...
 
Commits (3)
## Configuration
```
kubectl --namespace=kube-system create secret generic cloudflare-api-key --from-literal=key=<your-api-key>
```
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: external-dns
namespace: kube-system
spec:
strategy:
type: Recreate
template:
metadata:
labels:
app: external-dns
spec:
serviceAccountName: external-dns
containers:
- name: external-dns
image: registry.opensource.zalan.do/teapot/external-dns:v0.5.11
args:
- --source=ingress
- --provider=cloudflare
- --registry=txt
- --txt-owner-id=unicorn
- --log-level=debug
env:
- name: CF_API_EMAIL
value: underer@gmail.com
- name: CF_API_KEY
valueFrom:
secretKeyRef:
name: cloudflare-api-key
key: key
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-dns
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: external-dns
rules:
- apiGroups: [""]
resources: ["services"]
verbs: ["get","watch","list"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get","watch","list"]
- apiGroups: ["extensions"]
resources: ["ingresses"]
verbs: ["get","watch","list"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: external-dns-viewer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: external-dns
namespace: kube-system
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
kind: ConfigMap
apiVersion: v1
metadata:
......@@ -15,153 +6,6 @@ metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-clusterrole
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-role
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
# Defaults to "<election-id>-<ingress-class>"
# Here: "<ingress-controller-leader>-<nginx>"
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-nginx"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-clusterrole-nisa-binding
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---
apiVersion: apps/v1
kind: Deployment
......@@ -203,6 +47,7 @@ spec:
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --update-status
- --annotations-prefix=nginx.ingress.kubernetes.io
securityContext:
allowPrivilegeEscalation: true
......@@ -267,3 +112,5 @@ spec:
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
externalIPs:
- 144.76.111.239
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-clusterrole
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-role
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
# Defaults to "<election-id>-<ingress-class>"
# Here: "<ingress-controller-leader>-<nginx>"
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-nginx"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-clusterrole-nisa-binding
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
apiVersion: v1
kind: Namespace
metadata:
name: firefly
## Configuration
```
kubectl --namespace=firefly create secret generic firefly-env --from-literal=FF_APP_KEY=<your-key>
```
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: firefly-export-pvc
namespace: firefly
labels:
app: firefly
spec:
storageClassName: rook-ceph-block
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: firefly-upload-pvc
namespace: firefly
labels:
app: firefly
spec:
storageClassName: rook-ceph-block
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: firefly
name: firefly
namespace: firefly
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: firefly
template:
metadata:
labels:
app: firefly
spec:
containers:
- name: firefly
image: jc5x/firefly-iii:release-4.7.17
env:
- name: FF_DB_CONNECTION
value: pgsql
- name: FF_DB_USER
value: postgres
- name: FF_DB_HOST
value: db-svc
- name: FF_DB_NAME
value: postgres
- name: FF_DB_PASSWORD
value: postgres
- name: FF_DB_PORT
value: "5432"
- name: APP_URL
value: https://money.underyx.me
- name: TRUSTED_PROXIES
value: "**"
- name: FF_APP_ENV
value: local
- name: FF_APP_KEY
valueFrom:
secretKeyRef:
name: firefly-env
key: FF_APP_KEY
resources:
limits:
cpu: 100m
memory: 256Mi
requests:
cpu: 10m
memory: 32Mi
volumeMounts:
- mountPath: /var/www/firefly-iii/storage/export
name: firefly-export
- mountPath: /var/www/firefly-iii/storage/upload
name: firefly-upload
volumes:
- name: firefly-export
persistentVolumeClaim:
claimName: firefly-export-pvc
- name: firefly-upload
persistentVolumeClaim:
claimName: firefly-upload-pvc
---
