator/base/sa.yaml
index 8cd4e4def..4fbd55ca7 100644
--- a/apps/networking/tailscale/operator/base/sa.yaml
+++ b/apps/networking/tailscale/operator/base/sa.yaml
@@ -1,14 +1,11 @@
apiVersion: v1
kind: ServiceAccount
-metadata:
- name: proxies
----
-apiVersion: v1
-kind: ServiceAccount
metadata:
name: operator
+ namespace: tailscale
---
apiVersion: v1
kind: ServiceAccount
metadata:
- name: nameserver
+ name: proxies
+ namespace: tailscale
diff --git a/apps/networking/tailscale/operator/base/secret.yaml b/apps/networking/tailscale/operator/base/secret.yaml
index 80bd42941..44f18d41e 100644
--- a/apps/networking/tailscale/operator/base/secret.yaml
+++ b/apps/networking/tailscale/operator/base/secret.yaml
@@ -4,5 +4,5 @@ metadata:
name: operator-oauth
namespace: tailscale
stringData:
- client_id:
- client_secret:
+ client_id:
+ client_secret:
diff --git a/apps/networking/tailscale/operator/crds/kustomization.yaml b/apps/networking/tailscale/operator/crds/kustomization.yaml
new file mode 100644
index 000000000..164ef6dfe
--- /dev/null
+++ b/apps/networking/tailscale/operator/crds/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- https://raw.githubusercontent.com/tailscale/tailscale/v1.71.0-pre/cmd/k8s-operator/deploy/crds/tailscale.com_connectors.yaml
+- https://raw.githubusercontent.com/tailscale/tailscale/v1.71.0-pre/cmd/k8s-operator/deploy/crds/tailscale.com_proxyclasses.yaml
+- https://raw.githubusercontent.com/tailscale/tailscale/v1.71.0-pre/cmd/k8s-operator/deploy/crds/tailscale.com_dnsconfigs.yaml
+
+
+commonAnnotations:
+ argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true,ServerSideApply=true,Replace=true,Validate=false
diff --git a/apps/networking/tailscale/operator/kustomization.yaml b/apps/networking/tailscale/operator/kustomization.yaml
index 424ee5c98..ac4307ac5 100644
--- a/apps/networking/tailscale/operator/kustomization.yaml
+++ b/apps/networking/tailscale/operator/kustomization.yaml
@@ -1,9 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
-bases:
-- ./base
namespace: tailscale
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
+resources:
+ - base
+ - crds
+ - resources
diff --git a/apps/networking/tailscale/operator/resources/dns.yaml b/apps/networking/tailscale/operator/resources/dns.yaml
new file mode 100644
index 000000000..1dab1878b
--- /dev/null
+++ b/apps/networking/tailscale/operator/resources/dns.yaml
@@ -0,0 +1,10 @@
+apiVersion: tailscale.com/v1alpha1
+kind: DNSConfig
+metadata:
+ name: ts-dns
+ namespace: networking
+spec:
+ nameserver:
+ image:
+ repo: tailscale/k8s-nameserver
+ tag: unstable-v1.71
diff --git a/apps/networking/tailscale/operator/resources/egress.yaml b/apps/networking/tailscale/operator/resources/egress.yaml
new file mode 100644
index 000000000..b316b009c
--- /dev/null
+++ b/apps/networking/tailscale/operator/resources/egress.yaml
@@ -0,0 +1,9 @@
+apiVersion: tailscale.com/v1alpha1
+kind: Connector
+metadata:
+ name: egress-conector
+spec:
+ tags:
+ - "tag:vpn"
+ hostname: "egress"
+ exitNode: true
diff --git a/apps/services/mlops/discord-bot/base/kustomization.yaml b/apps/networking/tailscale/operator/resources/kustomization.yaml
similarity index 61%
rename from apps/services/mlops/discord-bot/base/kustomization.yaml
rename to apps/networking/tailscale/operator/resources/kustomization.yaml
index cba8cb583..e549e46f9 100644
--- a/apps/services/mlops/discord-bot/base/kustomization.yaml
+++ b/apps/networking/tailscale/operator/resources/kustomization.yaml
@@ -1,6 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
-- deployment.yaml
-- cm.yaml
-- secret.yaml
+- egress.yaml
+- subnet-router.yaml
+- dns.yaml
diff --git a/apps/networking/tailscale/operator/resources/macbook.yaml b/apps/networking/tailscale/operator/resources/macbook.yaml
new file mode 100644
index 000000000..32cc16a27
--- /dev/null
+++ b/apps/networking/tailscale/operator/resources/macbook.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+ annotations:
+ tailscale.com/tailnet-ip: "100.127.22.89"
+ name: macbook-tailscale
+ namespace: mlops
+spec:
+ externalName: macbook
+ type: ExternalName
diff --git a/apps/networking/tailscale/operator/resources/subnet-router.yaml b/apps/networking/tailscale/operator/resources/subnet-router.yaml
new file mode 100644
index 000000000..5e647c19b
--- /dev/null
+++ b/apps/networking/tailscale/operator/resources/subnet-router.yaml
@@ -0,0 +1,29 @@
+apiVersion: tailscale.com/v1alpha1
+kind: Connector
+metadata:
+ name: ts-pod-cidrs
+spec:
+ hostname: router-pods
+ subnetRouter:
+ advertiseRoutes:
+ - 10.42.0.0/16
+---
+apiVersion: tailscale.com/v1alpha1
+kind: Connector
+metadata:
+ name: ts-svc-cidrs
+spec:
+ hostname: router-svcs
+ subnetRouter:
+ advertiseRoutes:
+ - 10.43.0.0/16
+---
+apiVersion: tailscale.com/v1alpha1
+kind: Connector
+metadata:
+ name: ts-lan-cidrs
+spec:
+ hostname: lan-svcs
+ subnetRouter:
+ advertiseRoutes:
+ - 192.168.1.0/24
diff --git a/apps/networking/tailscale/patch.yaml b/apps/networking/tailscale/patch.yaml
deleted file mode 100644
index d626e6694..000000000
--- a/apps/networking/tailscale/patch.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: ts-sidecar
-spec:
- template:
- spec:
- serviceAccountName: "tailscale"
- containers:
- - name: tailscale
- imagePullPolicy: Always
- image: grubertech/tailscale:v1.34.1-2
- lifecycle:
- preStop:
- exec:
- command: ["/bin/sh", "-c", "tailscale logout; do sleep 1; done"]
- env:
- - name: TS_USERSPACE
- value: "false"
- - name: KUBERNETES_SERVICE_HOST
- value: "true"
- - name: TS_HOSTNAME
- value: "unifi"
- - name: DEST_PORT
- value: "8443"
- - name: AUTH_KEY
- valueFrom:
- secretKeyRef:
- name: tailscale
- key: AUTH_KEY
- securityContext:
- capabilities:
- add:
- - NET_ADMIN
- resources:
- limits:
- cpu: "150m"
- memory: "512Mi"
- requests:
- cpu: "100m"
- memory: "256Mi"
diff --git a/apps/networking/tailscale/rb.yaml b/apps/networking/tailscale/rb.yaml
deleted file mode 100644
index a7c04847c..000000000
--- a/apps/networking/tailscale/rb.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: tailscale
-subjects:
-- kind: ServiceAccount
- name: "tailscale"
-roleRef:
- kind: Role
- name: tailscale
- apiGroup: rbac.authorization.k8s.io
diff --git a/apps/networking/tailscale/sa.yaml b/apps/networking/tailscale/sa.yaml
deleted file mode 100644
index 84dfe93c8..000000000
--- a/apps/networking/tailscale/sa.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: tailscale
diff --git a/apps/networking/unifi/controller/kustomization.yaml b/apps/networking/unifi/controller/kustomization.yaml
index 9d8f9d81a..210fcc067 100644
--- a/apps/networking/unifi/controller/kustomization.yaml
+++ b/apps/networking/unifi/controller/kustomization.yaml
@@ -15,9 +15,6 @@ patches:
kind: Deployment
name: unifi-controller
-commonAnnotations:
- reloader.stakater.com/auto: "true"
-
images:
- name: jacobalberty/unifi
newTag: v8.0
diff --git a/apps/services/4get/README.md b/apps/services/4get/README.md
new file mode 100644
index 000000000..49a127fdd
--- /dev/null
+++ b/apps/services/4get/README.md
@@ -0,0 +1 @@
+## 4get
\ No newline at end of file
diff --git a/apps/services/4get/base/cm.yaml b/apps/services/4get/base/cm.yaml
new file mode 100644
index 000000000..08ef92ab7
--- /dev/null
+++ b/apps/services/4get/base/cm.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: 4get-config
+data:
+ TZ: "America/Sao_Paulo"
+ FOURGET_PROTO: "http"
+ FOURGET_SERVER_NAME: "Search.gruber.dev.br"
+ FOURGET_BOT_PROTECTION: "0"
+ FOURGET_VERSION: "8"
+ FOURGET_SERVER_SHORT_DESCRIPTION: "Just a search engine."
+ FOURGET_ALT_ADDRESSES: "https://search.gruber.dev.br"
+ FOURGET_INSTANCES: "https://search.gruber.dev.br"
+ FOURGET_HEADER_REGEX: "fake-value,fake-value2"
+ FOURGET_FILTERED_HEADER_KEYS: "fake-value,fake-value2"
diff --git a/apps/services/4get/base/deployment.yaml b/apps/services/4get/base/deployment.yaml
new file mode 100644
index 000000000..f2fac63a1
--- /dev/null
+++ b/apps/services/4get/base/deployment.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: search
+ annotations:
+ link.argocd.argoproj.io/external-link: https://search.gruber.dev.br
+spec:
+ replicas: 1
+ strategy:
+ type: Recreate
+ template:
+ spec:
+ containers:
+ - name: 4get
+ image: luuul/4get:1.0.11@sha256:d9423d013bf02cf52e8b9ef75d5e9efbdf7256aca27bcae5ec78aa312af84d6e
+ envFrom:
+ - configMapRef:
+ name: 4get-config
+ ports:
+ - name: http
+ containerPort: 80
+ protocol: TCP
diff --git a/apps/matrix/element/base/kustomization.yaml b/apps/services/4get/base/kustomization.yaml
similarity index 90%
rename from apps/matrix/element/base/kustomization.yaml
rename to apps/services/4get/base/kustomization.yaml
index b9919a7e8..7b96ba641 100644
--- a/apps/matrix/element/base/kustomization.yaml
+++ b/apps/services/4get/base/kustomization.yaml
@@ -2,5 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
-- svc.yaml
- cm.yaml
diff --git a/apps/services/archivebox/kustomization.yaml b/apps/services/4get/kustomization.yaml
similarity index 51%
rename from apps/services/archivebox/kustomization.yaml
rename to apps/services/4get/kustomization.yaml
index a5f48a516..62761ddba 100644
--- a/apps/services/archivebox/kustomization.yaml
+++ b/apps/services/4get/kustomization.yaml
@@ -1,6 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
-bases:
+resources:
- ./base
namespace: services
@@ -13,7 +13,15 @@ patches:
kubernetes.io/arch: amd64
target:
kind: Deployment
- name: archivebox
+ name: changedetection
-commonAnnotations:
- reloader.stakater.com/auto: "true"
+labels:
+- includeSelectors: true
+ includeTemplates: true
+ pairs:
+ cluster.app: 4get
+ app.kubernetes.io/part-of: services
+
+components:
+ - ../../components/lb
+ - ../../components/resources/small
diff --git a/apps/services/archivebox/README.md b/apps/services/archivebox/README.md
deleted file mode 100644
index a93ea3e03..000000000
--- a/apps/services/archivebox/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Archivebox
diff --git a/apps/services/archivebox/base/certificate.yaml b/apps/services/archivebox/base/certificate.yaml
deleted file mode 100644
index c35958062..000000000
--- a/apps/services/archivebox/base/certificate.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: archive-cloudflare
-spec:
- secretName: archive-tls
- issuerRef:
- name: letsencrypt-production
- kind: ClusterIssuer
- commonName: archive.xn--qck4cud2cb.com
- dnsNames:
- - archive.xn--qck4cud2cb.com
diff --git a/apps/services/archivebox/base/cm.yaml b/apps/services/archivebox/base/cm.yaml
deleted file mode 100644
index 36ea2ed73..000000000
--- a/apps/services/archivebox/base/cm.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: archivebox-cm
-data:
- TZ: "America/Sao_Paulo"
- ALLOWED_HOSTS: "*"
- MEDIA_MAX_SIZE: "750m"
diff --git a/apps/services/archivebox/base/deployment.yaml b/apps/services/archivebox/base/deployment.yaml
deleted file mode 100644
index 4ff4011bc..000000000
--- a/apps/services/archivebox/base/deployment.yaml
+++ /dev/null
@@ -1,79 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: archivebox
- labels:
- app: archivebox
- annotations:
- link.argocd.argoproj.io/external-link: https://archive.グルーバー.com
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: archivebox
- template:
- metadata:
- labels:
- app: archivebox
- spec:
- initContainers:
- - name: archivebox-init
- image: ghcr.io/archivebox/archivebox/archivebox:0.4.20
- command: ['/app/venv/bin/archivebox']
- args: ['init']
- resources:
- requests:
- cpu: 80m
- memory: 256Mi
- limits:
- cpu: 220m
- memory: 512Mi
- volumeMounts:
- - name: data-storage
- mountPath: /app/data
- containers:
- - name: archivebox
- image: ghcr.io/archivebox/archivebox/archivebox:0.4.20
- command: ['/app/venv/bin/gunicorn']
- args:
- - --pythonpath
- - /app/venv/lib/python3.10/site-packages/archivebox
- - -b
- - 0.0.0.0:8000
- - --timeout
- - "300"
- - archivebox.wsgi:application
- livenessProbe:
- tcpSocket:
- port: 8000
- initialDelaySeconds: 5
- periodSeconds: 10
- readinessProbe:
- tcpSocket:
- port: 8000
- initialDelaySeconds: 5
- periodSeconds: 10
- envFrom:
- - configMapRef:
- name: archivebox-cm
- ports:
- - name: web
- containerPort: 8000
- protocol: TCP
- resources:
- requests:
- cpu: 80m
- memory: 256Mi
- limits:
- cpu: 220m
- memory: 512Mi
- volumeMounts:
- - name: data-storage
- mountPath: /data
- volumes:
- - name: data-storage
- persistentVolumeClaim:
- claimName: archivebox-storage
diff --git a/apps/services/archivebox/base/ingress.yaml b/apps/services/archivebox/base/ingress.yaml
deleted file mode 100644
index bcbac9351..000000000
--- a/apps/services/archivebox/base/ingress.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: archivebox
- annotations:
- external-dns.alpha.kubernetes.io/hostname: archive.xn--qck4cud2cb.com
- external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
- external-dns.alpha.kubernetes.io/ttl: "120"
- nginx.ingress.kubernetes.io/ssl-redirect: "true"
-spec:
- ingressClassName: nginx
- rules:
- - host: archive.xn--qck4cud2cb.com
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: actual
- port:
- name: web
- tls:
- - hosts:
- - archive.xn--qck4cud2cb.com
- secretName: archive-tls
diff --git a/apps/services/archivebox/base/kustomization.yaml b/apps/services/archivebox/base/kustomization.yaml
deleted file mode 100644
index 63b35a1cd..000000000
--- a/apps/services/archivebox/base/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- svc.yaml
-- cm.yaml
-- certificate.yaml
-- ingress.yaml
diff --git a/apps/services/archivebox/base/svc.yaml b/apps/services/archivebox/base/svc.yaml
deleted file mode 100644
index c66a3ec76..000000000
--- a/apps/services/archivebox/base/svc.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: archivebox
- labels:
- app: archivebox
- annotations:
- tailscale.com/hostname: "archive"
-spec:
- selector:
- app: archivebox
- ports:
- - name: web
- port: 80
- targetPort: 8000
- protocol: TCP
- loadBalancerClass: tailscale
- type: LoadBalancer
diff --git a/apps/services/gitea/kustomization.yaml b/apps/services/gitea/kustomization.yaml
index cff6cff15..0e9934a94 100644
--- a/apps/services/gitea/kustomization.yaml
+++ b/apps/services/gitea/kustomization.yaml
@@ -4,6 +4,3 @@ bases:
- ./base
namespace: gitea
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/services/grocy/README.md b/apps/services/grocy/README.md
deleted file mode 100644
index 8f2d9af2a..000000000
--- a/apps/services/grocy/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Grocy
diff --git a/apps/services/grocy/base/cm.yaml b/apps/services/grocy/base/cm.yaml
deleted file mode 100644
index 32042472c..000000000
--- a/apps/services/grocy/base/cm.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: grocy-cm
-data:
- GENERIC_TIMEZONE: "America/Sao_Paulo"
- TZ: "America/Sao_Paulo"
- PUID: "1000"
- PGID: "1000"
diff --git a/apps/services/grocy/base/deployment.yaml b/apps/services/grocy/base/deployment.yaml
deleted file mode 100644
index 7c8ea5105..000000000
--- a/apps/services/grocy/base/deployment.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: grocy
- labels:
- app: grocy
- annotations:
- link.argocd.argoproj.io/external-link: http://grocy
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: grocy
- template:
- metadata:
- labels:
- app: grocy
- spec:
- containers:
- - name: grocy
- image: lscr.io/linuxserver/grocy:v3.3.2-ls175
- envFrom:
- - configMapRef:
- name: grocy-cm
- ports:
- - name: web
- containerPort: 80
- protocol: TCP
- resources:
- requests:
- cpu: 80m
- memory: 256Mi
- limits:
- cpu: 220m
- memory: 512Mi
- volumeMounts:
- - name: config-storage
- mountPath: /config
- volumes:
- - name: config-storage
- persistentVolumeClaim:
- claimName: grocy-storage
diff --git a/apps/services/grocy/base/svc.yaml b/apps/services/grocy/base/svc.yaml
deleted file mode 100644
index 4d5c185b9..000000000
--- a/apps/services/grocy/base/svc.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: grocy-svc
- labels:
- app: grocy
- annotations:
- tailscale.com/hostname: "grocy"
-spec:
- selector:
- app: grocy
- ports:
- - name: web
- port: 80
- targetPort: 80
- protocol: TCP
- loadBalancerClass: tailscale
- type: LoadBalancer
diff --git a/apps/services/grocy/kustomization.yaml b/apps/services/grocy/kustomization.yaml
deleted file mode 100644
index ab5c269c1..000000000
--- a/apps/services/grocy/kustomization.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-
-namespace: services
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/arch: amd64
- target:
- kind: Deployment
- name: grocy
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/services/jupyter/README.md b/apps/services/jupyter/README.md
deleted file mode 100644
index 3ea742738..000000000
--- a/apps/services/jupyter/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Jupyterlab
diff --git a/apps/services/jupyter/base/certificate.yaml b/apps/services/jupyter/base/certificate.yaml
deleted file mode 100644
index 024e820e9..000000000
--- a/apps/services/jupyter/base/certificate.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: jupyterlab-cloudflare
-spec:
- secretName: lab-tls
- issuerRef:
- name: letsencrypt-production
- kind: ClusterIssuer
- commonName: lab.gruber.dev.br
- dnsNames:
- - lab.gruber.dev.br
diff --git a/apps/services/jupyter/base/cm.yaml b/apps/services/jupyter/base/cm.yaml
deleted file mode 100644
index c509e10ba..000000000
--- a/apps/services/jupyter/base/cm.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: jupyterlab-config
-data:
- TZ: "America/Sao_Paulo"
- NB_USER: "root"
- CHOWN_HOME: "yes"
- GRANT_SUDO: "yes"
- RESTARTABLE: "yes"
- JUPYTER_PORT: "8888"
- DOCKER_STACKS_JUPYTER_CMD: "lab"
- WANDB_BASE_URL: "http://wandb.mlops.svc.cluster.local"
- WANDB_DIR: "/root/wandb"
- WANDB_CACHE_DIR: "/root/wandb/cache"
- WANDB_CONFIG_DIR: "/root/wandb/config"
- WANDB_MODE: "offline"
- WANDB_DISABLE_GIT: "true"
- WANDB_ERROR_REPORTING: "true"
diff --git a/apps/services/jupyter/base/cr.yaml b/apps/services/jupyter/base/cr.yaml
deleted file mode 100644
index 40c41e1b8..000000000
--- a/apps/services/jupyter/base/cr.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: wandb-job-creator
-rules:
-- apiGroups: [""]
- resources: ["pods", "pods/log", "secrets"]
- verbs: ["create", "get", "watch", "list", "update", "delete", "patch"]
-- apiGroups: ["batch"]
- resources: ["jobs", "jobs/status"]
- verbs: ["create", "get", "watch", "list", "update", "delete", "patch"]
diff --git a/apps/services/jupyter/base/deployment.yaml b/apps/services/jupyter/base/deployment.yaml
deleted file mode 100644
index 7ac510d80..000000000
--- a/apps/services/jupyter/base/deployment.yaml
+++ /dev/null
@@ -1,57 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: jupyterlab
- labels:
- app: jupyterlab
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: jupyterlab
- template:
- metadata:
- labels:
- app: jupyterlab
- spec:
- serviceAccountName: wandb
- containers:
- - name: jupyterlab
- image: amalic/jupyterlab:latest
- securityContext:
- runAsUser: 0
- livenessProbe:
- tcpSocket:
- port: 8888
- initialDelaySeconds: 35
- periodSeconds: 15
- readinessProbe:
- tcpSocket:
- port: 8888
- initialDelaySeconds: 10
- periodSeconds: 10
- envFrom:
- - configMapRef:
- name: jupyterlab-config
- - secretRef:
- name: jupyterlab-vars
- ports:
- - name: http
- containerPort: 8888
- protocol: TCP
- resources:
- requests:
- cpu: 200m
- memory: 256Mi
- limits:
- cpu: 1000m
- memory: 1024Mi
- volumeMounts:
- - name: data-storage
- mountPath: /notebooks
- volumes:
- - name: data-storage
- persistentVolumeClaim:
- claimName: jupyterlab-storage
diff --git a/apps/services/jupyter/base/ingress.yaml b/apps/services/jupyter/base/ingress.yaml
deleted file mode 100644
index 050a05160..000000000
--- a/apps/services/jupyter/base/ingress.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: jupyterlab
- annotations:
- external-dns.alpha.kubernetes.io/hostname: lab.gruber.dev.br
- external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
- external-dns.alpha.kubernetes.io/ttl: "120"
- nginx.ingress.kubernetes.io/ssl-redirect: "true"
-spec:
- ingressClassName: nginx
- rules:
- - host: lab.gruber.dev.br
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: jupyterlab
- port:
- name: http
- tls:
- - hosts:
- - lab.gruber.dev.br
- secretName: lab-tls
diff --git a/apps/services/jupyter/base/kustomization.yaml b/apps/services/jupyter/base/kustomization.yaml
deleted file mode 100644
index f088d46a4..000000000
--- a/apps/services/jupyter/base/kustomization.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- svc.yaml
-- cm.yaml
-- certificate.yaml
-- ingress.yaml
-- secret.yaml
-- rb.yaml
-- role.yaml
-- sa.yaml
-- cr.yaml
diff --git a/apps/services/jupyter/base/rb.yaml b/apps/services/jupyter/base/rb.yaml
deleted file mode 100644
index 3ef80ac02..000000000
--- a/apps/services/jupyter/base/rb.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: wandb-launch-role-binding
- namespace: mlops
-subjects:
-- kind: ServiceAccount
- name: wandb
- namespace: mlops
-roleRef:
- kind: Role
- name: wandb-launch-agent
- apiGroup: rbac.authorization.k8s.io
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: wandb-cr
- namespace: mlops
-subjects:
-- kind: ServiceAccount
- name: wandb
- namespace: mlops
-roleRef:
- kind: ClusterRole
- name: wandb-job-creator
- apiGroup: rbac.authorization.k8s.io
diff --git a/apps/services/jupyter/base/role.yaml b/apps/services/jupyter/base/role.yaml
deleted file mode 100644
index 913005a84..000000000
--- a/apps/services/jupyter/base/role.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- namespace: wandb-launch-agent
- name: mlops
-rules:
-- apiGroups: [""]
- resources: ["pods", "configmaps", "secrets", "pods/log"]
- verbs: ["create", "get", "watch", "list", "update", "delete", "patch"]
-- apiGroups: ["batch"]
- resources: ["jobs", "jobs/status"]
- verbs: ["create", "get", "watch", "list", "update", "delete", "patch"]
diff --git a/apps/services/jupyter/base/sa.yaml b/apps/services/jupyter/base/sa.yaml
deleted file mode 100644
index abb50a456..000000000
--- a/apps/services/jupyter/base/sa.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: wandb
diff --git a/apps/services/jupyter/base/secret.yaml b/apps/services/jupyter/base/secret.yaml
deleted file mode 100644
index 8344c1d17..000000000
--- a/apps/services/jupyter/base/secret.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-kind: Secret
-apiVersion: v1
-metadata:
- name: jupyterlab-vars
- annotations:
- avp.kubernetes.io/path: "kv/data/mlops"
-stringData:
- WANDB_API_KEY:
- OPENAI_API_KEY:
diff --git a/apps/services/jupyter/base/svc.yaml b/apps/services/jupyter/base/svc.yaml
deleted file mode 100644
index a8f2b5172..000000000
--- a/apps/services/jupyter/base/svc.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: jupyterlab
- labels:
- app: jupyterlab
- annotations:
- tailscale.com/hostname: "lab"
-spec:
- selector:
- app: jupyterlab
- ports:
- - name: http
- port: 80
- targetPort: 8888
- protocol: TCP
- loadBalancerClass: tailscale
- type: LoadBalancer
diff --git a/apps/services/jupyter/kustomization.yaml b/apps/services/jupyter/kustomization.yaml
deleted file mode 100644
index 8376fb2d8..000000000
--- a/apps/services/jupyter/kustomization.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-
-namespace: mlops
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/arch: amd64
- target:
- kind: Deployment
- name: jupyterlab
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/services/librex/README.md b/apps/services/librex/README.md
deleted file mode 100644
index 9d34e9938..000000000
--- a/apps/services/librex/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## LibreX
diff --git a/apps/services/librex/base/cm.yaml b/apps/services/librex/base/cm.yaml
deleted file mode 100644
index ae576cc93..000000000
--- a/apps/services/librex/base/cm.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: librex-cm
- labels:
- app: librex
-data:
- PUID: "1000"
- PGID: "1000"
- VERSION: "docker"
- TZ: "America/Sao_Paulo"
- CONFIG_GOOGLE_DOMAIN: "com"
- CONFIG_GOOGLE_LANGUAGE_SITE: "en"
- CONFIG_GOOGLE_LANGUAGE_RESULTS: "en"
- CONFIG_WIKIPEDIA_LANGUAGE: "en"
diff --git a/apps/services/librex/base/deployment.yaml b/apps/services/librex/base/deployment.yaml
deleted file mode 100644
index 6a620c4f1..000000000
--- a/apps/services/librex/base/deployment.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: librex
- labels:
- app: librex
- annotations:
- link.argocd.argoproj.io/external-link: http://g.gruber.dev.br
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: librex
- template:
- metadata:
- labels:
- app: librex
- spec:
- containers:
- - name: librex
- image: librex/librex:latest@sha256:f78bc8a29587421da96a80310ce942e5ebca1a05b32a7a39d2264c0a3a55a8db
- envFrom:
- - configMapRef:
- name: librex-cm
- ports:
- - name: web
- containerPort: 8080
- protocol: TCP
- resources:
- requests:
- cpu: 100m
- memory: 128Mi
- limits:
- cpu: 350m
- memory: 400Mi
diff --git a/apps/services/librex/base/ingress.yaml b/apps/services/librex/base/ingress.yaml
deleted file mode 100644
index 5a3e117b7..000000000
--- a/apps/services/librex/base/ingress.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: librex
- labels:
- app: librex
- annotations:
- external-dns.alpha.kubernetes.io/hostname: g.gruber.dev.br
- external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
- external-dns.alpha.kubernetes.io/ttl: "120"
- nginx.ingress.kubernetes.io/ssl-redirect: "true"
-spec:
- ingressClassName: nginx
- rules:
- - host: g.gruber.dev.br
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: librex-tailscale
- port:
- name: web
- tls:
- - hosts:
- - g.gruber.dev.br
- secretName: librex-tls
diff --git a/apps/services/librex/base/kustomization.yaml b/apps/services/librex/base/kustomization.yaml
deleted file mode 100644
index 076dd8f1a..000000000
--- a/apps/services/librex/base/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- svc.yaml
-- cm.yaml
-- ingress.yaml
-- certificate.yaml
diff --git a/apps/services/librex/base/svc.yaml b/apps/services/librex/base/svc.yaml
deleted file mode 100644
index fb72f8a0a..000000000
--- a/apps/services/librex/base/svc.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: librex-tailscale
- labels:
- app: librex
- annotations:
- tailscale.com/hostname: "librex"
-spec:
- selector:
- app: librex
- ports:
- - name: web
- port: 80
- targetPort: 8080
- protocol: TCP
- loadBalancerClass: tailscale
- type: LoadBalancer
diff --git a/apps/services/librex/kustomization.yaml b/apps/services/librex/kustomization.yaml
deleted file mode 100644
index 7ca5ddfde..000000000
--- a/apps/services/librex/kustomization.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-
-namespace: services
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/arch: amd64
- target:
- kind: Deployment
- name: librex
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/services/mlops/chatbot-ui/README.md b/apps/services/mlops/chatbot-ui/README.md
deleted file mode 100644
index bfc9908d5..000000000
--- a/apps/services/mlops/chatbot-ui/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Chatbot-UI
diff --git a/apps/services/mlops/chatbot-ui/base/certificate.yaml b/apps/services/mlops/chatbot-ui/base/certificate.yaml
deleted file mode 100644
index edfdd3b74..000000000
--- a/apps/services/mlops/chatbot-ui/base/certificate.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: openai-internal-gpt
-spec:
- secretName: gpt-tls
- issuerRef:
- name: letsencrypt-production
- kind: ClusterIssuer
- commonName: gpt.gruber.dev.br
- dnsNames:
- - gpt.gruber.dev.br
diff --git a/apps/services/mlops/chatbot-ui/base/cm.yaml b/apps/services/mlops/chatbot-ui/base/cm.yaml
deleted file mode 100644
index a987eae52..000000000
--- a/apps/services/mlops/chatbot-ui/base/cm.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: chatui-config
-data:
- OPENAI_API_BASE_URL: "http://local-ai.mlops.svc.cluster.local"
- OPENAI_API_MODEL: "gpt-3.5-turbo"
- OPENAI_API_KEY: "example"
- HTTPS_PROXY: ""
diff --git a/apps/services/mlops/chatbot-ui/base/deployment.yaml b/apps/services/mlops/chatbot-ui/base/deployment.yaml
deleted file mode 100644
index f87827ec5..000000000
--- a/apps/services/mlops/chatbot-ui/base/deployment.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: chatui
- labels:
- app: chatui
-spec:
- selector:
- matchLabels:
- app: chatui
- replicas: 1
- strategy:
- type: Recreate
- template:
- metadata:
- name: chatui
- labels:
- app: chatui
- spec:
- containers:
- - name: chatbot-ui
- image: docker.io/ddiu8081/chatgpt-demo:latest
- ports:
- - name: http
- containerPort: 3000
- protocol: TCP
- resources:
- limits:
- cpu: 300m
- memory: 512Mi
- requests:
- cpu: 100m
- memory: 256Mi
- envFrom:
- - configMapRef:
- name: chatui-config
diff --git a/apps/services/mlops/chatbot-ui/base/ingress.yaml b/apps/services/mlops/chatbot-ui/base/ingress.yaml
deleted file mode 100644
index 577c488c6..000000000
--- a/apps/services/mlops/chatbot-ui/base/ingress.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: gpt-internal
- annotations:
- external-dns.alpha.kubernetes.io/hostname: gpt.gruber.dev.br
- external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
- external-dns.alpha.kubernetes.io/ttl: "120"
- nginx.ingress.kubernetes.io/ssl-redirect: "false"
-
-spec:
- ingressClassName: nginx
- rules:
- - host: gpt.gruber.dev.br
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: chatui-tailscale
- port:
- name: http
- tls:
- - hosts:
- - gpt.gruber.dev.br
- secretName: gpt-tls
diff --git a/apps/services/mlops/chatbot-ui/base/kustomization.yaml b/apps/services/mlops/chatbot-ui/base/kustomization.yaml
deleted file mode 100644
index 076dd8f1a..000000000
--- a/apps/services/mlops/chatbot-ui/base/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- svc.yaml
-- cm.yaml
-- ingress.yaml
-- certificate.yaml
diff --git a/apps/services/mlops/chatbot-ui/base/svc.yaml b/apps/services/mlops/chatbot-ui/base/svc.yaml
deleted file mode 100644
index 968d85745..000000000
--- a/apps/services/mlops/chatbot-ui/base/svc.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: chatui
- labels:
- app: chatui
-spec:
- selector:
- app: chatui
- ports:
- - name: http
- port: 80
- targetPort: 3000
- protocol: TCP
- type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
- name: chatui-tailscale
- labels:
- app: chatui
- annotations:
- tailscale.com/hostname: "gpt"
-spec:
- selector:
- app: chatui
- ports:
- - name: http
- port: 80
- targetPort: 3000
- protocol: TCP
- loadBalancerClass: tailscale
- type: LoadBalancer
diff --git a/apps/services/mlops/chatbot-ui/kustomization.yaml b/apps/services/mlops/chatbot-ui/kustomization.yaml
deleted file mode 100644
index 249240e46..000000000
--- a/apps/services/mlops/chatbot-ui/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-namespace: mlops
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/services/mlops/discord-bot/README.md b/apps/services/mlops/discord-bot/README.md
deleted file mode 100644
index b30c4d96b..000000000
--- a/apps/services/mlops/discord-bot/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## ChatGPT bot for Discord
diff --git a/apps/services/mlops/discord-bot/base/cm.yaml b/apps/services/mlops/discord-bot/base/cm.yaml
deleted file mode 100644
index 31b53095b..000000000
--- a/apps/services/mlops/discord-bot/base/cm.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: chatgpt-discord-config
-data:
- TZ: "America/Sao_Paulo"
- OPENAI_API_BASE: "http://local-ai.mlops.svc.cluster.local"
diff --git a/apps/services/mlops/discord-bot/base/deployment.yaml b/apps/services/mlops/discord-bot/base/deployment.yaml
deleted file mode 100644
index 209db1d9a..000000000
--- a/apps/services/mlops/discord-bot/base/deployment.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: chatgpt-discord
- labels:
- app: chatgpt-discord
-
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: chatgpt-discord
- template:
- metadata:
- labels:
- app: chatgpt-discord
- spec:
- containers:
- - name: bot
- image: quay.io/go-skynet/gpt-discord-bot:main
- imagePullPolicy: Always
- envFrom:
- - configMapRef:
- name: chatgpt-discord-config
- - secretRef:
- name: chatgpt-discord-vars
- ports:
- - name: web
- containerPort: 8080
- protocol: TCP
- resources:
- requests:
- cpu: 120m
- memory: 256Mi
- limits:
- cpu: 220m
- memory: 512Mi
diff --git a/apps/services/mlops/discord-bot/base/secret.yaml b/apps/services/mlops/discord-bot/base/secret.yaml
deleted file mode 100644
index 9842386e9..000000000
--- a/apps/services/mlops/discord-bot/base/secret.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-kind: Secret
-apiVersion: v1
-metadata:
- name: chatgpt-discord-vars
- annotations:
- avp.kubernetes.io/path: "kv/data/chatgpt"
-stringData:
- DISCORD_BOT_TOKEN:
- SESSION_TOKEN:
- OPENAI_EMAIL:
- OPENAI_PASSWORD:
- OPENAI_API_KEY:
- DISCORD_CHANNEL_ID:
- REPLYING_ALL_DISCORD_CHANNEL_ID:
- ALLOWED_SERVER_IDS: ,,
- DISCORD_CLIENT_ID:
- SERVER_TO_MODERATION_CHANNEL: :,:,:
diff --git a/apps/services/mlops/discord-bot/kustomization.yaml b/apps/services/mlops/discord-bot/kustomization.yaml
deleted file mode 100644
index 6731700c5..000000000
--- a/apps/services/mlops/discord-bot/kustomization.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-
-namespace: mlops
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/arch: amd64
- target:
- kind: Deployment
- name: chatgpt-discord
diff --git a/apps/services/mlops/kustomization.yaml b/apps/services/mlops/kustomization.yaml
deleted file mode 100644
index 05ca38e8a..000000000
--- a/apps/services/mlops/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
- # - local-ai/
- # - langflow/
- - chatbot-ui/
diff --git a/apps/services/mlops/langflow/README.md b/apps/services/mlops/langflow/README.md
deleted file mode 100644
index bfc9908d5..000000000
--- a/apps/services/mlops/langflow/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Chatbot-UI
diff --git a/apps/services/mlops/langflow/base/certificate.yaml b/apps/services/mlops/langflow/base/certificate.yaml
deleted file mode 100644
index 80d272e04..000000000
--- a/apps/services/mlops/langflow/base/certificate.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: langflow
-spec:
- secretName: lang-tls
- issuerRef:
- name: letsencrypt-production
- kind: ClusterIssuer
- commonName: lang.gruber.dev.br
- dnsNames:
- - lang.gruber.dev.br
diff --git a/apps/services/mlops/langflow/base/cm.yaml b/apps/services/mlops/langflow/base/cm.yaml
deleted file mode 100644
index 7305fb07b..000000000
--- a/apps/services/mlops/langflow/base/cm.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: langflow-config
-data:
- LANGFLOW_LOG_LEVEL: "critical"
- LANGFLOW_LOG_FILE: "logs/langflow.log"
- LANGFLOW_HOST: "0.0.0.0"
- LANGFLOW_DATABASE_URL: "sqlite:///./langflow.db"
- LANGFLOW_OPEN_BROWSER: "false"
- LANGFLOW_WORKERS: "1"
diff --git a/apps/services/mlops/langflow/base/deployment.yaml b/apps/services/mlops/langflow/base/deployment.yaml
deleted file mode 100644
index 04165818c..000000000