apiVersion: v1
kind: Service
metadata:
labels:
app: firefly
name: firefly-svc
namespace: firefly
spec:
ports:
- port: 80
selector:
app: firefly
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: firefly-cert
namespace: firefly
labels:
app: firefly
spec:
secretName: firefly-tls
issuerRef:
kind: ClusterIssuer
name: letsencrypt
commonName: money.underyx.me
dnsNames:
- money.underyx.me
acme:
config:
- http01:
ingressClass: nginx
domains:
- money.underyx.me
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
labels:
app: firefly
name: firefly-ingress
namespace: firefly
spec:
rules:
- host: money.underyx.me
http:
paths:
- backend:
serviceName: firefly-svc
servicePort: 80
path: /
tls:
- hosts:
- money.underyx.me
secretName: firefly-tls
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: firefly-db-data-pvc
namespace: firefly
labels:
app: db
spec:
storageClassName: rook-ceph-block
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: db
name: db
namespace: firefly
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: db
template:
metadata:
labels:
app: db
spec:
containers:
- name: app
image: postgres:11.2
ports:
- containerPort: 5432
env:
- name: PGDATA
value: pgdata
livenessProbe:
tcpSocket:
port: 5432
initialDelaySeconds: 30
periodSeconds: 30
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 100m
memory: 32Mi
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: db-data
volumes:
- name: db-data
persistentVolumeClaim:
claimName: firefly-db-data-pvc
---
apiVersion: v1
kind: Service
metadata:
labels:
app: db
name: db-svc
namespace: firefly
spec:
ports:
- port: 5432
targetPort: 5432
selector:
app: db
apiVersion: v1
kind: Namespace
metadata:
name: ttrss
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ttrss-config-pvc
namespace: ttrss
labels:
app: ttrss
spec:
storageClassName: rook-ceph-block
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 200Mi
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ttrss
name: ttrss
namespace: ttrss
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: ttrss
template:
metadata:
labels:
app: ttrss
spec:
containers:
- name: ttrss
image: linuxserver/tt-rss:19.2-ls15
env:
- name: DB_TYPE
value: pgsql
- name: DB_USER
value: postgres
- name: DB_HOST
value: db-svc
- name: DB_NAME
value: postgres
- name: DB_PASS
value: postgres
- name: DB_PORT
value: "5432"
- name: SELF_URL_PATH
value: https://feeds.underyx.me/
resources:
limits:
cpu: 100m
memory: 256Mi
requests:
cpu: 10m
memory: 32Mi
volumeMounts:
- mountPath: /config
name: ttrss-config
volumes:
- name: ttrss-config
persistentVolumeClaim:
claimName: ttrss-config-pvc
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ttrss
name: ttrss-svc
namespace: ttrss
spec:
ports:
- port: 80
selector:
app: ttrss
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: ttrss-cert
namespace: ttrss
labels:
app: ttrss
spec:
secretName: ttrss-tls
issuerRef:
kind: ClusterIssuer
name: letsencrypt
commonName: feeds.underyx.me
dnsNames:
- feeds.underyx.me
acme:
config:
- http01:
ingressClass: nginx
domains:
- feeds.underyx.me
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
labels:
app: ttrss
name: ttrss-ingress
namespace: ttrss
spec:
rules:
- host: feeds.underyx.me
http:
paths:
- backend:
serviceName: ttrss-svc
servicePort: 80
path: /
tls:
- hosts:
- feeds.underyx.me
secretName: ttrss-tls
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ttrss-db-data-pvc
namespace: ttrss
labels:
app: db
spec:
storageClassName: rook-ceph-block
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: db
name: db
namespace: ttrss
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: db
template:
metadata:
labels:
app: db
spec:
containers:
- name: app
image: postgres:11.2
ports:
- containerPort: 5432
env:
- name: PGDATA
value: pgdata
livenessProbe:
tcpSocket:
port: 5432
initialDelaySeconds: 30
periodSeconds: 30
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 100m
memory: 32Mi
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: db-data
volumes:
- name: db-data
persistentVolumeClaim:
claimName: ttrss-db-data-pvc
---
apiVersion: v1
kind: Service
metadata:
labels:
app: db
name: db-svc
namespace: ttrss
spec:
ports:
- port: 5432
targetPort: 5432
selector:
app: db