--- a/apps/services/mlops/langflow/base/deployment.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: langflow
- labels:
- app: langflow
-spec:
- selector:
- matchLabels:
- app: langflow
- replicas: 1
- strategy:
- type: Recreate
- template:
- metadata:
- name: langflow
- labels:
- app: langflow
- spec:
- containers:
- - name: langflow-server
- image: docker.io/grubertech/langflow:v0.4.8
- ports:
- - name: http
- containerPort: 7860
- protocol: TCP
- resources:
- limits:
- cpu: 300m
- memory: 512Mi
- requests:
- cpu: 100m
- memory: 256Mi
- envFrom:
- - configMapRef:
- name: langflow-config
diff --git a/apps/services/mlops/langflow/base/ingress.yaml b/apps/services/mlops/langflow/base/ingress.yaml
deleted file mode 100644
index d6b5c6323..000000000
--- a/apps/services/mlops/langflow/base/ingress.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: langflow-internal
- annotations:
- external-dns.alpha.kubernetes.io/hostname: lang.gruber.dev.br
- external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
- external-dns.alpha.kubernetes.io/ttl: "120"
- nginx.ingress.kubernetes.io/ssl-redirect: "false"
-spec:
- ingressClassName: nginx
- rules:
- - host: lang.gruber.dev.br
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: lang-internal
- port:
- name: http
- tls:
- - hosts:
- - lang.gruber.dev.br
- secretName: lang-tls
diff --git a/apps/services/mlops/langflow/base/kustomization.yaml b/apps/services/mlops/langflow/base/kustomization.yaml
deleted file mode 100644
index 076dd8f1a..000000000
--- a/apps/services/mlops/langflow/base/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- svc.yaml
-- cm.yaml
-- ingress.yaml
-- certificate.yaml
diff --git a/apps/services/mlops/langflow/base/svc.yaml b/apps/services/mlops/langflow/base/svc.yaml
deleted file mode 100644
index 27547dfb9..000000000
--- a/apps/services/mlops/langflow/base/svc.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: lang-internal
- labels:
- app: langflow
- annotations:
- kube-vip.io/vipHost: langflow
-spec:
- ports:
- - name: http
- port: 80
- protocol: TCP
- targetPort: 7860
- selector:
- app: langflow
- type: LoadBalancer
- loadBalancerIP: "192.168.1.151"
- loadBalancerClass: kube-vip.io/kube-vip-class
diff --git a/apps/services/mlops/langflow/kustomization.yaml b/apps/services/mlops/langflow/kustomization.yaml
deleted file mode 100644
index 249240e46..000000000
--- a/apps/services/mlops/langflow/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-namespace: mlops
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/services/mlops/local-ai/README.md b/apps/services/mlops/local-ai/README.md
deleted file mode 100644
index 869e59d5c..000000000
--- a/apps/services/mlops/local-ai/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## LocalAI
diff --git a/apps/services/mlops/local-ai/base/certificate.yaml b/apps/services/mlops/local-ai/base/certificate.yaml
deleted file mode 100644
index 38267159d..000000000
--- a/apps/services/mlops/local-ai/base/certificate.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: localai
-spec:
- secretName: localai-tls
- issuerRef:
- name: letsencrypt-production
- kind: ClusterIssuer
- commonName: openai.gruber.dev.br
- dnsNames:
- - openai.gruber.dev.br
diff --git a/apps/services/mlops/local-ai/base/cm.yaml b/apps/services/mlops/local-ai/base/cm.yaml
deleted file mode 100644
index b1babff5b..000000000
--- a/apps/services/mlops/local-ai/base/cm.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: localai-config
-data:
- CONTEXT_SIZE: "2048"
- THREADS: "4"
- MODELS_PATH: "/models"
- CORS: "true"
- CORS_ALLOWS_ORIGINS: "*"
- DEBUG: "true"
- BUILD_TYPE: "cublas"
- NVIDIA_VISIBLE_DEVICES: "all"
- NVIDIA_DRIVER_CAPABILITIES: "all"
- NVIDIA_REQUIRE_CUDA: "cuda>=11.0"
- REBUILD: "false"
- PRELOAD_MODELS: '[{"url": "github:gruberdev/homelab/apps/services/mlops/local-ai/models/orca.yaml", "name": "gpt-3.5-turbo"}]'
- GALLERIES: '[{"name":"model-gallery", "url":"github:go-skynet/model-gallery/index.yaml"},{"url": "github:go-skynet/model-gallery/huggingface.yaml","name":"huggingface"},{"url": "github:gruberdev/homelab/apps/services/mlops/local-ai/models/index.yaml","name":"personal"}]'
diff --git a/apps/services/mlops/local-ai/base/deployment.yaml b/apps/services/mlops/local-ai/base/deployment.yaml
deleted file mode 100644
index 967485431..000000000
--- a/apps/services/mlops/local-ai/base/deployment.yaml
+++ /dev/null
@@ -1,63 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: local-ai
- labels:
- app: local-ai
-spec:
- selector:
- matchLabels:
- app: local-ai
- replicas: 1
- strategy:
- type: Recreate
- template:
- metadata:
- name: local-ai
- labels:
- app: local-ai
- spec:
- runtimeClassName: nvidia
- containers:
- - name: local-ai
- image: quay.io/go-skynet/local-ai:sha-98ad93d-cublas-cuda11-ffmpeg
- ports:
- - name: http
- containerPort: 8080
- protocol: TCP
- livenessProbe:
- tcpSocket:
- port: 8080
- initialDelaySeconds: 35
- periodSeconds: 10
- readinessProbe:
- tcpSocket:
- port: 8080
- initialDelaySeconds: 10
- periodSeconds: 10
- startupProbe:
- tcpSocket:
- port: 8080
- initialDelaySeconds: 30
- periodSeconds: 30
- failureThreshold: 10
- resources:
- limits:
- cpu: 6000m
- memory: 16Gi
- requests:
- cpu: 1000m
- memory: 2Gi
- envFrom:
- - configMapRef:
- name: localai-config
- volumeMounts:
- - mountPath: /models
- name: models
- volumes:
- - name: models
- persistentVolumeClaim:
- claimName: localai-storage
- - name: prompt-templates
- configMap:
- name: local-ai-prompt-templates
diff --git a/apps/services/mlops/local-ai/base/ingress.yaml b/apps/services/mlops/local-ai/base/ingress.yaml
deleted file mode 100644
index 0ab7e6916..000000000
--- a/apps/services/mlops/local-ai/base/ingress.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: localai-internal
- annotations:
- external-dns.alpha.kubernetes.io/hostname: openai.gruber.dev.br
- external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
- external-dns.alpha.kubernetes.io/ttl: "120"
- nginx.ingress.kubernetes.io/ssl-redirect: "true"
-spec:
- ingressClassName: nginx
- rules:
- - host: openai.gruber.dev.br
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: local-ai-tailscale
- port:
- name: http
- tls:
- - hosts:
- - openai.gruber.dev.br
- secretName: localai-tls
diff --git a/apps/services/mlops/local-ai/base/kustomization.yaml b/apps/services/mlops/local-ai/base/kustomization.yaml
deleted file mode 100644
index 076dd8f1a..000000000
--- a/apps/services/mlops/local-ai/base/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- svc.yaml
-- cm.yaml
-- ingress.yaml
-- certificate.yaml
diff --git a/apps/services/mlops/local-ai/base/svc.yaml b/apps/services/mlops/local-ai/base/svc.yaml
deleted file mode 100644
index 5e1b6fc02..000000000
--- a/apps/services/mlops/local-ai/base/svc.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: local-ai
- labels:
- app: local-ai
-spec:
- selector:
- app: local-ai
- ports:
- - name: http
- port: 80
- targetPort: 8080
- protocol: TCP
- type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
- name: local-ai-tailscale
- labels:
- app: local-ai
- annotations:
- tailscale.com/hostname: "openai"
-spec:
- selector:
- app: local-ai
- ports:
- - name: http
- port: 80
- targetPort: 8080
- protocol: TCP
- loadBalancerClass: tailscale
- type: LoadBalancer
diff --git a/apps/services/mlops/local-ai/kustomization.yaml b/apps/services/mlops/local-ai/kustomization.yaml
deleted file mode 100644
index 405ad6f1b..000000000
--- a/apps/services/mlops/local-ai/kustomization.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-
-namespace: mlops
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/hostname: node-one
- target:
- kind: Deployment
- name: local-ai
-
-images:
-- name: quay.io/go-skynet/local-ai
- newTag: sha-63e1f8f-cublas-cuda11-ffmpeg
diff --git a/apps/services/mlops/local-ai/models/chronos.yaml b/apps/services/mlops/local-ai/models/chronos.yaml
deleted file mode 100644
index 66879c1b5..000000000
--- a/apps/services/mlops/local-ai/models/chronos.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-name: "chronos"
-
-description: |
- Austism's Chronos Hermes 13B GGML
-
-license: "Other"
-urls:
-- https://huggingface.co/The-Face-Of-Goonery/Chronos-Beluga-v2-13b-ggml
-
-config_file: |
- name: chronos
- gpu_layers: 1000
- debug: true
- mmap: false
- f16: true
- embeddings: false
- prompt_cache_all: true
- prompt_cache_ro: false
- low_vram: true
- backend: llama
- parameters:
- model: ggml-chronos-beluga-q4_1.bin
- top_k: 80
- temperature: 1
- top_p: 0.7
- context_size: 1024
- template:
- completion: chronos-completion
- chat: chronos-chat
-
-files:
-- filename: "ggml-chronos-beluga-q4_1.bin"
- uri: "https://huggingface.co/The-Face-Of-Goonery/Chronos-Beluga-v2-13b-ggml/resolve/main/ggml-chronos-beluga-q4_1.bin"
-
-prompt_templates:
-- name: "chronos-completion"
- content: |
- {{.Input}}
-
-- name: "chronos-chat"
- content: |
- The prompt below is a question to answer, a task to complete, or a conversation to respond to; decide which and write an appropriate response.
- ### Prompt:
- {{.Input}}
- ### Response:
diff --git a/apps/services/mlops/local-ai/models/e5.yaml b/apps/services/mlops/local-ai/models/e5.yaml
deleted file mode 100644
index a6b1db617..000000000
--- a/apps/services/mlops/local-ai/models/e5.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-name: "e5-embeddings"
-license: "MIT"
-urls:
-- https://huggingface.co/gruber/e5-small-v2-ggml
-- https://huggingface.co/intfloat/e5-small-v2
-description: |
- This model is based on intfloat/e5-small-v2 for sentence similarity and embedding texts on vector databases.
-config_file: |
- parameters:
- model: ggml-model-q4_0.bin
- backend: bert-embeddings
- embeddings: true
-files:
-- filename: "ggml-model-q4_0.bin"
- sha256: "9b5a9eaf92eb990ebdac8d3c0795b8ed2ab40776ffb096104420f43850091cc5"
- uri: "https://huggingface.co/gruber/e5-small-v2-ggml/resolve/main/ggml-model-q4_0.bin"
diff --git a/apps/services/mlops/local-ai/models/embeddings.yaml b/apps/services/mlops/local-ai/models/embeddings.yaml
deleted file mode 100644
index 13dd455bd..000000000
--- a/apps/services/mlops/local-ai/models/embeddings.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-name: "bert-embeddings"
-license: "Apache 2.0"
-urls:
-- https://huggingface.co/skeskinen/ggml
-description: |
- Bert model that can be used for embeddings
-config_file: |
- parameters:
- model: bert-MiniLM-L6-v2q4_0
- backend: bert-embeddings
- embeddings: true
-files:
-- filename: "bert-MiniLM-L6-v2q4_0"
- sha256: "a5a174d8772c8a569faf9f3136c441f2c3855b5bf35ed32274294219533feaad"
- uri: "https://huggingface.co/skeskinen/ggml/resolve/main/all-MiniLM-L6-v2/ggml-model-q4_0.bin"
diff --git a/apps/services/mlops/local-ai/models/hermes.yaml b/apps/services/mlops/local-ai/models/hermes.yaml
deleted file mode 100644
index b43b635d1..000000000
--- a/apps/services/mlops/local-ai/models/hermes.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-name: "hermes"
-
-description: |
- Nous Hermes Llama 2 13B GGML
-
-license: "Other"
-urls:
-- https://huggingface.co/TheBloke/Nous-Hermes-Llama2-GGML
-
-config_file: |
- name: hermes
- gpu_layers: 1000
- debug: true
- mmap: false
- f16: true
- embeddings: false
- prompt_cache_all: true
- prompt_cache_ro: false
- low_vram: true
- backend: llama
- parameters:
- model: nous-hermes-llama2-13b.ggmlv3.q5_K_M.bin
- top_k: 80
- temperature: 1
- top_p: 0.7
- context_size: 1024
- template:
- completion: hermes-completion
- chat: hermes-chat
-
-files:
-- filename: "nous-hermes-llama2-13b.ggmlv3.q5_K_M.bin"
- uri: "https://huggingface.co/TheBloke/Nous-Hermes-Llama2-GGML/resolve/main/nous-hermes-llama2-13b.ggmlv3.q5_K_M.bin"
-
-prompt_templates:
-- name: "hermes-completion"
- content: |
- {{.Input}}
-
-- name: "hermes-chat"
- content: |
- The prompt below is a question to answer, a task to complete, or a conversation to respond to; decide which and write an appropriate response.
- ### Prompt:
- {{.Input}}
- ### Response:
diff --git a/apps/services/mlops/local-ai/models/index.yaml b/apps/services/mlops/local-ai/models/index.yaml
deleted file mode 100644
index 2c5051b13..000000000
--- a/apps/services/mlops/local-ai/models/index.yaml
+++ /dev/null
@@ -1,124 +0,0 @@
-## Whisper
-- url: "github:gruberdev/homelab/apps/services/chatgpt/local-ai/models/whisper.yaml"
- name: "whisper"
- license: other
-## Bert embeddings
-- url: "github:gruberdev/homelab/apps/services/chatgpt/local-ai/models/embeddings.yaml"
- name: "embeddings"
- license: other
- ## Stable Diffusion
-- url: "github:gruberdev/homelab/apps/services/chatgpt/local-ai/models/wizard.yaml"
- name: Vicuna-13B-Uncensored-GGML-q41
- license: other
- urls:
- - https://huggingface.co/TheBloke/Wizard-Vicuna-13B-Uncensored-GGML
- tags:
- - en
- - adapter-transformers
- - vicuna
- - ggml
- - conversational
- - uncensored
- files:
- - filename: Wizard-Vicuna-13B-Uncensored.Q5_K_M.gguf
- sha256: d7aab1372891c3fefb9e6970adcfa06d7f8ee96e91c236751d77b7cdfc096be1
- uri: https://huggingface.co/TheBloke/Wizard-Vicuna-13B-Uncensored-GGUF/resolve/main/Wizard-Vicuna-13B-Uncensored.Q5_K_M.gguf
-- url: "github:gruberdev/homelab/apps/services/chatgpt/local-ai/models/chronos.yaml"
- name: chronos-hermes-13B-q50
- license: other
- urls:
- - https://huggingface.co/TheBloke/chronos-hermes-13B-GGML
- tags:
- - en
- - adapter-transformers
- - vicuna
- - ggml
- - conversational
- - uncensored
- files:
- - filename: chronos-hermes-13b.ggmlv3.q5_0.bin
- sha256: 5230b3a9b633ce90dfb3298d95f4ba9826ffd398cb23177b37507f6df61cc189
- uri: https://huggingface.co/TheBloke/chronos-hermes-13B-GGML/resolve/main/chronos-hermes-13b.ggmlv3.q5_0.bin
-- url: "github:gruberdev/homelab/apps/services/chatgpt/local-ai/models/llama2.yaml"
- name: llama2
- license: other
- urls:
- - https://huggingface.co/TheBloke/Llama-2-13B-chat-GGML
- - https://huggingface.co/meta-llama/Llama-2-13b-chat-hf
- - https://huggingface.co/TheBloke/Llama-2-13B-chat-GPTQ
- tags:
- - en
- - llama
- - ggmlC
- - conversational
- - vanilla
- - chat
- files:
- - filename: llama-2-13b-chat.ggmlv3.q4_K_M.bin
- sha256: 41d647de4f9700aeaff878805ba68d603a53ea50d4580e72d1ca503d886a4f03
- uri: https://huggingface.co/TheBloke/Llama-2-13B-chat-GGML/resolve/main/llama-2-13b-chat.ggmlv3.q4_K_M.bin
-- url: "github:gruberdev/homelab/apps/services/chatgpt/local-ai/models/hermes.yaml"
- name: hermes
- license: other
- urls:
- - https://huggingface.co/TheBloke/Nous-Hermes-Llama2-GGML
- tags:
- - en
- - llama2
- - ggml
- - conversational
- - vanilla
- - roleplay
- - chat
- files:
- - filename: nous-hermes-llama2-13b.ggmlv3.q5_K_M.bin
- sha256: 7b339c3db12a2d49786388a3221911de67ab24d155e640f6024a5a96110be5da
- uri: https://huggingface.co/TheBloke/Nous-Hermes-Llama2-GGML/resolve/main/nous-hermes-llama2-13b.ggmlv3.q5_K_M.bin
-- url: "github:gruberdev/homelab/apps/services/chatgpt/local-ai/models/orca.yaml"
- name: orca
- license: other
- urls:
- - https://huggingface.co/TheBloke/OpenOrca-Platypus2-13B-GGML
- tags:
- - en
- - llama2
- - ggml
- - conversational
- - vanilla
- - censured
- - chat
- files:
- - filename: openorca-platypus2-13b.ggmlv3.q5_K_M.bin
- sha256: c887fc1d8ae0511ec3fe677027625359a51c5672602fce83293584a8c5e941c7
- uri: https://huggingface.co/TheBloke/OpenOrca-Platypus2-13B-GGML/resolve/main/openorca-platypus2-13b.ggmlv3.q5_K_M.bin
-- url: "github:gruberdev/homelab/apps/services/chatgpt/local-ai/models/mythos.yaml"
- name: mythos
- license: other
- urls:
- - https://huggingface.co/TheBloke/MythoMax-L2-13B-GGML
- - https://huggingface.co/Gryphe/MythoMax-L2-13b
- tags:
- - en
- - llama2
- - ggml
- - conversational
- - roleplay
- - chat
- files:
- - filename: mythomax-l2-13b.ggmlv3.q5_K_M.bin
- sha256: c3ddd2874e4b9a7d8ba43f227929f1e0b947b39bf9c46c1343f5f94cf0469910
- uri: https://huggingface.co/TheBloke/MythoMax-L2-13B-GGML/resolve/main/mythomax-l2-13b.ggmlv3.q5_K_M.bin
-- url: "github:gruberdev/homelab/apps/services/chatgpt/local-ai/models/wizardcoder.yaml"
- name: wizardcoder
- license: other
- urls:
- - https://huggingface.co/TheBloke/WizardCoder-Guanaco-15B-V1.0-GGML
- tags:
- - en
- - codegen
- - ggml
- - conversational
- files:
- - filename: wizardcoder-guanaco-15b-v1.0.ggmlv1.q4_0.bin
- sha256: 4708d9248b85b76a7bb85ac9bb586cacac4df8923dda9b09189babe326a61d94
- uri: https://huggingface.co/TheBloke/WizardCoder-Guanaco-15B-V1.0-GGML/resolve/main/wizardcoder-guanaco-15b-v1.0.ggmlv1.q4_0.bin
diff --git a/apps/services/mlops/local-ai/models/llama2-complete.yaml b/apps/services/mlops/local-ai/models/llama2-complete.yaml
deleted file mode 100644
index 03fbb3b0f..000000000
--- a/apps/services/mlops/local-ai/models/llama2-complete.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-name: "llama2-complete"
-
-description: |
- Meta's Llama 2 13B-chat GGML
-
-license: "Other"
-urls:
-- https://huggingface.co/TheBloke/Llama-2-13B-GGML
-
-config_file: |
- name: llama2-complete
- gpu_layers: 1000
- debug: true
- mmap: false
- f16: true
- embeddings: false
- prompt_cache_all: true
- prompt_cache_ro: false
- low_vram: true
- backend: llama
- parameters:
- model: llama-2-13b-chat.ggmlv3.q4_K_M.bin
- top_k: 80
- temperature: 1
- top_p: 0.7
- context_size: 2048
- template:
- chat_message: llama2-chat-message
- system_prompt: |
- You are an AI assistant. You should describe the task and explain your answer. While answering a multiple choice question, first output the correct answer(s). Then explain why other answers are wrong. You might need to use additional knowledge to answer the question.
-files:
-- filename: "llama-2-13b-chat.ggmlv3.q4_K_M.bin"
- uri: "https://huggingface.co/TheBloke/Llama-2-13B-chat-GGML/resolve/main/llama-2-13b-chat.ggmlv3.q4_K_M.bin"
-
-prompt_templates:
-- name: "llama2-chat-message"
- content: |
- {{if eq .RoleName "assistant"}}{{.Content}}{{else}}
- [INST]
- {{if eq .RoleName "system"}}<>{{.Content}}<>{{else if and (.SystemPrompt) (eq .MessageIndex 0)}}<>{{.SystemPrompt}}<>{{end}}
- {{if .Content}}{{.Content}}{{end}}
- [/INST]
- {{end}}
diff --git a/apps/services/mlops/local-ai/models/llama2.yaml b/apps/services/mlops/local-ai/models/llama2.yaml
deleted file mode 100644
index 9b7d3850f..000000000
--- a/apps/services/mlops/local-ai/models/llama2.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-name: "llama2"
-
-description: |
- Meta's Llama 2 13B-chat GGML
-
-license: "Other"
-urls:
-- https://huggingface.co/TheBloke/Llama-2-13B-chat-GGML
-- https://huggingface.co/meta-llama/Llama-2-13b-chat-hf
-- https://huggingface.co/TheBloke/Llama-2-13B-chat-GPTQ
-
-config_file: |
- name: llama2
- gpu_layers: 1000
- debug: true
- mmap: false
- f16: true
- embeddings: false
- prompt_cache_all: true
- prompt_cache_ro: false
- low_vram: true
- backend: llama
- parameters:
- model: llama-2-13b-chat.ggmlv3.q4_K_M.bin
- top_k: 80
- temperature: 1
- top_p: 0.7
- context_size: 2048
- template:
- chat_message: llama2-chat-message
- system_prompt: |
- You are an AI assistant. You should describe the task and explain your answer. While answering a multiple choice question, first output the correct answer(s). Then explain why other answers are wrong. You might need to use additional knowledge to answer the question.
-files:
-- filename: "llama-2-13b-chat.ggmlv3.q4_K_M.bin"
- uri: "https://huggingface.co/TheBloke/Llama-2-13B-chat-GGML/resolve/main/llama-2-13b-chat.ggmlv3.q4_K_M.bin"
-
-prompt_templates:
-- name: "llama2-chat-message"
- content: |
- {{if eq .RoleName "assistant"}}{{.Content}}{{else}}
- [INST]
- {{if eq .RoleName "system"}}<>{{.Content}}<>{{else if and (.SystemPrompt) (eq .MessageIndex 0)}}<>{{.SystemPrompt}}<>{{end}}
- {{if .Content}}{{.Content}}{{end}}
- [/INST]
- {{end}}
diff --git a/apps/services/mlops/local-ai/models/mythos.yaml b/apps/services/mlops/local-ai/models/mythos.yaml
deleted file mode 100644
index bfead5611..000000000
--- a/apps/services/mlops/local-ai/models/mythos.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-name: "mythos"
-
-description: |
- An improved, potentially even perfected variant of MythoMix,
- my MythoLogic-L2 and Huginn merge using a highly experimental
- tensor type merge technique. The main difference with MythoMix
- is that I allowed more of Huginn to intermingle with the single
- tensors located at the front and end of a model, resulting in
- increased coherency across the entire structure.
-
-license: "Other"
-urls:
-- https://huggingface.co/TheBloke/MythoMax-L2-13B-GGML
-
-config_file: |
- name: mythos
- gpu_layers: 1000
- debug: true
- mmap: false
- f16: true
- embeddings: false
- prompt_cache_all: true
- prompt_cache_ro: false
- low_vram: true
- backend: llama
- parameters:
- model: mythomax-l2-13b.ggmlv3.q5_K_M.bin
- top_k: 80
- temperature: 1
- top_p: 0.7
- context_size: 8192
- template:
- completion: mythomax-completion
- chat: mythomax-chat
-
-files:
-- filename: "mythomax-l2-13b.ggmlv3.q5_K_M.bin"
- uri: "https://huggingface.co/TheBloke/MythoMax-L2-13B-GGML/resolve/main/mythomax-l2-13b.ggmlv3.q5_K_M.bin"
-
-prompt_templates:
-- name: "mythomax-completion"
- content: |
- {{.Input}}
-
-- name: "mythomax-chat"
- content: |
- The prompt below is a question to answer, a task to complete, or a conversation to respond to; decide which and write an appropriate response.
- ### Prompt:
- {{.Input}}
- ### Response:
diff --git a/apps/services/mlops/local-ai/models/orca.yaml b/apps/services/mlops/local-ai/models/orca.yaml
deleted file mode 100644
index 16e4775f8..000000000
--- a/apps/services/mlops/local-ai/models/orca.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-name: "orca"
-
-description: |
- This is the third version of OrcaMaid, a weighted gradient SLERP merge between Microsoft's Orca-2-13b and NeverSleep's Noromaid-13b-v0.3.
-
-license: "Other"
-urls:
- - https://huggingface.co/TheBloke/OrcaMaid-v3-13B-32k-GGUF
-
-config_file: |
- gpu_layers: 1000
- debug: true
- threads: 4
- mmap: false
- embeddings: true
- prompt_cache_all: true
- prompt_cache_ro: false
- f16: true
- low_vram: false
- backend: llama
- parameters:
- model: orcamaid-v3-13b-32k.Q4_K_M.gguf
- top_k: 80
- temperature: 0.7
- top_p: 0.7
- context_size: 2048
- template:
- completion: orca-completion
- chat: orca-chat
- roles:
- user: "Input:"
- system: "Response:"
-
-files:
- - filename: "orcamaid-v3-13b-32k.Q4_K_M.gguf"
- uri: "https://huggingface.co/TheBloke/OrcaMaid-v3-13B-32k-GGUF/resolve/main/orcamaid-v3-13b-32k.Q4_K_M.gguf?download=true"
-
-prompt_templates:
- - name: "orca-completion"
- content: |
- {{.Input}}
-
- - name: "orca-chat"
- content: |
- Below is an instruction that describes a task. Write a response that appropriately completes the request
-
- ### Instruction: {{.Input}}
- ### Response:
diff --git a/apps/services/mlops/local-ai/models/startup.yaml b/apps/services/mlops/local-ai/models/startup.yaml
deleted file mode 100644
index b5ffb11d4..000000000
--- a/apps/services/mlops/local-ai/models/startup.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-- url: https://raw.githubusercontent.com/gruberdev/homelab/main/apps/services/mlops/local-ai/models/llama2.yaml
- name: llama2-chat
-- url: https://raw.githubusercontent.com/gruberdev/homelab/main/apps/services/mlops/local-ai/models/whisper.yaml
- name: whisper
-- url: https://raw.githubusercontent.com/gruberdev/homelab/main/apps/services/mlops/local-ai/models/embeddings.yaml
- name: embeddings
diff --git a/apps/services/mlops/local-ai/models/whisper.yaml b/apps/services/mlops/local-ai/models/whisper.yaml
deleted file mode 100644
index 13a4f1945..000000000
--- a/apps/services/mlops/local-ai/models/whisper.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-name: "whisper-base"
-license: "MIT"
-urls:
-- https://github.com/ggerganov/whisper.cpp
-- https://huggingface.co/ggerganov/whisper.cpp
-
-description: |
- Port of OpenAI's Whisper model in C/C++
-
-config_file: |
- backend: whisper
- parameters:
- model: ggml-whisper-base.bin
-
-files:
-- filename: "ggml-whisper-base.bin"
- sha256: "60ed5bc3dd14eea856493d334349b405782ddcaf0028d4b5df4088345fba2efe"
- uri: "https://huggingface.co/ggerganov/whisper.cpp/resolve/main/ggml-base.bin"
diff --git a/apps/services/mlops/local-ai/models/wizard.yaml b/apps/services/mlops/local-ai/models/wizard.yaml
deleted file mode 100644
index 40fd695a3..000000000
--- a/apps/services/mlops/local-ai/models/wizard.yaml
+++ /dev/null
@@ -1,52 +0,0 @@
-name: "wizard"
-
-description: |
- Eric Hartford's Wizard Vicuna 13B Uncensored
-
-license: "Other"
-urls:
- - https://huggingface.co/TheBloke/Wizard-Vicuna-13B-Uncensored-GGUF
-
-config_file: |
- gpu_layers: 1000
- debug: true
- threads: 6
- mmap: false
- embeddings: true
- prompt_cache_all: true
- prompt_cache_ro: false
- f16: true
- low_vram: false
- backend: llama
- parameters:
- model: Wizard-Vicuna-13B-Uncensored.Q5_K_M.gguf
- top_k: 80
- temperature: 0.7
- top_p: 0.7
- context_size: 2048
- template:
- completion: wizardlm-completion
- chat: wizardlm-chat
- roles:
- user: "USER:"
- system: "SYSTEM:"
- assistant: "ASSISTANT:"
-
-files:
-- filename: "Wizard-Vicuna-13B-Uncensored.Q5_K_M.gguf"
- uri: "https://huggingface.co/TheBloke/Wizard-Vicuna-13B-Uncensored-GGUF/resolve/main/Wizard-Vicuna-13B-Uncensored.Q5_K_M.gguf?download=true"
-
-prompt_templates:
-- name: "wizardlm-completion"
- content: |
- ### Instruction: {{.Input}}
-
- ### Assistant:
-
-- name: "wizardlm-chat"
- content: |
- A chat between a curious user and an artificial intelligence assistant. The assistant gives helpful, detailed, and polite answers to the user's questions.
-
- USER: {{.Input}}
-
- ASSISTANT:
diff --git a/apps/services/mlops/local-ai/models/wizardcode.yaml b/apps/services/mlops/local-ai/models/wizardcode.yaml
deleted file mode 100644
index 269450181..000000000
--- a/apps/services/mlops/local-ai/models/wizardcode.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-name: "wizardcoder"
-
-description: |
- Empowering Code Large Language Models with Evol-Instruct
-
-license: "Apache 2.0"
-
-urls:
-- https://github.com/nlpxucan/WizardLM
-
-config_file: |
- name: wizardcoder
- # Default model parameters
- parameters:
- name: wizardcoder
- gpu_layers: 1000
- debug: true
- mmap: false
- f16: true
- low_vram: true
- model: wizardcoder-guanaco-15b-v1.0.ggmlv1.q4_0.bin
- temperature: 0.9
- top_k: 50
- top_p: 0.95
- backend: starcoder
- context_size: 8192
- template:
- completion: wizardcode-completion
- chat: wizardcode-chat
- stopwords:
- - ""
- - <|endoftext|>
- - <|end|>
-files:
- - filename: "wizardcoder-guanaco-15b-v1.0.ggmlv1.q4_0.bin"
- sha256: "4708d9248b85b76a7bb85ac9bb586cacac4df8923dda9b09189babe326a61d94"
- uri: "https://huggingface.co/TheBloke/WizardCoder-Guanaco-15B-V1.0-GGML/resolve/main/wizardcoder-guanaco-15b-v1.0.ggmlv1.q4_0.bin"
-
-prompt_templates:
-- name: "wizardcode-completion"
- content: |
- {{.Input}}
-
-- name: "wizardcode-chat"
- content: |
- Below is an instruction that describes a task. Write a response that appropriately completes the request
-
- ### Instruction: {{.Input}}
-
- ### Response:
diff --git a/apps/services/mlops/matrix-bot/README.md b/apps/services/mlops/matrix-bot/README.md
deleted file mode 100644
index b30c4d96b..000000000
--- a/apps/services/mlops/matrix-bot/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## ChatGPT bot for Discord
diff --git a/apps/services/mlops/matrix-bot/base/cm.yaml b/apps/services/mlops/matrix-bot/base/cm.yaml
deleted file mode 100644
index 510fbd651..000000000
--- a/apps/services/mlops/matrix-bot/base/cm.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: chatgpt-matrix-config
-data:
- TZ: "America/Sao_Paulo"
- MATRIX_WHITELIST: "matrix.gruber.dev.br"
- CHATGPT_API_MODEL: "gpt-3.5-turbo"
- CHATGPT_REVERSE_PROXY: "http://local-ai.mlops.svc.cluster.local/v1/chat/completions"
- CHATGPT_CONTEXT: "room"
- CHATGPT_IGNORE_MEDIA: "true"
- CHATGPT_TEMPERATURE: "0.6"
- MATRIX_HOMESERVER_URL: "http://dendrite.matrix1.svc.cluster.local"
- MATRIX_BOT_USERNAME: "@chatgpt:matrix.gruber.dev.br"
- MATRIX_DEFAULT_PREFIX: ""
- MATRIX_DEFAULT_PREFIX_REPLY: "true"
- MATRIX_AUTOJOIN: "true"
- MATRIX_THREADS: "false"
- MATRIX_PREFIX_DM: "false"
- MATRIX_RICH_TEXT: "true"
diff --git a/apps/services/mlops/matrix-bot/base/deployment.yaml b/apps/services/mlops/matrix-bot/base/deployment.yaml
deleted file mode 100644
index 3af4657a9..000000000
--- a/apps/services/mlops/matrix-bot/base/deployment.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: chatgpt-matrix
- labels:
- app: chatgpt-matrix
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: chatgpt-matrix
- template:
- metadata:
- labels:
- app: chatgpt-matrix
- spec:
- containers:
- - name: bot
- image: ghcr.io/matrixgpt/matrix-chatgpt-bot:3.1.2
- imagePullPolicy: Always
- envFrom:
- - configMapRef:
- name: chatgpt-matrix-config
- - secretRef:
- name: chatgpt-matrix-vars
- ports:
- - name: web
- containerPort: 80
- protocol: TCP
- resources:
- requests:
- cpu: 120m
- memory: 256Mi
- limits:
- cpu: 220m
- memory: 512Mi
diff --git a/apps/services/mlops/matrix-bot/base/secret.yaml b/apps/services/mlops/matrix-bot/base/secret.yaml
deleted file mode 100644
index 7563da982..000000000
--- a/apps/services/mlops/matrix-bot/base/secret.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-kind: Secret
-apiVersion: v1
-metadata:
- name: chatgpt-matrix-vars
- annotations:
- avp.kubernetes.io/path: "kv/data/matrix"
-stringData:
- MATRIX_ACCESS_TOKEN:
diff --git a/apps/services/mlops/matrix-bot/kustomization.yaml b/apps/services/mlops/matrix-bot/kustomization.yaml
deleted file mode 100644
index d5beedaf1..000000000
--- a/apps/services/mlops/matrix-bot/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-
-namespace: matrix1
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/services/mlops/memory-plugin/README.md b/apps/services/mlops/memory-plugin/README.md
deleted file mode 100644
index 4c12c8ec2..000000000
--- a/apps/services/mlops/memory-plugin/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## ChatGPT Memory Plugin
diff --git a/apps/services/mlops/memory-plugin/base/cm.yaml b/apps/services/mlops/memory-plugin/base/cm.yaml
deleted file mode 100644
index 03933fff1..000000000
--- a/apps/services/mlops/memory-plugin/base/cm.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: chatgpt-plugin-config
-data:
- TZ: "America/Sao_Paulo"
- DATASTORE: "milvus"
- MILVUS_HOST: "milvus.milvus-system.svc.cluster.local"
- MILVUS_PORT: "19530"
- MILVUS_COLLECTION: "chatgpt_memory"
diff --git a/apps/services/mlops/memory-plugin/base/deployment.yaml b/apps/services/mlops/memory-plugin/base/deployment.yaml
deleted file mode 100644
index e313ea71f..000000000
--- a/apps/services/mlops/memory-plugin/base/deployment.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: chatgpt-plugin
- labels:
- app: chatgpt-plugin
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: chatgpt-plugin
- template:
- metadata:
- labels:
- app: chatgpt-plugin
- spec:
- containers:
- - name: server
- image: docker.io/grubertech/chatgpt-plugin:latest
- imagePullPolicy: Always
- envFrom:
- - configMapRef:
- name: chatgpt-plugin-config
- - secretRef:
- name: chatgpt-plugin-vars
- ports:
- - name: server
- containerPort: 8080
- protocol: TCP
- resources:
- requests:
- cpu: 250m
- memory: 256Mi
- limits:
- cpu: 550m
- memory: 1024Mi
diff --git a/apps/services/mlops/memory-plugin/base/kustomization.yaml b/apps/services/mlops/memory-plugin/base/kustomization.yaml
deleted file mode 100644
index cb04a9317..000000000
--- a/apps/services/mlops/memory-plugin/base/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- cm.yaml
-- svc.yaml
-- secret.yaml
diff --git a/apps/services/mlops/memory-plugin/base/secret.yaml b/apps/services/mlops/memory-plugin/base/secret.yaml
deleted file mode 100644
index ecc0903d9..000000000
--- a/apps/services/mlops/memory-plugin/base/secret.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-kind: Secret
-apiVersion: v1
-metadata:
- name: chatgpt-plugin-vars
- annotations:
- avp.kubernetes.io/path: "kv/data/chatgpt"
-stringData:
- BEARER_TOKEN:
- OPENAI_API_KEY:
diff --git a/apps/services/mlops/memory-plugin/base/svc.yaml b/apps/services/mlops/memory-plugin/base/svc.yaml
deleted file mode 100644
index b7b65b565..000000000
--- a/apps/services/mlops/memory-plugin/base/svc.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: chatgpt-plugin
- labels:
- app: chatgpt-plugin
-spec:
- selector:
- app: chatgpt-plugin
- ports:
- - name: server
- port: 80
- targetPort: 8080
- protocol: TCP
- type: ClusterIP
diff --git a/apps/services/mlops/memory-plugin/kustomization.yaml b/apps/services/mlops/memory-plugin/kustomization.yaml
deleted file mode 100644
index 8bce63593..000000000
--- a/apps/services/mlops/memory-plugin/kustomization.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-
-resources:
-- https://github.com/gruberdev/homelab/apps/networking/cloudflared
-
-patchesStrategicMerge:
-- overlay/cloudflared-cm.yaml
-
-namespace: chatgpt
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/arch: amd64
- target:
- kind: Deployment
- name: chatgpt-plugin
-- patch: |-
- - op: replace
- path: "/spec/template/spec/volumes/0/secret/secretName"
- value: "chatgpt-plugin-tunnel"
- target:
- kind: Deployment
- name: cloudflared
diff --git a/apps/services/mlops/memory-plugin/overlay/cloudflared-cm.yaml b/apps/services/mlops/memory-plugin/overlay/cloudflared-cm.yaml
deleted file mode 100644
index 7ffda6cd7..000000000
--- a/apps/services/mlops/memory-plugin/overlay/cloudflared-cm.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: cloudflared
-data:
- config.yaml: |
- tunnel: chatgpt-plugin-tunnel
- credentials-file: /etc/cloudflared/creds/credentials.json
- metrics: 0.0.0.0:2000
- no-autoupdate: true
- ingress:
- - hostname: gpt.gruber.dev.br
- service: http://chatgpt-plugin:80
- - service: http_status:404
diff --git a/apps/services/mlops/milvus/README.md b/apps/services/mlops/milvus/README.md
deleted file mode 100644
index f856a4111..000000000
--- a/apps/services/mlops/milvus/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Milvus-operator
diff --git a/apps/services/mlops/milvus/kustomization.yaml b/apps/services/mlops/milvus/kustomization.yaml
deleted file mode 100644
index 47d04209d..000000000
--- a/apps/services/mlops/milvus/kustomization.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- https://raw.githubusercontent.com/zilliztech/milvus-operator/v0.8.1/deploy/manifests/deployment.yaml
-
-patchesStrategicMerge:
-- overlay/milvus-deployment.yaml
-- overlay/milvus-job.yaml
-- overlay/namespace-delete.yaml
-
-patchesJson6902:
- - target:
- group: batch
- version: v1
- kind: Job
- name: milvus-operator-checker
- patch: |-
- - op: add
- path: /metadata/annotations/argocd.argoproj.io~1hook
- value: PostSync
- - op: add
- path: /metadata/annotations/argocd.argoproj.io~1hook-delete-policy
- value: BeforeHookCreation
- - op: remove
- path: /spec/ttlSecondsAfterFinished
-
-namespace: milvus-operator
diff --git a/apps/services/mlops/milvus/overlay/milvus-deployment.yaml b/apps/services/mlops/milvus/overlay/milvus-deployment.yaml
deleted file mode 100644
index cd0a6de01..000000000
--- a/apps/services/mlops/milvus/overlay/milvus-deployment.yaml
+++ /dev/null
@@ -1,62 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- helm.sh/chart: milvus-operator-0.8.1
- app.kubernetes.io/name: milvus-operator
- app.kubernetes.io/instance: milvus-operator
- app.kubernetes.io/version: "0.8.1"
- app.kubernetes.io/managed-by: Helm
- name: "milvus-operator"
- namespace: "milvus-operator"
-spec:
- selector:
- matchLabels:
- app.kubernetes.io/name: milvus-operator
- app.kubernetes.io/instance: milvus-operator
- template:
- metadata:
- labels:
- app.kubernetes.io/name: milvus-operator
- app.kubernetes.io/instance: milvus-operator
- spec:
- containers:
- - args:
- - -namespace
- - "milvus-operator"
- - -name
- - "milvus-operator"
- - --health-probe-bind-address=:8081
- - --metrics-bind-address=:8080
- - --leader-elect
- command:
- - /manager
- image: 'milvusdb/milvus-operator:v0.8.1'
- imagePullPolicy: "IfNotPresent"
- livenessProbe:
- httpGet:
- path: /healthz
- port: 8081
- initialDelaySeconds: 15
- periodSeconds: 20
- name: manager
- ports:
- - containerPort: 9443
- name: webhook-server
- protocol: TCP
- - containerPort: 8080
- name: metrics
- protocol: TCP
- readinessProbe:
- httpGet:
- path: /readyz
- port: 8081
- initialDelaySeconds: 5
- periodSeconds: 10
- resources:
- limits:
- cpu: 350m
- memory: 512Gi
- requests:
- cpu: 100m
- memory: 128Mi
diff --git a/apps/services/mlops/milvus/overlay/milvus-job.yaml b/apps/services/mlops/milvus/overlay/milvus-job.yaml
deleted file mode 100644
index 73cce4a91..000000000
--- a/apps/services/mlops/milvus/overlay/milvus-job.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
- labels:
- helm.sh/chart: milvus-operator-0.8.1
- app.kubernetes.io/name: milvus-operator
- app.kubernetes.io/instance: milvus-operator
- app.kubernetes.io/version: "0.8.1"
- app.kubernetes.io/managed-by: Helm
- name: "milvus-operator-checker"
- namespace: "milvus-operator"
-spec:
- template:
- spec:
- securityContext:
- runAsNonRoot: true
- serviceAccountName: "milvus-operator-checker"
- restartPolicy: OnFailure
- containers:
- - name: checker
- image: 'milvusdb/milvus-operator:v0.8.1'
- imagePullPolicy: "IfNotPresent"
- command: ["/checker"]
- args:
- - "-namespace=milvus-operator"
- - "-name=milvus-operator"
- resources:
- limits:
- cpu: 300m
- memory: 512Mi
- requests:
- cpu: 50m
- memory: 128Mi
diff --git a/apps/services/mlops/milvus/overlay/namespace-delete.yaml b/apps/services/mlops/milvus/overlay/namespace-delete.yaml
deleted file mode 100644
index 90628385b..000000000
--- a/apps/services/mlops/milvus/overlay/namespace-delete.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-$patch: delete
-apiVersion: v1
-kind: Namespace
-metadata:
- name: milvus-operator
diff --git a/apps/services/mlops/turbopilot/README.md b/apps/services/mlops/turbopilot/README.md
deleted file mode 100644
index 4227621b0..000000000
--- a/apps/services/mlops/turbopilot/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Turbopilot
diff --git a/apps/services/mlops/turbopilot/base/certificate.yaml b/apps/services/mlops/turbopilot/base/certificate.yaml
deleted file mode 100644
index e7dd23d48..000000000
--- a/apps/services/mlops/turbopilot/base/certificate.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: copilot
-spec:
- secretName: copilot-tls
- issuerRef:
- name: letsencrypt-production
- kind: ClusterIssuer
- commonName: copilot.gruber.dev.br
- dnsNames:
- - copilot.gruber.dev.br
diff --git a/apps/services/mlops/turbopilot/base/cm.yaml b/apps/services/mlops/turbopilot/base/cm.yaml
deleted file mode 100644
index 918541b8d..000000000
--- a/apps/services/mlops/turbopilot/base/cm.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: turbopilot-config
-data:
- THREADS: "6"
- MODEL: "/models/stablecode-instruct-alpha-3b.ggmlv1.q4_0.bin"
- GPU_LAYERS: "46"
- MODEL_TYPE: "stablecode"
- NVIDIA_VISIBLE_DEVICES: "all"
- NVIDIA_DRIVER_CAPABILITIES: "all"
- NVIDIA_REQUIRE_CUDA: "cuda>=11.0"
diff --git a/apps/services/mlops/turbopilot/base/deployment.yaml b/apps/services/mlops/turbopilot/base/deployment.yaml
deleted file mode 100644
index 1deddcff7..000000000
--- a/apps/services/mlops/turbopilot/base/deployment.yaml
+++ /dev/null
@@ -1,97 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: turbopilot
- labels:
- app: turbopilot
-spec:
- selector:
- matchLabels:
- app: turbopilot
- replicas: 1
- strategy:
- type: Recreate
- template:
- metadata:
- name: turbopilot
- labels:
- app: turbopilot
- spec:
- runtimeClassName: nvidia
- initContainers:
- - name: download-model
- image: busybox
- command: ["/bin/sh", "-c"]
- args:
- - |
- MODEL_DIR=/models
- FORCE_DOWNLOAD=false
- URLS="https://huggingface.co/TheBloke/stablecode-instruct-alpha-3b-GGML/resolve/main/stablecode-instruct-alpha-3b.ggmlv1.q4_0.bin"
-
- mkdir -p "$MODEL_DIR"
- # Split urls on commas
- echo "$URLS" | awk -F, '{for (i=1; i<=NF; i++) print $i}' | while read -r line; do
- url=$(echo "$line" | awk '{print $1}')
- auth=$(echo "$line" | awk '{print $2}')
- if [ -n "$url" ]; then
- filename=$(basename "$url")
- if [ "$FORCE_DOWNLOAD" = false ] && [ -f "$MODEL_DIR/$filename" ]; then
- echo "File $filename already exists. Skipping download."
- continue
- fi
- rm -f "$MODEL_DIR/$filename"
- echo "Downloading $filename"
- if [ -n "$auth" ]; then
- wget -P "$MODEL_DIR" --header "Authorization: Basic $auth" "$url"
- else
- wget -P "$MODEL_DIR" "$url"
- fi
- if [ "$?" -ne 0 ]; then
- echo "Download failed."
- else
- echo "Download completed."
- fi
- fi
- done
- volumeMounts:
- - mountPath: /models
- name: models
- containers:
- - name: turbopilot
- image: ghcr.io/ravenscroftj/turbopilot:v0.2.0-cuda11-7
- ports:
- - name: http
- containerPort: 18080
- protocol: TCP
- livenessProbe:
- tcpSocket:
- port: 18080
- initialDelaySeconds: 35
- periodSeconds: 10
- readinessProbe:
- tcpSocket:
- port: 18080
- initialDelaySeconds: 10
- periodSeconds: 10
- startupProbe:
- tcpSocket:
- port: 18080
- initialDelaySeconds: 90
- periodSeconds: 15
- resources:
- limits:
- cpu: 4000m
- memory: 15Gi
- requests:
- cpu: 1000m
- memory: 2Gi
- envFrom:
- - configMapRef:
- name: turbopilot-config
- volumeMounts:
- - mountPath: /models
- name: models
- volumes:
- - name: models
- persistentVolumeClaim:
- claimName: turbopilot-storage
diff --git a/apps/services/mlops/turbopilot/base/ingress.yaml b/apps/services/mlops/turbopilot/base/ingress.yaml
deleted file mode 100644
index 678b5176b..000000000
--- a/apps/services/mlops/turbopilot/base/ingress.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: turbopilot-internal
- annotations:
- external-dns.alpha.kubernetes.io/hostname: copilot.gruber.dev.br
- external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
- external-dns.alpha.kubernetes.io/ttl: "120"
- nginx.ingress.kubernetes.io/ssl-redirect: "true"
-spec:
- ingressClassName: nginx
- rules:
- - host: copilot.gruber.dev.br
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: turbopilot-tailscale
- port:
- name: http
- tls:
- - hosts:
- - copilot.gruber.dev.br
- secretName: copilot-tls
diff --git a/apps/services/mlops/turbopilot/base/kustomization.yaml b/apps/services/mlops/turbopilot/base/kustomization.yaml
deleted file mode 100644
index 076dd8f1a..000000000
--- a/apps/services/mlops/turbopilot/base/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- svc.yaml
-- cm.yaml
-- ingress.yaml
-- certificate.yaml
diff --git a/apps/services/mlops/turbopilot/base/svc.yaml b/apps/services/mlops/turbopilot/base/svc.yaml
deleted file mode 100644
index b9e95215d..000000000
--- a/apps/services/mlops/turbopilot/base/svc.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: turbopilot
- labels:
- app: turbopilot
-spec:
- selector:
- app: turbopilot
- ports:
- - name: http
- port: 80
- targetPort: 18080
- protocol: TCP
- type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
- name: turbopilot-tailscale
- labels:
- app: turbopilot
- annotations:
- tailscale.com/hostname: "copilot"
-spec:
- selector:
- app: turbopilot
- ports:
- - name: http
- port: 80
- targetPort: 18080
- protocol: TCP
- loadBalancerClass: tailscale
- type: LoadBalancer
diff --git a/apps/services/mlops/turbopilot/kustomization.yaml b/apps/services/mlops/turbopilot/kustomization.yaml
deleted file mode 100644
index 0ad1935d0..000000000
--- a/apps/services/mlops/turbopilot/kustomization.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-namespace: mlops
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/hostname: node-one
- target:
- kind: Deployment
- name: turbopilot
diff --git a/apps/services/mlops/wandb/README.md b/apps/services/mlops/wandb/README.md
deleted file mode 100644
index 649431784..000000000
--- a/apps/services/mlops/wandb/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Weight & Biases
diff --git a/apps/services/mlops/wandb/base/certificate.yaml b/apps/services/mlops/wandb/base/certificate.yaml
deleted file mode 100644
index b52be277d..000000000
--- a/apps/services/mlops/wandb/base/certificate.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: wandb-cloudflare
-spec:
- secretName: wandb-tls
- issuerRef:
- name: letsencrypt-production
- kind: ClusterIssuer
- commonName: ai.gruber.dev.br
- dnsNames:
- - ai.gruber.dev.br
diff --git a/apps/services/mlops/wandb/base/cm.yaml b/apps/services/mlops/wandb/base/cm.yaml
deleted file mode 100644
index 370f54ce6..000000000
--- a/apps/services/mlops/wandb/base/cm.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: wandb-cm
-data:
- TZ: "America/Sao_Paulo"
- LOCAL_SECURE: "false"
- LOCAL_RESTORE: "false"
- LOCAL_DEV: "false"
- WANDB_BASE_URL: "http://localhost:8080"
- HOST: "https://ai.gruber.dev.br"
diff --git a/apps/services/mlops/wandb/base/deployment.yaml b/apps/services/mlops/wandb/base/deployment.yaml
deleted file mode 100644
index 4cf6ecb76..000000000
--- a/apps/services/mlops/wandb/base/deployment.yaml
+++ /dev/null
@@ -1,115 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: wandb
- labels:
- app: wandb
-spec:
- strategy:
- type: Recreate
- replicas: 1
- selector:
- matchLabels:
- app: wandb
- template:
- metadata:
- labels:
- app: wandb
- spec:
- securityContext:
- fsGroup: 0
- fsGroupChangePolicy: OnRootMismatch
- initContainers:
- - name: init-db
- image: wandb/local:0.31.1
- env:
- - name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: wandb-vars
- key: MYSQL_PASSWORD
- - name: DB_HOST
- value: mysql-db.mlops.svc.cluster.local
- - name: DB_USER
- value: root
- - name: DB
- value: wandb_local
- command: ['bash', '-c', "until mysql -h$DB_HOST -u$DB_USER -p$DB_PASSWORD -D$DB --execute=\"SELECT 1\"; do echo waiting for db; sleep 2; done"]
- containers:
- - name: wandb
- image: "wandb/local:0.31.1"
- imagePullPolicy: IfNotPresent
- env:
- - name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: wandb-vars
- key: MYSQL_PASSWORD
- - name: DB_USER
- value: root
- - name: DB
- value: wandb_local
- - name: DB_HOST
- value: mysql-db.mlops.svc.cluster.local:3306
- - name: LICENSE
- valueFrom:
- secretKeyRef:
- name: wandb-vars
- key: LICENSE
- - name: GLOBAL_ADMIN_API_KEY
- valueFrom:
- secretKeyRef:
- name: wandb-vars
- key: ADMIN_API_KEY
- - name: GORILLA_INSECURE_ALLOW_API_KEY_ADMIN_ACCESS
- value: "true"
- - name: WANDB_HELM_CHART
- value: wandb:0.2.0
- - name: MYSQL
- value: mysql://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST)/$(DB)
- - name: HOST
- value: http://localhost:8080
- - name: LICENSE
- value:
- - name: LOCAL_RESTORE
- value: "false"
- - name: LOCAL_SECURE
- value: "false"
- securityContext:
- runAsGroup: 0
- runAsNonRoot: false
- runAsUser: 0
- ports:
- - name: http
- containerPort: 8080
- protocol: TCP
- volumeMounts:
- - name: data-storage
- mountPath: /vol
- startupProbe:
- httpGet:
- path: /ready
- port: http
- initialDelaySeconds: 600
- failureThreshold: 600
- livenessProbe:
- httpGet:
- path: /healthz
- port: http
- initialDelaySeconds: 600
- failureThreshold: 600
- readinessProbe:
- httpGet:
- path: /ready
- port: http
- resources:
- requests:
- cpu: 200m
- memory: 256Mi
- limits:
- cpu: 2000m
- memory: 2048Mi
- volumes:
- - name: data-storage
- persistentVolumeClaim:
- claimName: wandb-data
diff --git a/apps/services/mlops/wandb/base/kustomization.yaml b/apps/services/mlops/wandb/base/kustomization.yaml
deleted file mode 100644
index 06b226723..000000000
--- a/apps/services/mlops/wandb/base/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- svc.yaml
-- cm.yaml
-- secret.yaml
-- ingress.yaml
-- certificate.yaml
diff --git a/apps/services/mlops/wandb/base/secret.yaml b/apps/services/mlops/wandb/base/secret.yaml
deleted file mode 100644
index dd0d26344..000000000
--- a/apps/services/mlops/wandb/base/secret.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-kind: Secret
-apiVersion: v1
-metadata:
- name: wandb-vars
- annotations:
- avp.kubernetes.io/path: "kv/data/mlops"
-stringData:
- WANDB_API_KEY:
- MYSQL:
- PASSWORD:
- MYSQL_ROOT_PASSWORD:
- MYSQL_PASSWORD:
- ADMIN_API_KEY:
- LICENSE:
diff --git a/apps/services/mlops/wandb/base/svc.yaml b/apps/services/mlops/wandb/base/svc.yaml
deleted file mode 100644
index c88e633db..000000000
--- a/apps/services/mlops/wandb/base/svc.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: wanddb-external
- annotations:
- kube-vip.io/vipHost: wandb
-spec:
- selector:
- app: wandb
- ports:
- - name: http
- port: 80
- targetPort: 8080
- protocol: TCP
- type: LoadBalancer
- loadBalancerIP: "192.168.1.152"
- loadBalancerClass: kube-vip.io/kube-vip-class
----
-apiVersion: v1
-kind: Service
-metadata:
- name: wandb-internal
- labels:
- app: wandb
-spec:
- selector:
- app: wandb
- ports:
- - name: http
- port: 8080
- targetPort: 8080
- protocol: TCP
- type: ClusterIP
diff --git a/apps/services/mlops/wandb/kustomization.yaml b/apps/services/mlops/wandb/kustomization.yaml
deleted file mode 100644
index 9c2388a24..000000000
--- a/apps/services/mlops/wandb/kustomization.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-
-namespace: mlops
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/arch: amd64
- target:
- kind: Deployment
- name: wandb
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/services/proxitok/README.md b/apps/services/proxitok/README.md
deleted file mode 100644
index 67745f6dd..000000000
--- a/apps/services/proxitok/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## n8n
diff --git a/apps/services/rss/README.md b/apps/services/rss/README.md
deleted file mode 100644
index bcb0d420b..000000000
--- a/apps/services/rss/README.md
+++ /dev/null
@@ -1 +0,0 @@
-# RSS-related Services
diff --git a/apps/services/rss/feedpushr/README.md b/apps/services/rss/feedpushr/README.md
deleted file mode 100644
index 65e800321..000000000
--- a/apps/services/rss/feedpushr/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Feedpushr
diff --git a/apps/services/rss/feedpushr/base/cm.yaml b/apps/services/rss/feedpushr/base/cm.yaml
deleted file mode 100644
index e45265d94..000000000
--- a/apps/services/rss/feedpushr/base/cm.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: feedpushr-config
-data:
- TZ: "America/Sao_Paulo"
- FP_AUTHORIZED_USERNAME: "gruber"
- FP_CACHE_RETENTION: "72h"
- FP_CLEAR_CACHE: "false"
- FP_CLEAR_CONFIG: "false"
- FP_DB: "boltdb:///var/opt/feedpushr.db"
- FP_DELAY: "1m"
- FP_FAN_OUT_DELAY: "0s"
- FP_EXPLORE_PROVIDER: "default"
- FP_IMPORT: ""
- FP_LISTEN_ADDR: ":8080"
- FP_LOG_LEVEL: "info"
- FP_LOG_OUTPUT: ""
- FP_LOG_PRETTY: "false"
- FP_MAX_NB_FEEDS: "0"
- FP_MAX_NB_OUTPUTS: "0"
- FP_PLUGINS: ""
- FP_PUBLIC_URL: ""
- FP_SENTRY_DSN: ""
- FP_TIMEOUT: "5s"
- FP_AUTHN: "/etc/feedpushr.htpasswd"
diff --git a/apps/services/rss/feedpushr/base/deployment.yaml b/apps/services/rss/feedpushr/base/deployment.yaml
deleted file mode 100644
index 06304b6f5..000000000
--- a/apps/services/rss/feedpushr/base/deployment.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: feedpushr
- labels:
- app: feedpushr
- annotations:
- link.argocd.argoproj.io/external-link: http://feedpushr
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: feedpushr
- template:
- metadata:
- labels:
- app: feedpushr
- spec:
- containers:
- - name: feedpushr
- image: docker.io/ncarlier/feedpushr:3.3.1
- envFrom:
- - configMapRef:
- name: feedpushr-config
- ports:
- - name: web
- containerPort: 8080
- protocol: TCP
- resources:
- requests:
- cpu: 50m
- memory: 100Mi
- limits:
- cpu: 120m
- memory: 200Mi
- volumeMounts:
- - name: database
- mountPath: /var/opt
- - name: auth
- mountPath: /etc/feedpushr.htpasswd
- readOnly: true
- volumes:
- - name: auth
- secret:
- secretName: feedpushr-vars
- - name: database
- persistentVolumeClaim:
- claimName: feedpushr-database
diff --git a/apps/services/rss/feedpushr/base/kustomization.yaml b/apps/services/rss/feedpushr/base/kustomization.yaml
deleted file mode 100644
index 0292cfb79..000000000
--- a/apps/services/rss/feedpushr/base/kustomization.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- svc.yaml
-- cm.yaml
-- secret.yaml
diff --git a/apps/services/rss/feedpushr/base/secret.yaml b/apps/services/rss/feedpushr/base/secret.yaml
deleted file mode 100644
index 93bb8c667..000000000
--- a/apps/services/rss/feedpushr/base/secret.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-kind: Secret
-apiVersion: v1
-metadata:
- name: feedpushr-vars
- annotations:
- avp.kubernetes.io/path: "kv/data/feedpushr"
-stringData:
- feedpushr.htpasswd: |
- :
diff --git a/apps/services/rss/feedpushr/base/svc.yaml b/apps/services/rss/feedpushr/base/svc.yaml
deleted file mode 100644
index ae85f690f..000000000
--- a/apps/services/rss/feedpushr/base/svc.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: feedpushr
- labels:
- app: feedpushr
- annotations:
- tailscale.com/hostname: "feedpushr"
-spec:
- selector:
- app: feedpushr
- ports:
- - name: web
- port: 80
- targetPort: 8080
- protocol: TCP
- loadBalancerClass: tailscale
- type: LoadBalancer
diff --git a/apps/services/rss/feedpushr/kustomization.yaml b/apps/services/rss/feedpushr/kustomization.yaml
deleted file mode 100644
index e1fc1398d..000000000
--- a/apps/services/rss/feedpushr/kustomization.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-
-namespace: rss
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/arch: amd64
- target:
- kind: Deployment
- name: feedpushr
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/services/rss/hub/README.md b/apps/services/rss/hub/README.md
deleted file mode 100644
index 0baec9d59..000000000
--- a/apps/services/rss/hub/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## RSS Hub
diff --git a/apps/services/rss/hub/base/certificate.yaml b/apps/services/rss/hub/base/certificate.yaml
deleted file mode 100644
index 386a82dae..000000000
--- a/apps/services/rss/hub/base/certificate.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: rsshub-cloudflare
-spec:
- secretName: rsshub-tls
- issuerRef:
- name: letsencrypt-production
- kind: ClusterIssuer
- commonName: hub.gruber.dev.br
- dnsNames:
- - hub.gruber.dev.br
diff --git a/apps/services/rss/hub/base/cm.yaml b/apps/services/rss/hub/base/cm.yaml
deleted file mode 100644
index 014b48057..000000000
--- a/apps/services/rss/hub/base/cm.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: rsshub-cm
-data:
- NODE_ENV: "production"
- TZ: "America/Sao_Paulo"
- PORT: "1200"
- REQUEST_RETRY: "5"
- UA: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
- ALLOW_ORIGIN: "*"
- CACHE_TYPE: "redis"
- CACHE_EXPIRE: "5*60"
- MEMORY_MAX: "256"
- REDIS_URL: "redis://redis-rsshub.rss.svc.cluster.local:6379"
- PUPPETEER_WS_ENDPOINT: "ws://127.0.0.1:3000"
- ALLOW_LOCALHOST: "true"
- DISALLOW_ROBOT: "true"
- SCIHUB_HOST: "https://sci-hub.se"
diff --git a/apps/services/rss/hub/base/deployment.yaml b/apps/services/rss/hub/base/deployment.yaml
deleted file mode 100644
index 666201130..000000000
--- a/apps/services/rss/hub/base/deployment.yaml
+++ /dev/null
@@ -1,74 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: rss-hub
- labels:
- app: rss-hub
- annotations:
- link.argocd.argoproj.io/external-link: https://hub.gruber.dev.br
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: rss-hub
- template:
- metadata:
- labels:
- app: rss-hub
- spec:
- containers:
- - name: rss-hub
- image: docker.io/diygod/rsshub:chromium-bundled-2023-08-15
- envFrom:
- - configMapRef:
- name: rsshub-cm
- - secretRef:
- name: rsshub-vars
- ports:
- - name: web
- containerPort: 1200
- protocol: TCP
- resources:
- requests:
- cpu: 60m
- memory: 256Mi
- limits:
- cpu: 150m
- memory: 512Mi
- livenessProbe:
- tcpSocket:
- port: 1200
- timeoutSeconds: 1
- periodSeconds: 10
- initialDelaySeconds: 60
- failureThreshold: 3
- readinessProbe:
- tcpSocket:
- port: 1200
- timeoutSeconds: 1
- periodSeconds: 10
- initialDelaySeconds: 3
- failureThreshold: 3
- startupProbe:
- tcpSocket:
- port: 1200
- timeoutSeconds: 5
- periodSeconds: 10
- successThreshold: 1
- initialDelaySeconds: 60
- failureThreshold: 30
- - name: puppeteer
- image: browserless/chrome:latest
- ports:
- - name: richpuppeteer
- containerPort: 3000
- protocol: TCP
- resources:
- requests:
- cpu: "200m"
- memory: "1024Mi"
- limits:
- cpu: "500m"
- memory: "2048Mi"
diff --git a/apps/services/rss/hub/base/ingress.yaml b/apps/services/rss/hub/base/ingress.yaml
deleted file mode 100644
index 03c80e69f..000000000
--- a/apps/services/rss/hub/base/ingress.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: rss-hub
- annotations:
- external-dns.alpha.kubernetes.io/hostname: hub.gruber.dev.br
- external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
- external-dns.alpha.kubernetes.io/ttl: "120"
- nginx.ingress.kubernetes.io/ssl-redirect: "true"
-spec:
- ingressClassName: nginx
- rules:
- - host: hub.gruber.dev.br
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: rss-hub
- port:
- name: web
- tls:
- - hosts:
- - hub.gruber.dev.br
- secretName: rsshub-tls
diff --git a/apps/services/rss/hub/base/kustomization.yaml b/apps/services/rss/hub/base/kustomization.yaml
deleted file mode 100644
index 3d66454d0..000000000
--- a/apps/services/rss/hub/base/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- svc.yaml
-- cm.yaml
-- redis.yaml
-- ingress.yaml
-- certificate.yaml
diff --git a/apps/services/rss/hub/base/redis.yaml b/apps/services/rss/hub/base/redis.yaml
deleted file mode 100644
index d4beaac64..000000000
--- a/apps/services/rss/hub/base/redis.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: redis.redis.opstreelabs.in/v1beta1
-kind: Redis
-metadata:
- name: redis-rsshub
-spec:
- kubernetesConfig:
- image: docker.io/grubertech/redis:v7.0.5
- imagePullPolicy: IfNotPresent
- updateStrategy:
- type: OnDelete
- resources:
- requests:
- cpu: 150m
- memory: 128Mi
- limits:
- cpu: 250m
- memory: 256Mi
- storage:
- volumeClaimTemplate:
- spec:
- storageClassName: iscsi
- accessModes: ["ReadWriteOnce"]
- resources:
- requests:
- storage: 2Gi
- nodeSelector:
- kubernetes.io/arch: amd64
diff --git a/apps/services/rss/hub/base/svc.yaml b/apps/services/rss/hub/base/svc.yaml
deleted file mode 100644
index 9991d1022..000000000
--- a/apps/services/rss/hub/base/svc.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: rss-hub
- labels:
- app: rss-hub
- annotations:
- kube-vip.io/vipHost: rsshub
-spec:
- ports:
- - name: web
- port: 80
- targetPort: 1200
- protocol: TCP
- selector:
- app: rss-hub
- type: LoadBalancer
- loadBalancerIP: "192.168.1.155"
- loadBalancerClass: kube-vip.io/kube-vip-class
diff --git a/apps/services/rss/hub/kustomization.yaml b/apps/services/rss/hub/kustomization.yaml
deleted file mode 100644
index 191d4057e..000000000
--- a/apps/services/rss/hub/kustomization.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-
-namespace: rss
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/arch: amd64
- target:
- kind: Deployment
- name: rss-hub
diff --git a/apps/services/transfer/base/ingress.yaml b/apps/services/transfer/base/ingress.yaml
deleted file mode 100644
index df0bf9f8d..000000000
--- a/apps/services/transfer/base/ingress.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: change-ingress
- annotations:
- external-dns.alpha.kubernetes.io/hostname: onchange.gruber.dev.br
- external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
- nginx.ingress.kubernetes.io/ssl-redirect: "false"
- cert-manager.io/cluster-issuer: letsencrypt-staging
-spec:
- ingressClassName: nginx
- rules:
- - host: onchange.gruber.dev.br
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: change-svc
- port:
- name: web
- tls:
- - hosts:
- - onchange.gruber.dev.br
- secretName: onchange-tx
diff --git a/apps/services/transfer/kustomization.yaml b/apps/services/transfer/kustomization.yaml
deleted file mode 100644
index b82f18220..000000000
--- a/apps/services/transfer/kustomization.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-
-namespace: services
-
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/arch: amd64
- target:
- kind: Deployment
- name: change-server
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/services/wallabag/README.md b/apps/services/wallabag/README.md
deleted file mode 100644
index d5eda9d5b..000000000
--- a/apps/services/wallabag/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Wallabag
diff --git a/apps/services/wallabag/base/cm.yaml b/apps/services/wallabag/base/cm.yaml
deleted file mode 100644
index f26499d4e..000000000
--- a/apps/services/wallabag/base/cm.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: wallabag-cm
-data:
- TZ: "America/Sao_Paulo"
- SYMFONY__ENV__DATABASE_DRIVER: "pdo_pgsql"
- SYMFONY__ENV__DATABASE_HOST: "db-wallabag.services.svc.cluster.local"
- SYMFONY__ENV__DATABASE_PORT: "5432"
- SYMFONY__ENV__DATABASE_NAME: "wallabag"
- SYMFONY__ENV__DATABASE_USER: "wallabag"
- SYMFONY__ENV__LOCALE: "en"
- SYMFONY__ENV__MAILER_HOST: "mail.smtp2go.com"
- POPULATE_DATABASE: "True"
- SYMFONY__ENV__SERVER_NAME: "wallabag-grwtf"
- SYMFONY__ENV__DOMAIN_NAME: "https://wallabag.gruber.dev.br"
- SYMFONY__ENV__DATABASE_CHARSET: "utf8mb4"
- SYMFONY__ENV__DATABASE_TABLE_PREFIX: "wallabag_"
- SYMFONY__ENV__FOSUSER_REGISTRATION: "false"
- SYMFONY__ENV__FOSUSER_CONFIRMATION: "true"
diff --git a/apps/services/wallabag/base/db.yaml b/apps/services/wallabag/base/db.yaml
deleted file mode 100644
index 5d36adea5..000000000
--- a/apps/services/wallabag/base/db.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-apiVersion: "acid.zalan.do/v1"
-kind: postgresql
-metadata:
- name: db-wallabag
-spec:
- dockerImage: registry.opensource.zalan.do/acid/spilo-14:2.1-p6
- teamId: "db"
- numberOfInstances: 1
- users:
- admin:
- - superuser
- - createdb
- wallabag: []
- databases:
- wallabag: wallabag
- postgresql:
- version: "14"
- volume:
- size: 1Gi
- storageClass: iscsi
- additionalVolumes:
- - name: data
- mountPath: /home/postgres/pgdata/partitions
- targetContainers:
- - postgres
- volumeSource:
- PersistentVolumeClaim:
- claimName: wallabag-postgres
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: postgres-operator
- operator: In
- values:
- - enabled
diff --git a/apps/services/wallabag/base/deployment.yaml b/apps/services/wallabag/base/deployment.yaml
deleted file mode 100644
index be9a4d38d..000000000
--- a/apps/services/wallabag/base/deployment.yaml
+++ /dev/null
@@ -1,60 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: wallabag
- labels:
- app: wallabag
- annotations:
- link.argocd.argoproj.io/external-link: http://wallabag.gruber.dev.br
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: wallabag
- template:
- metadata:
- labels:
- app: wallabag
- spec:
- containers:
- - name: wallabag
- image: wallabag/wallabag:2.5.2
- env:
- - name: POSTGRES_USER
- valueFrom: {secretKeyRef: {name: wallabag.db-wallabag.credentials.postgresql.acid.zalan.do, key: username}}
- - name: POSTGRES_PASSWORD
- valueFrom: {secretKeyRef: {name: wallabag.db-wallabag.credentials.postgresql.acid.zalan.do, key: password}}
- - name: SYMFONY__ENV__DATABASE_USER
- valueFrom: {secretKeyRef: {name: wallabag.db-wallabag.credentials.postgresql.acid.zalan.do, key: username}}
- - name: SYMFONY__ENV__DATABASE_PASSWORD
- valueFrom: {secretKeyRef: {name: wallabag.db-wallabag.credentials.postgresql.acid.zalan.do, key: password}}
- envFrom:
- - configMapRef:
- name: wallabag-cm
- - secretRef:
- name: wallabag-vars
- ports:
- - name: web
- containerPort: 80
- protocol: TCP
- resources:
- requests:
- cpu: 150m
- memory: 256Mi
- limits:
- cpu: 200m
- memory: 512Mi
- volumeMounts:
- - name: data-storage
- mountPath: /var/www/wallabag/data
- - name: media-storage
- mountPath: /var/www/wallabag/web/assets/images
- volumes:
- - name: media-storage
- persistentVolumeClaim:
- claimName: wallabag-media
- - name: data-storage
- persistentVolumeClaim:
- claimName: wallabag-data
diff --git a/apps/services/wallabag/base/kustomization.yaml b/apps/services/wallabag/base/kustomization.yaml
deleted file mode 100644
index 7737eb197..000000000
--- a/apps/services/wallabag/base/kustomization.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- svc.yaml
-- cm.yaml
-- db.yaml
-- secret.yaml
diff --git a/apps/services/wallabag/base/secret.yaml b/apps/services/wallabag/base/secret.yaml
deleted file mode 100644
index 24c15d296..000000000
--- a/apps/services/wallabag/base/secret.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-kind: Secret
-apiVersion: v1
-metadata:
- name: wallabag-vars
- annotations:
- avp.kubernetes.io/path: "kv/data/wallabag"
-stringData:
- SYMFONY__ENV__SECRET:
- SYMFONY__ENV__MAILER_USER:
- SYMFONY__ENV__MAILER_PASSWORD:
- SYMFONY__ENV__FROM_EMAIL:
- SYMFONY__ENV__TWOFACTOR_AUTH: <2fa-auth>
- SYMFONY__ENV__TWOFACTOR_SENDER: <2fa-sender>
diff --git a/apps/services/wallabag/base/svc.yaml b/apps/services/wallabag/base/svc.yaml
deleted file mode 100644
index c37975cc9..000000000
--- a/apps/services/wallabag/base/svc.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: wallabag
- labels:
- app: wallabag
- annotations:
- tailscale.com/hostname: "wallabag"
-spec:
- selector:
- app: wallabag
- ports:
- - name: web
- port: 8080
- targetPort: 80
- protocol: TCP
- loadBalancerClass: tailscale
- type: LoadBalancer
diff --git a/apps/services/wallabag/kustomization.yaml b/apps/services/wallabag/kustomization.yaml
deleted file mode 100644
index e49737b7c..000000000
--- a/apps/services/wallabag/kustomization.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-namespace: services
-patches:
-- patch: |-
- - op: add
- path: "/spec/template/spec/nodeSelector"
- value:
- kubernetes.io/hostname: node-one
- target:
- kind: Deployment
- name: wallabag
-images:
-- name: wallabag/wallabag
- newTag: 2.6.8
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/services/wger/README.md b/apps/services/wger/README.md
deleted file mode 100644
index 8e5ab1d60..000000000
--- a/apps/services/wger/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## wger
diff --git a/apps/services/wger/base/certificate.yaml b/apps/services/wger/base/certificate.yaml
deleted file mode 100644
index 26d7ef190..000000000
--- a/apps/services/wger/base/certificate.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: wger-cloudflare
-spec:
- secretName: wger-tls
- issuerRef:
- name: letsencrypt-production
- kind: ClusterIssuer
- commonName: gym.gruber.dev.br
- dnsNames:
- - gym.gruber.dev.br
diff --git a/apps/services/wger/base/cm.yaml b/apps/services/wger/base/cm.yaml
deleted file mode 100644
index 2f5a4e271..000000000
--- a/apps/services/wger/base/cm.yaml
+++ /dev/null
@@ -1,74 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: wger-cm
-data:
- TIME_ZONE: "America/Sao_Paulo"
- MEDIA_URL: "https://gym.gruber.dev.br/media/"
- STATIC_URL: "https://gym.gruber.dev.br/static/"
- WGER_INSTANCE: https://wger.de"
- ALLOW_REGISTRATION: "True"
- ALLOW_GUEST_USERS: "True"
- ALLOW_UPLOAD_VIDEOS: "True"
- MIN_ACCOUNT_AGE_TO_TRUST: "0"
- SYNC_EXERCISES_ON_STARTUP: "True"
- DOWNLOAD_EXERCISE_IMAGES_ON_STARTUP: "True"
- SYNC_EXERCISES_CELERY: "True"
- SYNC_EXERCISE_IMAGES_CELERY: "True"
- CSRF_TRUSTED_ORIGINS: "http://127.0.0.1,https://127.0.0.1,https://gym.gruber.dev.br,http://gym.gruber.dev.br,https://gruber.dev.br,http://gym.gruber.dev.br,http://localhost,https://localhost"
- SYNC_EXERCISE_VIDEOS_CELERY: "True"
- DOWNLOAD_INGREDIENTS_FROM: "WGER"
- ENABLE_EMAIL: "True"
- EMAIL_USE_SSL: "False"
- EMAIL_USE_TLS: "True"
- FROM_EMAIL: "Personal Workout Manager "
- ACCESS_TOKEN_LIFETIME: "20"
- REFRESH_TOKEN_LIFETIME: "60"
- DJANGO_DEBUG: "True"
- WGER_USE_GUNICORN: "True"
- EXERCISE_CACHE_TTL: "18000"
- SITE_URL: "https://gym.gruber.dev.br"
- AXES_ENABLED: "False"
- DJANGO_CACHE_BACKEND: "django_redis.cache.RedisCache"
- DJANGO_CACHE_LOCATION: "redis://gym-redis.services.svc.cluster.local:6379/1"
- DJANGO_CACHE_TIMEOUT: "1296000"
- DJANGO_CACHE_CLIENT_CLASS: "django_redis.client.DefaultClient"
- DJANGO_DB_ENGINE: "django.db.backends.postgresql"
- DJANGO_DB_DATABASE: "wger"
- DJANGO_DB_HOST: "wger-rw.services.svc.cluster.local"
- DJANGO_DB_PORT: "5432"
- DJANGO_PERFORM_MIGRATIONS: "True"
- USE_CELERY: "False"
- CELERY_BROKER: "redis://gym-redis.services.svc.cluster.local:6379/2"
- CELERY_BACKEND: "redis://gym-redis.services.svc.cluster.local:6379/2"
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: wger-proxy
-data:
- wger-app.conf: |
- upstream app_server {
- server localhost:8000 fail_timeout=0;
- }
- server {
- listen 8080;
- client_max_body_size 4G;
- server_name gym.gruber.dev.br;
- keepalive_timeout 5;
- root /var/www/html/;
- location / {
- try_files $uri @proxy_to_app;
- }
- location @proxy_to_app {
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Host $http_host;
- proxy_redirect off;
- proxy_pass http://app_server;
- }
- error_page 500 502 503 504 /500.html;
- location = /500.html {
- root /var/www/html/;
- }
- }
diff --git a/apps/services/wger/base/db.yaml b/apps/services/wger/base/db.yaml
deleted file mode 100644
index fc9f2637f..000000000
--- a/apps/services/wger/base/db.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
-apiVersion: postgresql.cnpg.io/v1
-kind: Cluster
-metadata:
- name: wger-database
- namespace: services
-spec:
- imageName: ghcr.io/cloudnative-pg/postgresql:16.0
- instances: 1
- startDelay: 35
- stopDelay: 35
- resources:
- requests:
- memory: 256Mi
- cpu: 300m
- limits:
- memory: 768Mi
- cpu: 700m
- postgresql:
- parameters:
- shared_buffers: 256MB
- timezone: "America/Sao_Paulo"
- pg_stat_statements.max: '10000'
- pg_stat_statements.track: all
- auto_explain.log_min_duration: '10s'
- bootstrap:
- initdb:
- database: wger
- owner: wger
- storage:
- storageClass: iscsi
- size: 15Gi
- monitoring:
- enablePodMonitor: true
- affinity:
- nodeAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- nodeSelectorTerms:
- - matchExpressions:
- - key: kubernetes.io/hostname
- operator: In
- values:
- - node-one
diff --git a/apps/services/wger/base/deployment.yaml b/apps/services/wger/base/deployment.yaml
deleted file mode 100644
index 446010049..000000000
--- a/apps/services/wger/base/deployment.yaml
+++ /dev/null
@@ -1,82 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: gym-server
- labels:
- app: gym-server
- annotations:
- link.argocd.argoproj.io/external-link: https://gym.gruber.dev.br
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: wger
- template:
- metadata:
- labels:
- app: wger
- spec:
- securityContext:
- fsGroup: 1000
- containers:
- - name: frontend
- image: nginx:stable
- volumeMounts:
- - name: nginx-config
- mountPath: /etc/nginx/conf.d/
- - name: static
- mountPath: /var/www/html/static
- readOnly: true
- - name: media
- mountPath: /var/www/html/media
- readOnly: true
- ports:
- - containerPort: 8080
- protocol: TCP
- resources:
- requests:
- cpu: 100m
- memory: 128Mi
- limits:
- cpu: 200m
- memory: 512Mi
- - name: backend
- image: wger/server:latest
- env:
- - name: DJANGO_DB_USER
- valueFrom: {secretKeyRef: {name: wger-app, key: username}}
- - name: DJANGO_DB_PASSWORD
- valueFrom: {secretKeyRef: {name: wger-app, key: password}}
- envFrom:
- - configMapRef:
- name: wger-cm
- - secretRef:
- name: wger-vars
- ports:
- - containerPort: 8000
- resources:
- requests:
- cpu: 150m
- memory: 512Mi
- limits:
- cpu: 450m
- memory: 768Mi
- volumeMounts:
- - name: static
- mountPath: /home/wger/static
- readOnly: false
- - name: media
- mountPath: /home/wger/media
- readOnly: false
- volumes:
- - name: static
- persistentVolumeClaim:
- claimName: wger-static
- - name: media
- persistentVolumeClaim:
- claimName: wger-media
- - name: nginx-config
- configMap:
- name: wger-proxy
diff --git a/apps/services/wger/base/ingress.yaml b/apps/services/wger/base/ingress.yaml
deleted file mode 100644
index 087cf4b19..000000000
--- a/apps/services/wger/base/ingress.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: wger
- annotations:
- external-dns.alpha.kubernetes.io/hostname: gym.gruber.dev.br
- external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
- external-dns.alpha.kubernetes.io/ttl: "120"
- nginx.ingress.kubernetes.io/ssl-redirect: "true"
-spec:
- ingressClassName: nginx
- rules:
- - host: gym.gruber.dev.br
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: wger-tailscale
- port:
- number: 80
- tls:
- - hosts:
- - gym.gruber.dev.br
- secretName: wger-tls
diff --git a/apps/services/wger/base/kustomization.yaml b/apps/services/wger/base/kustomization.yaml
deleted file mode 100644
index 56441024c..000000000
--- a/apps/services/wger/base/kustomization.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- deployment.yaml
-- svc.yaml
-- cm.yaml
-- db.yaml
-- redis.yaml
-- ingress.yaml
-- secret.yaml
-- certificate.yaml
diff --git a/apps/services/wger/base/redis.yaml b/apps/services/wger/base/redis.yaml
deleted file mode 100644
index e8b65bd37..000000000
--- a/apps/services/wger/base/redis.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: redis.redis.opstreelabs.in/v1beta1
-kind: Redis
-metadata:
- name: gym-redis
-spec:
- kubernetesConfig:
- image: docker.io/grubertech/redis:v7.0.5
- imagePullPolicy: IfNotPresent
- updateStrategy:
- type: OnDelete
- resources:
- requests:
- cpu: 150m
- memory: 128Mi
- limits:
- cpu: 250m
- memory: 256Mi
- storage:
- volumeClaimTemplate:
- spec:
- storageClassName: iscsi
- accessModes: ["ReadWriteOnce"]
- resources:
- requests:
- storage: 5Gi
- nodeSelector:
- kubernetes.io/arch: amd64
diff --git a/apps/services/wger/base/secret.yaml b/apps/services/wger/base/secret.yaml
deleted file mode 100644
index 7bf7fc460..000000000
--- a/apps/services/wger/base/secret.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-kind: Secret
-apiVersion: v1
-metadata:
- name: wger-vars
- annotations:
- avp.kubernetes.io/path: "kv/data/wger"
-stringData:
- SECRET_KEY:
- SIGNING_KEY:
- EMAIL_HOST_PASSWORD:
- EMAIL_HOST_USER:
- EMAIL_PORT:
- EMAIL_HOST:
diff --git a/apps/services/wger/base/svc.yaml b/apps/services/wger/base/svc.yaml
deleted file mode 100644
index db059797f..000000000
--- a/apps/services/wger/base/svc.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: wger-tailscale
- labels:
- app: wger
- annotations:
- tailscale.com/hostname: "gym"
-spec:
- selector:
- app: wger
- ports:
- - port: 80
- targetPort: 8080
- protocol: TCP
- loadBalancerClass: tailscale
- type: LoadBalancer
diff --git a/apps/services/wger/kustomization.yaml b/apps/services/wger/kustomization.yaml
deleted file mode 100644
index 35d172620..000000000
--- a/apps/services/wger/kustomization.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-bases:
-- ./base
-
-namespace: services
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
- app.kubernetes.io/name: "wger"
diff --git a/apps/services/wger/overlay/cloudflared-cm.yaml b/apps/services/wger/overlay/cloudflared-cm.yaml
deleted file mode 100644
index eedc85792..000000000
--- a/apps/services/wger/overlay/cloudflared-cm.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: cloudflared
-data:
- config.yaml: |
- tunnel: n8n-tunnel
- credentials-file: /etc/cloudflared/creds/credentials.json
- metrics: 0.0.0.0:2000
- no-autoupdate: true
- ingress:
- - hostname: n8ni.gruber.dev.br
- service: http://n8n.services.svc.cluster.local:80
- - service: http_status:404
diff --git a/apps/utilities/crossplane/README.md b/apps/utilities/crossplane/README.md
deleted file mode 100644
index 1dc30a544..000000000
--- a/apps/utilities/crossplane/README.md
+++ /dev/null
@@ -1 +0,0 @@
-## Crossplane
diff --git a/apps/utilities/crossplane/kustomization.yaml b/apps/utilities/crossplane/kustomization.yaml
deleted file mode 100644
index 4b887d6bf..000000000
--- a/apps/utilities/crossplane/kustomization.yaml
+++ /dev/null
@@ -1,89 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
- - github.com/crossplane/crossplane/cluster?ref=v1.15.0
-
-helmCharts:
- - name: crossplane
- releaseName: crossplane
- includeCRDs: false
- version: 1.15.0
- repo: https://charts.crossplane.io/stable
- valuesInline:
- replicas: 1
- deploymentStrategy: Recreate
- image:
- repository: crossplane/crossplane
- tag: v1.14.4-2.g80dc4fb4
- pullPolicy: IfNotPresent
- nodeSelector: {}
- tolerations: []
- affinity: {}
- hostNetwork: false
- customLabels: {}
- customAnnotations: {}
- serviceAccount:
- customAnnotations: {}
- leaderElection: true
- args: ["--enable-composition-functions"]
- provider:
- packages: []
- configuration:
- packages: []
- imagePullSecrets: {}
- registryCaBundleConfig:
- name: ""
- key: ""
- webhooks:
- enabled: true
- rbacManager:
- deploy: true
- skipAggregatedClusterRoles: false
- replicas: 1
- managementPolicy: All
- leaderElection: true
- args: []
- nodeSelector: {}
- tolerations: []
- affinity: {}
- priorityClassName: ""
- resourcesCrossplane:
- limits:
- cpu: 300m
- memory: 512Mi
- requests:
- cpu: 80m
- memory: 256Mi
- securityContextCrossplane:
- runAsUser: 65532
- runAsGroup: 65532
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- packageCache:
- medium: ""
- sizeLimit: 20Mi
- pvc: ""
- configMap: ""
- resourcesRBACManager:
- limits:
- cpu: 150m
- memory: 256Mi
- requests:
- cpu: 100m
- memory: 128Mi
- securityContextRBACManager:
- runAsUser: 65532
- runAsGroup: 65532
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- metrics:
- enabled: true
- extraEnvVarsCrossplane: {}
- extraEnvVarsRBACManager: {}
- podSecurityContextCrossplane: {}
- podSecurityContextRBACManager: {}
- extraVolumesCrossplane: {}
- extraVolumeMountsCrossplane: {}
-
-namespace: crossplane
diff --git a/apps/utilities/descheduler/README.md b/apps/utilities/descheduler/README.md
index 0f5d105f4..a2afa22c9 100644
--- a/apps/utilities/descheduler/README.md
+++ b/apps/utilities/descheduler/README.md
@@ -1 +1,20 @@
-## Descheduler
\ No newline at end of file
+## Descheduler
+
+
+
+ 
+
+
+
+ 
+
+
+
+> Scheduling in Kubernetes is the process of binding pending pods to nodes, and is performed by a component of Kubernetes called kube-scheduler. The scheduler's decisions, whether or where a pod can or can not be scheduled, are guided by its configurable policy which comprises of set of rules, called predicates and priorities. The scheduler's decisions are influenced by its view of a Kubernetes cluster at that point of time when a new pod appears for scheduling. As Kubernetes clusters are very dynamic and their state changes over time, there may be desire to move already running pods to some other nodes for various reasons:
+>
+> - Some nodes are under or over utilized.
+> - The original scheduling decision does not hold true any more, as taints or labels are added to or removed from nodes, pod/node affinity requirements are not satisfied any more.
+> - Some nodes failed and their pods moved to other nodes.
+> - New nodes are added to clusters.
+>
+> Consequently, there might be several pods scheduled on less desired nodes in a cluster. Descheduler, based on its policy, finds pods that can be moved and evicts them. Please note, in current implementation, descheduler does not schedule replacement of evicted pods but relies on the default scheduler for that.
diff --git a/apps/utilities/descheduler/kustomization.yaml b/apps/utilities/descheduler/kustomization.yaml
index 76adf4454..b0842e61c 100644
--- a/apps/utilities/descheduler/kustomization.yaml
+++ b/apps/utilities/descheduler/kustomization.yaml
@@ -1,20 +1,20 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
-resources:
- - github.com/kubernetes-sigs/descheduler/kubernetes/deployment?ref=v0.29.0
-
-namespace: kube-system
+helmCharts:
+- includeCRDs: true
+ name: descheduler
+ version: 0.30.1
+ namespace: utilities
+ releaseName: descheduler
+ repo: https://kubernetes-sigs.github.io/descheduler/
patches:
- - patch: |-
+ - patch: |
apiVersion: apps/v1
kind: Deployment
metadata:
name: descheduler
- namespace: kube-system
- labels:
- app: descheduler
spec:
template:
spec:
@@ -25,10 +25,16 @@ patches:
cpu: 100m
memory: 128Mi
limits:
- cpu: 300m
+ cpu: 100m
memory: 256Mi
- - patch: |-
+ target:
+ kind: Deployment
+ name: descheduler
+ - patch: |
apiVersion: v1
+ kind: ConfigMap
+ metadata:
+ name: descheduler-policy-configmap
data:
policy.yaml: |
apiVersion: "descheduler/v1alpha2"
@@ -85,7 +91,6 @@ patches:
- "RemovePodsViolatingNodeAffinity"
- "RemovePodsViolatingInterPodAntiAffinity"
- "RemoveFailedPods"
+ target:
kind: ConfigMap
- metadata:
- name: descheduler-policy-configmap
- namespace: kube-system
+ name: descheduler-policy-configmap
diff --git a/apps/utilities/kube-fledged/README.md b/apps/utilities/kube-fledged/README.md
new file mode 100644
index 000000000..35327c939
--- /dev/null
+++ b/apps/utilities/kube-fledged/README.md
@@ -0,0 +1 @@
+## Kube-fledged
diff --git a/apps/utilities/kube-fledged/kustomization.yaml b/apps/utilities/kube-fledged/kustomization.yaml
new file mode 100644
index 000000000..ccb6a86c3
--- /dev/null
+++ b/apps/utilities/kube-fledged/kustomization.yaml
@@ -0,0 +1,93 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: kube-system
+
+patches:
+ - patch: |
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ name: kube-fledged-webhook-server
+ namespace: utilities
+ spec:
+ template:
+ spec:
+ initContainers:
+ - name: init
+ resources:
+ limits:
+ cpu: 120m
+ memory: 256Mi
+ requests:
+ cpu: 20m
+ memory: 64Mi
+ target:
+ kind: Deployment
+ name: kube-fledged-webhook-server
+
+helmCharts:
+- includeCRDs: true
+ name: kube-fledged
+ version: v0.10.0
+ namespace: kube-system
+ releaseName: kube-fledged
+ repo: https://senthilrch.github.io/kubefledged-charts/
+ valuesInline:
+ args:
+ controllerImageCacheRefreshFrequency: 15m
+ controllerImageDeleteJobHostNetwork: false
+ controllerImagePullDeadlineDuration: 5m
+ controllerImagePullPolicy: IfNotPresent
+ controllerJobRetentionPolicy: delete
+ controllerLogLevel: INFO
+ webhookServerCertFile: /var/run/secrets/webhook-server/tls.crt
+ webhookServerKeyFile: /var/run/secrets/webhook-server/tls.key
+ webhookServerLogLevel: INFO
+ webhookServerPort: 443
+ clusterRole:
+ create: true
+ clusterRoleBinding:
+ create: true
+ command:
+ kubefledgedControllerCommand:
+ - /opt/bin/kubefledged-controller
+ kubefledgedWebhookServerCommand:
+ - /opt/bin/kubefledged-webhook-server
+ controller:
+ hostNetwork: false
+ controllerReplicaCount: 1
+ image:
+ busyboxImageRepository: senthilrch/busybox
+ busyboxImageVersion: 1.35.0
+ kubefledgedCRIClientRepository: docker.io/senthilrch/kubefledged-cri-client
+ kubefledgedControllerRepository: docker.io/senthilrch/kubefledged-controller
+ kubefledgedWebhookServerRepository: docker.io/senthilrch/kubefledged-webhook-server
+ pullPolicy: Always
+ ingress:
+ enabled: false
+ nodeSelector:
+ kubernetes.io/arch: amd64
+ resources:
+ limits:
+ cpu: 120m
+ memory: 256Mi
+ requests:
+ cpu: 20m
+ memory: 64Mi
+ service:
+ port: 80
+ type: ClusterIP
+ serviceAccount:
+ create: true
+ validatingWebhook:
+ create: true
+ webhookServer:
+ enable: true
+ hostNetwork: false
+ webhookServerReplicaCount: 1
+ webhookService:
+ create: true
+ port: 3443
+ targetPort: 443
+ type: ClusterIP
diff --git a/apps/utilities/kured/README.md b/apps/utilities/kured/README.md
new file mode 100644
index 000000000..5c455ef65
--- /dev/null
+++ b/apps/utilities/kured/README.md
@@ -0,0 +1 @@
+## Kured
diff --git a/apps/utilities/kured/kustomization.yaml b/apps/utilities/kured/kustomization.yaml
index d1d82f2e0..cc38e7d7c 100644
--- a/apps/utilities/kured/kustomization.yaml
+++ b/apps/utilities/kured/kustomization.yaml
@@ -7,6 +7,3 @@ patchesStrategicMerge:
- overlay/daemonset.yaml
namespace: kube-system
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/utilities/nvidia/README.md b/apps/utilities/nvidia/README.md
new file mode 100644
index 000000000..91df292f2
--- /dev/null
+++ b/apps/utilities/nvidia/README.md
@@ -0,0 +1 @@
+## Nvidia Device Plugin
diff --git a/apps/utilities/nvidia/kustomization.yaml b/apps/utilities/nvidia/kustomization.yaml
new file mode 100644
index 000000000..6cf6dfcad
--- /dev/null
+++ b/apps/utilities/nvidia/kustomization.yaml
@@ -0,0 +1,61 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- runtimeclass.yaml
+
+namespace: kube-system
+
+patches:
+- path: patch.yaml
+
+helmCharts:
+- includeCRDs: true
+ name: nvidia-device-plugin
+ version: 0.14.5
+ namespace: kube-system
+ releaseName: nvidia-device-plugin
+ repo: https://nvidia.github.io/k8s-device-plugin
+ valuesInline:
+ config:
+ map:
+ default: |-
+ version: v1
+ flags:
+ migStrategy: none
+ mig-single: |-
+ version: v1
+ flags:
+ migStrategy: single
+ mig-mixed: |-
+ version: v1
+ flags:
+ migStrategy: mixed
+ default: ""
+ fallbackStrategies: ["named", "single"]
+ legacyDaemonsetAPI: null
+ compatWithCPUManager: null
+ migStrategy: "single"
+ failOnInitError: "true"
+ deviceListStrategy: "envvar"
+ deviceIDStrategy: "uuid"
+ nvidiaDriverRoot: ""
+ gdsEnabled: null
+ mofedEnabled: null
+ fullnameOverride: "nvidia-device-plugin"
+ namespaceOverride: kube-system
+ runtimeClassName: nvidia
+ nodeSelector:
+ kubernetes.io/hostname: controller-one
+ image:
+ repository: nvcr.io/nvidia/k8s-device-plugin
+ pullPolicy: IfNotPresent
+ tag: "v0.14.5-ubuntu20.04"
+ resources:
+ limits:
+ cpu: 150m
+ memory: 512Mi
+ requests:
+ cpu: 150m
+ memory: 256Mi
+ gfd:
+ enabled: false
diff --git a/apps/utilities/nvidia/patch.yaml b/apps/utilities/nvidia/patch.yaml
new file mode 100644
index 000000000..b35eb6bf0
--- /dev/null
+++ b/apps/utilities/nvidia/patch.yaml
@@ -0,0 +1,26 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: nvidia-device-plugin
+ namespace: kube-system
+spec:
+ template:
+ spec:
+ initContainers:
+ - name: nvidia-device-plugin-init
+ resources:
+ limits:
+ cpu: 150m
+ memory: 512Mi
+ requests:
+ cpu: 150m
+ memory: 256Mi
+ containers:
+ - name: nvidia-device-plugin-sidecar
+ resources:
+ limits:
+ cpu: 150m
+ memory: 512Mi
+ requests:
+ cpu: 150m
+ memory: 256Mi
diff --git a/apps/utilities/nvidia/runtimeclass.yaml b/apps/utilities/nvidia/runtimeclass.yaml
new file mode 100644
index 000000000..c26bd6d7f
--- /dev/null
+++ b/apps/utilities/nvidia/runtimeclass.yaml
@@ -0,0 +1,5 @@
+apiVersion: node.k8s.io/v1
+kind: RuntimeClass
+metadata:
+ name: nvidia
+handler: nvidia
diff --git a/apps/utilities/sealed-secrets/README.md b/apps/utilities/sealed-secrets/README.md
deleted file mode 100644
index 223bb546a..000000000
--- a/apps/utilities/sealed-secrets/README.md
+++ /dev/null
@@ -1 +0,0 @@
-# Sealed secrets
diff --git a/apps/utilities/sealed-secrets/base/kustomization.yaml b/apps/utilities/sealed-secrets/base/kustomization.yaml
deleted file mode 100644
index b68a08f1f..000000000
--- a/apps/utilities/sealed-secrets/base/kustomization.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.23.1/controller.yaml
diff --git a/apps/utilities/sealed-secrets/kustomization.yaml b/apps/utilities/sealed-secrets/kustomization.yaml
deleted file mode 100644
index f36e4698b..000000000
--- a/apps/utilities/sealed-secrets/kustomization.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- ./base
-patchesStrategicMerge:
-- overlay/deployment.yaml
-- overlay/svc.yaml
-
-namespace: kube-system
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/utilities/sealed-secrets/overlay/deployment.yaml b/apps/utilities/sealed-secrets/overlay/deployment.yaml
deleted file mode 100644
index 35060964c..000000000
--- a/apps/utilities/sealed-secrets/overlay/deployment.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- annotations: {}
- labels:
- name: sealed-secrets-controller
- name: sealed-secrets-controller
- namespace: kube-system
-spec:
- selector:
- matchLabels:
- name: sealed-secrets-controller
- strategy:
- type: Recreate
- rollingUpdate: null
- template:
- metadata:
- annotations: {}
- labels:
- name: sealed-secrets-controller
- spec:
- containers:
- - name: sealed-secrets-controller
- args: []
- command:
- - controller
- env: []
- image: docker.io/bitnami/sealed-secrets-controller:v0.23.1
- resources:
- limits:
- cpu: 120m
- memory: 350Mi
- requests:
- cpu: 50m
- memory: 256Mi
- livenessProbe:
- initialDelaySeconds: 60
- periodSeconds: 15
- startupProbe:
- httpGet:
- path: /healthz
- port: http
- initialDelaySeconds: 60
- periodSeconds: 15
- timeoutSeconds: 10
diff --git a/apps/utilities/sealed-secrets/overlay/svc.yaml b/apps/utilities/sealed-secrets/overlay/svc.yaml
deleted file mode 100644
index 50e6d8494..000000000
--- a/apps/utilities/sealed-secrets/overlay/svc.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- name: sealed-secrets-controller
- name: sealed-secrets-controller
- namespace: kube-system
-spec:
- ports:
- - port: 8080
- targetPort: 8080
- selector:
- name: sealed-secrets-controller
- type: ClusterIP
diff --git a/apps/utilities/wavy/README.md b/apps/utilities/wavy/README.md
deleted file mode 100644
index 60cc1338c..000000000
--- a/apps/utilities/wavy/README.md
+++ /dev/null
@@ -1,64 +0,0 @@
-
- 
-
-
-
-### Application Description
-
-> Wavy makes it possible to run containerized GUI desktop applications — think Inkscape or Libreoffice — on Kubernetes and makes them accessible via the browser. This workflow allows users to run applications in the cloud and access them from any device without needing to install any software. Wavy works by patching Kubernetes Pods that are annotated with wavy.squat.ai/enable=true to include the necessary tools.
-
-- [Website][website-uri]
-- [Official Documentation][docs-uri]
-
-[website-uri]: https://github.com/wavyland/wavy
-[docs-uri]: https://github.com/wavyland/wavy/blob/main/README.md
-
-#### Annotations
-
-The following annotations can be added to any Kubernetes Pod, DaemonSet, Deployment, ReplicaSet, StatefulSet, CronJob, or Job to configure Wavy:
-
-|Name|type|examples|
-|----|----|-------|
-|[wavy.squat.ai/enable](#enable)|boolean|`"true"`|
-|[wavy.squat.ai/basic-auth-secret](#basic-auth-secret)|string|`app-secret`|
-|[wavy.squat.ai/tls-secret](#tls-secret)|string|`app-tls`|
-|[wavy.squat.ai/host](#host)|boolean|`"true"`|
-|[wavy.squat.ai/x](#x)|boolean|`"true"`|
-|[wavy.squat.ai/expose-vnc](#expose-vnc)|boolean|`"true"`|
-|[wavy.squat.ai/vnc-basic-auth-secret](#vnc-basic-auth-secret)|string|`app-secret`|
-|[wavy.squat.ai/vnc-tls-secret](#vnc-tls-secret)|string|`app-tls`|
-
----
-#### Example
-
-```yaml
-apiVersion: v1
-kind: Pod
-metadata:
- annotations:
- wavy.squat.ai/enable: "true"
- wavy.squat.ai/basic-auth-secret: signal
- labels:
- app.kubernetes.io/name: signal
- name: signal
-spec:
- containers:
- - image: tianon/signal-desktop:6
- name: signal
- command:
- - signal-desktop
- args:
- - --no-sandbox
- - --user-data-dir=/root
----
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app.kubernetes.io/name: signal
- name: signal
-type: kubernetes.io/basic-auth
-stringData:
- username: user
- password: pass
-```
diff --git a/apps/utilities/wavy/kustomization.yaml b/apps/utilities/wavy/kustomization.yaml
deleted file mode 100644
index 1fcf37f3d..000000000
--- a/apps/utilities/wavy/kustomization.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-- https://raw.githubusercontent.com/wavyland/wavy/1e45bf3a20838814bb466c4b7bcb101389ecb947/manifests/webhook.yaml
-
-patchesStrategicMerge:
-- overlay/namespace-delete.yaml
-- overlay/patch-deploy.yaml
-- overlay/patch-job.yaml
-- overlay/patch-rb.yaml
-- overlay/patch-crb.yaml
-
-patchesJson6902:
- - target:
- group: batch
- version: v1
- kind: Job
- name: cert-gen
- patch: |-
- - op: add
- path: /metadata/annotations/argocd.argoproj.io~1hook-delete-policy
- value: BeforeHookCreation
-
-namespace: utilities
-
-commonAnnotations:
- reloader.stakater.com/auto: "true"
diff --git a/apps/utilities/wavy/overlay/namespace-delete.yaml b/apps/utilities/wavy/overlay/namespace-delete.yaml
deleted file mode 100644
index 929332dd1..000000000
--- a/apps/utilities/wavy/overlay/namespace-delete.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-$patch: delete
-apiVersion: v1
-kind: Namespace
-metadata:
- name: wavy
diff --git a/apps/utilities/wavy/overlay/patch-crb.yaml b/apps/utilities/wavy/overlay/patch-crb.yaml
deleted file mode 100644
index cc5da7e2c..000000000
--- a/apps/utilities/wavy/overlay/patch-crb.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: wavy-webhook
- labels:
- app.kubernetes.io/name: wavy
- app.kubernetes.io/component: webhook-server
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: wavy-webhook
-subjects:
- - kind: ServiceAccount
- namespace: utilities
- name: wavy-webhook
diff --git a/apps/utilities/wavy/overlay/patch-deploy.yaml b/apps/utilities/wavy/overlay/patch-deploy.yaml
deleted file mode 100644
index 9280b2f0b..000000000
--- a/apps/utilities/wavy/overlay/patch-deploy.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: wavy-webhook
- namespace: wavy
- labels:
- app.kubernetes.io/name: wavy
- app.kubernetes.io/component: webhook-server
-spec:
- template:
- spec:
- containers:
- - name: webhook
- image: ghcr.io/wavyland/wavy
- args:
- - webhook
- - --certificate=/run/secrets/tls/tls.crt
- - --key=/run/secrets/tls/tls.key
- - --listen-metrics=:9090
- - --listen=:8443
- resources:
- limits:
- cpu: 150m
- memory: 256Mi
- requests:
- cpu: 50m
- memory: 128Mi
- ports:
- - containerPort: 8443
- name: webhook
- - containerPort: 9090
- name: metrics
- volumeMounts:
- - name: tls
- mountPath: /run/secrets/tls
- readOnly: true
- volumes:
- - name: tls
- secret:
- secretName: wavy-webhook-tls
- optional: true
diff --git a/apps/utilities/wavy/overlay/patch-job.yaml b/apps/utilities/wavy/overlay/patch-job.yaml
deleted file mode 100644
index 0a4812e77..000000000
--- a/apps/utilities/wavy/overlay/patch-job.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: cert-gen
- namespace: wavy
- labels:
- app.kubernetes.io/name: wavy
- app.kubernetes.io/component: certificate-generator
-spec:
- template:
- spec:
- initContainers:
- - name: create
- args:
- - create
- - --namespace=utilities
- - --secret-name=wavy-webhook-tls
- - --host=wavy-webhook,wavy-webhook.utilities.svc
- - --key-name=tls.key
- - --cert-name=tls.crt
- containers:
- - name: patch
- image: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0
- args:
- - patch
- - --webhook-name=wavy.squat.ai
- - --secret-name=wavy-webhook-tls
- - --namespace=utilities
- - --patch-validating=false
diff --git a/apps/utilities/wavy/overlay/patch-rb.yaml b/apps/utilities/wavy/overlay/patch-rb.yaml
deleted file mode 100644
index ce860ed23..000000000
--- a/apps/utilities/wavy/overlay/patch-rb.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: wavy-webhook
- namespace: wavy
- labels:
- app.kubernetes.io/name: wavy
- app.kubernetes.io/component: webhook-server
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: wavy-webhook
-subjects:
- - kind: ServiceAccount
- namespace: utilities
- name: wavy-webhook
diff --git a/tasks/argocd.yaml b/tasks/argocd.yaml
index 1d3129774..f52b172bf 100644
--- a/tasks/argocd.yaml
+++ b/tasks/argocd.yaml
@@ -70,7 +70,7 @@ tasks:
argocd.argoproj.io/secret-type: repository
stringData:
type: git
- url: https://github.com/gruberdev/private.git
+ url: https://github.com/gruberdev/homelab.git
password: $GH_PASS
username: $GH_USER
EOF
@@ -168,7 +168,7 @@ tasks:
- sh: 'which argocd'
msg: 'argocd {{.PATH_ERROR}}'
cmds:
- - argocd login argo.gruber.dev.br --username $ARGOCD_USERNAME --password $ARGOCD_PASSWORD
+ - argocd login https://argo.raptor-beta.ts.net --username $ARGOCD_USERNAME --password $ARGOCD_PASSWORD
refresh:
preconditions: