diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 0000000..7194726 --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,17 @@ +{ + $schema: 'https://docs.renovatebot.com/renovate-schema.json', + extends: [ + 'config:recommended', + 'docker:pinDigests', + 'helpers:pinGitHubActionDigests', + ':pinDevDependencies' + ], + packageRules: [ + { + description: 'Automerge non-major updates', + matchUpdateTypes: ['minor', 'patch'], + ignoreTests: true, + automerge: true + } + ] +} diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml new file mode 100644 index 0000000..3fb8589 --- /dev/null +++ b/.github/workflows/renovate.yaml @@ -0,0 +1,58 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +name: "Renovate" + +on: + workflow_dispatch: + inputs: + dryRun: + description: Dry Run + default: "false" + required: false + logLevel: + description: Log Level + default: debug + required: false + version: + description: Renovate version + default: latest + required: false + schedule: + - cron: "0 1 * * *" + push: + branches: ["main"] + paths: + - .github/renovate.json + +env: + LOG_LEVEL: "${{ inputs.logLevel || 'debug' }}" + RENOVATE_AUTODISCOVER: true + RENOVATE_AUTODISCOVER_FILTER: "${{ github.repository }}" + RENOVATE_DRY_RUN: "${{ inputs.dryRun == true }}" + RENOVATE_PLATFORM: github + RENOVATE_PLATFORM_COMMIT: true + WORKFLOW_RENOVATE_VERSION: "${{ inputs.version || 'latest' }}" + +jobs: + renovate: + name: Renovate + runs-on: ubuntu-latest + steps: + - name: Generate Token + uses: actions/create-github-app-token@ad38cffc07bac6e3857755914c4c88bfd2db4da4 # v1 + id: app-token + with: + app-id: "${{ secrets.BOT_APP_ID }}" + private-key: "${{ secrets.BOT_APP_PRIV_KEY }}" + + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + with: + token: "${{ steps.app-token.outputs.token }}" + + - name: Renovate + uses: renovatebot/github-action@21d88b0bf0183abcee15f990011cca090dfc47dd # v40.1.12 + with: + configurationFile: .github/renovate.json5 + token: "${{ steps.app-token.outputs.token }}" + renovate-version: "${{ env.WORKFLOW_RENOVATE_VERSION }}" diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..acad825 --- /dev/null +++ b/.gitignore @@ -0,0 +1,410 @@ +## Ignore Visual Studio temporary files, build results, and +## files generated by popular Visual Studio add-ons. +## +## Get latest from https://github.com/github/gitignore/blob/main/VisualStudio.gitignore + +# terraform +.terraform/ +.terraform.* +terraform.* + +# Helm +charts/ +Chart.lock +output.yaml + +.DS_Store + +# User-specific files +*.rsuser +*.suo +*.user +*.userosscache +*.sln.docstates + +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs + +# Mono auto generated files +mono_crash.* + +# Build results +[Dd]ebug/ +[Dd]ebugPublic/ +[Rr]elease/ +[Rr]eleases/ +x64/ +x86/ +[Ww][Ii][Nn]32/ +[Aa][Rr][Mm]/ +[Aa][Rr][Mm]64/ +bld/ +[Bb]in/ +[Oo]bj/ +[Ll]og/ +[Ll]ogs/ + +# Visual Studio 2015/2017 cache/options directory +.vs/ +# Uncomment if you have tasks that create the project's static files in wwwroot +#wwwroot/ + +# Visual Studio 2017 auto generated files +Generated\ Files/ + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +# NUnit +*.VisualState.xml +TestResult.xml +nunit-*.xml + +# Build Results of an ATL Project +[Dd]ebugPS/ +[Rr]eleasePS/ +dlldata.c + +# Benchmark Results +BenchmarkDotNet.Artifacts/ + +# .NET Core +project.lock.json +project.fragment.lock.json +artifacts/ + +# ASP.NET Scaffolding +ScaffoldingReadMe.txt + +# StyleCop +StyleCopReport.xml + +# Files built by Visual Studio +*_i.c +*_p.c +*_h.h +*.ilk +*.meta +*.obj +*.iobj +*.pch +*.pdb +*.ipdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*_wpftmp.csproj +*.log +*.tlog +*.vspscc +*.vssscc +.builds +*.pidb +*.svclog +*.scc + +# Chutzpah Test files +_Chutzpah* + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opendb +*.opensdf +*.sdf +*.cachefile +*.VC.db +*.VC.VC.opendb + +# Visual Studio profiler +*.psess +*.vsp +*.vspx +*.sap + +# Visual Studio Trace Files +*.e2e + +# TFS 2012 Local Workspace +$tf/ + +# Guidance Automation Toolkit +*.gpState + +# ReSharper is a .NET coding add-in +_ReSharper*/ +*.[Rr]e[Ss]harper +*.DotSettings.user + +# TeamCity is a build add-in +_TeamCity* + +# DotCover is a Code Coverage Tool +*.dotCover + +# AxoCover is a Code Coverage Tool +.axoCover/* +!.axoCover/settings.json + +# Coverlet is a free, cross platform Code Coverage Tool +coverage*.json +coverage*.xml +coverage*.info + +# Visual Studio code coverage results +*.coverage +*.coveragexml + +# NCrunch +_NCrunch_* +.*crunch*.local.xml +nCrunchTemp_* + +# MightyMoose +*.mm.* +AutoTest.Net/ + +# Web workbench (sass) +.sass-cache/ + +# Installshield output folder +[Ee]xpress/ + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish/ + +# Publish Web Output +*.[Pp]ublish.xml +*.azurePubxml +# Note: Comment the next line if you want to checkin your web deploy settings, +# but database connection strings (with potential passwords) will be unencrypted +*.pubxml +*.publishproj + +# Microsoft Azure Web App publish settings. Comment the next line if you want to +# checkin your Azure Web App publish settings, but sensitive information contained +# in these scripts will be unencrypted +PublishScripts/ + +# NuGet Packages +*.nupkg +# NuGet Symbol Packages +*.snupkg +# The packages folder can be ignored because of Package Restore +**/[Pp]ackages/* +# except build/, which is used as an MSBuild target. +!**/[Pp]ackages/build/ +# Uncomment if necessary however generally it will be regenerated when needed +#!**/[Pp]ackages/repositories.config +# NuGet v3's project.json files produces more ignorable files +*.nuget.props +*.nuget.targets + +# Microsoft Azure Build Output +csx/ +*.build.csdef + +# Microsoft Azure Emulator +ecf/ +rcf/ + +# Windows Store app package directories and files +AppPackages/ +BundleArtifacts/ +Package.StoreAssociation.xml +_pkginfo.txt +*.appx +*.appxbundle +*.appxupload + +# Visual Studio cache files +# files ending in .cache can be ignored +*.[Cc]ache +# but keep track of directories ending in .cache +!?*.[Cc]ache/ + +# Others +ClientBin/ +~$* +*~ +*.dbmdl +*.dbproj.schemaview +*.jfm +*.pfx +*.publishsettings +orleans.codegen.cs + +# Including strong name files can present a security risk +# (https://github.com/github/gitignore/pull/2483#issue-259490424) +#*.snk + +# Since there are multiple workflows, uncomment next line to ignore bower_components +# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) +#bower_components/ + +# RIA/Silverlight projects +Generated_Code/ + +# Backup & report files from converting an old project file +# to a newer Visual Studio version. Backup files are not needed, +# because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm +ServiceFabricBackup/ +*.rptproj.bak + +# SQL Server files +*.mdf +*.ldf +*.ndf + +# Business Intelligence projects +*.rdl.data +*.bim.layout +*.bim_*.settings +*.rptproj.rsuser +*- [Bb]ackup.rdl +*- [Bb]ackup ([0-9]).rdl +*- [Bb]ackup ([0-9][0-9]).rdl + +# Microsoft Fakes +FakesAssemblies/ + +# GhostDoc plugin setting file +*.GhostDoc.xml + +# Node.js Tools for Visual Studio +.ntvs_analysis.dat +node_modules/ + +# Visual Studio 6 build log +*.plg + +# Visual Studio 6 workspace options file +*.opt + +# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) +*.vbw + +# Visual Studio 6 auto-generated project file (contains which files were open etc.) +*.vbp + +# Visual Studio 6 workspace and project file (working project files containing files to include in project) +*.dsw +*.dsp + +# Visual Studio 6 technical files +*.ncb +*.aps + +# Visual Studio LightSwitch build output +**/*.HTMLClient/GeneratedArtifacts +**/*.DesktopClient/GeneratedArtifacts +**/*.DesktopClient/ModelManifest.xml +**/*.Server/GeneratedArtifacts +**/*.Server/ModelManifest.xml +_Pvt_Extensions + +# Paket dependency manager +.paket/paket.exe +paket-files/ + +# FAKE - F# Make +.fake/ + +# CodeRush personal settings +.cr/personal + +# Python Tools for Visual Studio (PTVS) +__pycache__/ +*.pyc + +# Cake - Uncomment if you are using it +# tools/** +# !tools/packages.config + +# Tabs Studio +*.tss + +# Telerik's JustMock configuration file +*.jmconfig + +# BizTalk build output +*.btp.cs +*.btm.cs +*.odx.cs +*.xsd.cs + +# OpenCover UI analysis results +OpenCover/ + +# Azure Stream Analytics local run output +ASALocalRun/ + +# MSBuild Binary and Structured Log +*.binlog + +# NVidia Nsight GPU debugger configuration file +*.nvuser + +# MFractors (Xamarin productivity tool) working folder +.mfractor/ + +# Local History for Visual Studio +.localhistory/ + +# Visual Studio History (VSHistory) files +.vshistory/ + +# BeatPulse healthcheck temp database +healthchecksdb + +# Backup folder for Package Reference Convert tool in Visual Studio 2017 +MigrationBackup/ + +# Ionide (cross platform F# VS Code tools) working folder +.ionide/ + +# Fody - auto-generated XML schema +FodyWeavers.xsd + +# VS Code files for those working on multiple tools +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json +*.code-workspace + +# Local History for Visual Studio Code +.history/ + +# Windows Installer files from build outputs +*.cab +*.msi +*.msix +*.msm +*.msp + +# JetBrains Rider +*.sln.iml diff --git a/README.md b/README.md new file mode 100644 index 0000000..1e0aedf --- /dev/null +++ b/README.md @@ -0,0 +1,34 @@ +# home-ops 🏠🤖 + +My personal Kubernetes cluster orchestrated by [ArgoCD](https://argo-cd.readthedocs.io/en/stable/) and [Renovate](https://docs.renovatebot.com/) + +## Bootstrap + +1. kubernetes/system/network/cilium +```bash +helm install cilium kubernetes/system/network/cilium -n kube-system +``` +2. kubernetes/system/network/coredns +```bash +# Attention, in the first install, disable monitoring unless the monitore is already installed +helm install coredns kubernetes/system/network/coredns -n kube-system +``` + +## Local certificate and domain management + +```mermaid +graph TD + subgraph HashiCorp Vault + A[Root PKI] + B[Intermediate PKI] + end + + 1[Ingress Created] -->|1| 2[Cert Manager] + 1 -->|1| 6[External DNS] + 6 -->|2| 7[Pi-hole DNS] + 2 -->|2| 3[Certificate Request] + 3 -->|3| B + B -->|4| 4[Signed Certificate] + 4 -->|5| 2 + 2 -->|6| 5[Certificate Ready] +``` \ No newline at end of file diff --git a/kubernetes/apps/cloudnative-pg/Chart.yaml b/kubernetes/apps/cloudnative-pg/Chart.yaml new file mode 100644 index 0000000..3f771ea --- /dev/null +++ b/kubernetes/apps/cloudnative-pg/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +name: cloudnative-pg +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "1.1.0" + +dependencies: + - name: cluster + repository: https://cloudnative-pg.github.io/charts + version: 0.0.9 + - name: umbrella-app + repository: "oci://registry.nguyen.local/library" + alias: pg-cron + version: 1.0.0 \ No newline at end of file diff --git a/kubernetes/apps/cloudnative-pg/README.md b/kubernetes/apps/cloudnative-pg/README.md new file mode 100644 index 0000000..38933a2 --- /dev/null +++ b/kubernetes/apps/cloudnative-pg/README.md @@ -0,0 +1,5 @@ +# cloudnative-pg + +CloudNativePG is an open source operator designed to manage PostgreSQL workloads on any supported Kubernetes cluster running in private, public, hybrid, or multi-cloud environments. + +More info [github](https://github.com/cloudnative-pg/charts) \ No newline at end of file diff --git a/kubernetes/apps/cloudnative-pg/templates/external-secret.yaml b/kubernetes/apps/cloudnative-pg/templates/external-secret.yaml new file mode 100644 index 0000000..b1304eb --- /dev/null +++ b/kubernetes/apps/cloudnative-pg/templates/external-secret.yaml @@ -0,0 +1,14 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: {{ .Release.Name }} +spec: + secretStoreRef: + name: vault-secret-store + kind: ClusterSecretStore + refreshInterval: + target: + creationPolicy: Owner + dataFrom: + - extract: + key: {{ .Release.Name }} \ No newline at end of file diff --git a/kubernetes/apps/cloudnative-pg/templates/svc.yaml b/kubernetes/apps/cloudnative-pg/templates/svc.yaml new file mode 100644 index 0000000..1d6aa35 --- /dev/null +++ b/kubernetes/apps/cloudnative-pg/templates/svc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +spec: + type: LoadBalancer + ports: + - name: postgres + port: 5432 + targetPort: 5432 + protocol: TCP + selector: + cnpg.io/cluster: {{ .Release.Name }}-cluster + role: primary \ No newline at end of file diff --git a/kubernetes/apps/cloudnative-pg/values.yaml b/kubernetes/apps/cloudnative-pg/values.yaml new file mode 100644 index 0000000..251b59c --- /dev/null +++ b/kubernetes/apps/cloudnative-pg/values.yaml @@ -0,0 +1,50 @@ +cluster: + cluster: + imageName: ghcr.io/cloudnative-pg/postgresql:16.2-16 + storage: + storageClass: longhorn-single + superuserSecret: cloudnative-pg + monitoring: + enabled: true + postgresql: + max_connections: "300" + affinity: + enablePodAntiAffinity: true + topologyKey: kubernetes.io/hostname + podAntiAffinityType: required + +pg-cron: + controller: + enabled: true + type: cronjob + cronjob: + # run every day at 1 AM + schedule: 0 1 * * * + image: + repository: postgres + tag: 16.3-bulleye@sha256:a1b25666f2d473293880d178cb682e7e826fe384a142e4345b17914aa1d36daa + command: + - /bin/bash + - -c + - | + echo -e "\e[32m[+]\e[0m Start backup" && \ + $(which pg_dumpall) -h $POSTGRES_HOST -p $POSTGRES_PORT -U $POSTGRES_USER -f /tmp/cloudnative-pg-backup-$(date +%F).sql && \ + echo -e "\e[31m[-]\e[0m Remove old backup" + find /tmp -type f -mtime +5 -print -exec rm {} \; + echo -e "\e[32m[+]\e[0m Done." + envFrom: + - secretRef: + name: cloudnative-pg + service: + main: + enabled: false + persistence: + database: + enabled: true + mountPath: /tmp + storageClass: nfs-client + accessMode: "ReadWriteOnce" + size: 10Gi + retain: true + volume: + enabled: false \ No newline at end of file diff --git a/kubernetes/apps/dragonfly/Chart.yaml b/kubernetes/apps/dragonfly/Chart.yaml new file mode 100644 index 0000000..6ce15c5 --- /dev/null +++ b/kubernetes/apps/dragonfly/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: dragonfly +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "0.0.0" + +dependencies: + - name: dragonfly + repository: oci://ghcr.io/dragonflydb/dragonfly/helm + version: v1.19.0 \ No newline at end of file diff --git a/kubernetes/apps/dragonfly/README.md b/kubernetes/apps/dragonfly/README.md new file mode 100644 index 0000000..d3643d0 --- /dev/null +++ b/kubernetes/apps/dragonfly/README.md @@ -0,0 +1,5 @@ +# Dragonfly + +Dragonfly is a modern in-memory datastore, fully compatible with Redis and Memcached APIs. + +More info on [website](https://www.dragonflydb.io/docs/) diff --git a/kubernetes/apps/dragonfly/values.yaml b/kubernetes/apps/dragonfly/values.yaml new file mode 100644 index 0000000..55f1b1c --- /dev/null +++ b/kubernetes/apps/dragonfly/values.yaml @@ -0,0 +1,11 @@ +dragonfly: + replicaCount: 1 + service: + type: LoadBalancer + extraArgs: + # See issue: https://github.com/dragonflydb/dragonfly/discussions/1497 + - "--proactor_threads=2" + serviceMonitor: + enabled: true + storage: + enabled: true \ No newline at end of file diff --git a/kubernetes/apps/reloader/Chart.yaml b/kubernetes/apps/reloader/Chart.yaml new file mode 100644 index 0000000..0c932c6 --- /dev/null +++ b/kubernetes/apps/reloader/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: reloader +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "0.0.0" + +dependencies: + - name: reloader + repository: https://stakater.github.io/stakater-charts + version: 1.0.115 diff --git a/kubernetes/apps/reloader/README.md b/kubernetes/apps/reloader/README.md new file mode 100644 index 0000000..ee7b5df --- /dev/null +++ b/kubernetes/apps/reloader/README.md @@ -0,0 +1,23 @@ +# reloader + +## Installation + +```bash +helm repo add stakater https://stakater.github.io/stakater-charts +helm install reloader stakater/reloader -n reloader --create-namespace +``` + +## Configuration + +More info [here](https://github.com/stakater/Reloader/blob/master/README.md). + +Add the following annotation on deployment +```yaml +kind: Deployment +metadata: + annotations: + reloader.stakater.com/auto: "true" +spec: + template: + metadata: +``` \ No newline at end of file diff --git a/kubernetes/operators/cloudnative-pg-operator/Chart.yaml b/kubernetes/operators/cloudnative-pg-operator/Chart.yaml new file mode 100644 index 0000000..5277249 --- /dev/null +++ b/kubernetes/operators/cloudnative-pg-operator/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: cloudnative-pg-operator +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "0.0.0" + +dependencies: + - name: cloudnative-pg + repository: https://cloudnative-pg.github.io/charts + version: 0.21.5 diff --git a/kubernetes/operators/cloudnative-pg-operator/README.md b/kubernetes/operators/cloudnative-pg-operator/README.md new file mode 100644 index 0000000..cb9d093 --- /dev/null +++ b/kubernetes/operators/cloudnative-pg-operator/README.md @@ -0,0 +1,10 @@ +# cloudnative-pg-operator + +CloudNativePG is an open source operator designed to manage PostgreSQL workloads on any supported Kubernetes cluster running in private, public, hybrid, or multi-cloud environments. + +More info [github](https://github.com/cloudnative-pg/charts) + + +> [!WARNING] +> one or more objects failed to apply, reason: error when patching "/dev/shm/3710469084": CustomResourceDefinition.apiextensions.k8s.io "poolers.postgresql.cnpg.io" is invalid: metadata.annotations: Too long: must have at most 262144 bytes. Retrying attempt #4 at 5:20PM. +> Use `serverSideApply=true` on argocd \ No newline at end of file diff --git a/kubernetes/system/management/descheduler/Chart.yaml b/kubernetes/system/management/descheduler/Chart.yaml new file mode 100644 index 0000000..3759995 --- /dev/null +++ b/kubernetes/system/management/descheduler/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: descheduler +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "0.0.0" + +dependencies: + - name: descheduler + repository: https://kubernetes-sigs.github.io/descheduler/ + version: 0.30.1 diff --git a/kubernetes/system/management/node-feature-discovery/Chart.yaml b/kubernetes/system/management/node-feature-discovery/Chart.yaml new file mode 100644 index 0000000..e06506c --- /dev/null +++ b/kubernetes/system/management/node-feature-discovery/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: node-feature-discovery +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "0.0.0" + +dependencies: + - name: node-feature-discovery + repository: https://kubernetes-sigs.github.io/node-feature-discovery/charts + version: 0.16.0 + diff --git a/kubernetes/system/management/node-feature-discovery/README.md b/kubernetes/system/management/node-feature-discovery/README.md new file mode 100644 index 0000000..8f208cc --- /dev/null +++ b/kubernetes/system/management/node-feature-discovery/README.md @@ -0,0 +1,28 @@ +# node feature discovery + +This software enables node feature discovery for Kubernetes. It detects hardware features available on each node in a Kubernetes cluster, and advertises those features using node labels and optionally node extended resources, annotations and node taints. Node Feature Discovery is compatible with any recent version of Kubernetes (v1.21+). + +More info: [here](https://kubernetes-sigs.github.io/node-feature-discovery/v0.15/get-started/introduction.html) + +## Installation + +```bash +# Kustomize +kubectl apply -k https://github.com/kubernetes-sigs/node-feature-discovery/deployment/overlays/default?ref=v0.15.4 + +# Helm +helm repo add nfd https://kubernetes-sigs.github.io/node-feature-discovery/charts +helm repo update +helm install nfd/node-feature-discovery --namespace node-feature-discovery --create-namespace --generate-name +``` + +## Configuration + +Writing rule are describe [here](https://kubernetes-sigs.github.io/node-feature-discovery/v0.15/usage/customization-guide.html#custom-feature-source) + +## Uninstallation + +```bash +kubectl apply -k https://github.com/kubernetes-sigs/node-feature-discovery/deployment/overlays/prune?ref=v0.15.4 +kubectl -n node-feature-discovery wait job.batch/nfd-master --for=condition=complete && kubectl delete -k https://github.com/kubernetes-sigs/node-feature-discovery/deployment/overlays/prune?ref=v0.15.4 +``` \ No newline at end of file diff --git a/kubernetes/system/management/node-feature-discovery/values.yaml b/kubernetes/system/management/node-feature-discovery/values.yaml new file mode 100644 index 0000000..3fef419 --- /dev/null +++ b/kubernetes/system/management/node-feature-discovery/values.yaml @@ -0,0 +1,21 @@ +node-feature-discovery: + worker: + annotations: + configmap.reloader.stakater.com/reload: node-feature-discovery-worker-conf + config: + core: + featureSources: [custom, usb, pci] + sources: + custom: + # The following feature demonstrates the capabilities of the matchFeatures + - name: "google coral device" + labels: + google.feature.node.kubernetes.io/coral.present: "true" + matchFeatures: + - feature: usb.device + matchExpressions: + # in node, run 'lsusb' to locate google coral device + # output cmd: + # Bus 002 Device 003: ID 18d1:9302 Google Inc. + # Bus 002 Device 002: ID 1a6e:089a Global Unichip Corp. + vendor: { op: In, value: ["18d1","1a6e"] } diff --git a/kubernetes/system/network/coredns/Chart.yaml b/kubernetes/system/network/coredns/Chart.yaml new file mode 100644 index 0000000..39da359 --- /dev/null +++ b/kubernetes/system/network/coredns/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: coredns +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "0.0.0" + +dependencies: + - name: coredns + repository: https://coredns.github.io/helm + version: 1.31.0 diff --git a/kubernetes/system/network/coredns/README.md b/kubernetes/system/network/coredns/README.md new file mode 100644 index 0000000..6b308d1 --- /dev/null +++ b/kubernetes/system/network/coredns/README.md @@ -0,0 +1,17 @@ +# Core-dns + + +## Installation + +Setup cluster dns ip with k3s +```bash +k3s server ... --cluster-dns 10.43.0.10 +``` + +```bash +helm repo add coredns https://coredns.github.io/helm +helm --namespace=kube-system install coredns coredns/coredns --set service.clusterIP=10.43.0.10 + +# or +helm install coredns . -n kube-system +``` \ No newline at end of file diff --git a/kubernetes/system/network/coredns/values.yaml b/kubernetes/system/network/coredns/values.yaml new file mode 100644 index 0000000..e1aa7ff --- /dev/null +++ b/kubernetes/system/network/coredns/values.yaml @@ -0,0 +1,40 @@ +coredns: + service: + clusterIP: 10.43.0.10 + servers: + - zones: + - zone: . + port: 53 + # If serviceType is nodePort you can specify nodePort here + # nodePort: 30053 + # hostPort: 53 + plugins: + - name: errors + # Serves a /health endpoint on :8080, required for livenessProbe + - name: health + configBlock: |- + lameduck 5s + # Serves a /ready endpoint on :8181, required for readinessProbe + - name: ready + # Required to query kubernetes API for data + - name: kubernetes + parameters: cluster.local in-addr.arpa ip6.arpa + configBlock: |- + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + # Serves a /metrics endpoint on :9153, required for serviceMonitor + - name: prometheus + parameters: 0.0.0.0:9153 + - name: forward + parameters: . 192.168.10.3 192.168.10.252 + - name: cache + parameters: 30 + - name: loop + - name: reload + - name: loadbalance + prometheus: + service: + enabled: true + monitor: + enabled: true \ No newline at end of file diff --git a/kubernetes/system/network/external-dns/Chart.yaml b/kubernetes/system/network/external-dns/Chart.yaml new file mode 100644 index 0000000..f6157f0 --- /dev/null +++ b/kubernetes/system/network/external-dns/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: external-dns +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "0.0.0" + +dependencies: + - name: external-dns + repository: https://charts.bitnami.com/bitnami + version: 7.5.7 diff --git a/kubernetes/system/network/external-dns/README.md b/kubernetes/system/network/external-dns/README.md new file mode 100644 index 0000000..cdb600b --- /dev/null +++ b/kubernetes/system/network/external-dns/README.md @@ -0,0 +1,3 @@ +# External-dns + +Configure external-dns to dynamically configure pihole dns for each ingress created \ No newline at end of file diff --git a/kubernetes/system/network/external-dns/values.yaml b/kubernetes/system/network/external-dns/values.yaml new file mode 100644 index 0000000..492f5bf --- /dev/null +++ b/kubernetes/system/network/external-dns/values.yaml @@ -0,0 +1,16 @@ +external-dns: + provider: pihole + args: + - --metrics-address=:7979 + - --log-level=info + - --log-format=text + - --policy=upsert-only + - --provider=pihole + - --registry=noop + - --interval=1m + - --source=service + - --source=ingress + - --pihole-server=http://192.168.10.252:8086 + policy: upsert-only + pihole: + secretName: external-dns \ No newline at end of file diff --git a/kubernetes/system/network/ingress-nginx/Chart.yaml b/kubernetes/system/network/ingress-nginx/Chart.yaml new file mode 100644 index 0000000..6d2fce1 --- /dev/null +++ b/kubernetes/system/network/ingress-nginx/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: ingress-nginx +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "0.0.0" + +dependencies: + - name: ingress-nginx + repository: https://kubernetes.github.io/ingress-nginx + version: 4.10.1 diff --git a/kubernetes/system/network/ingress-nginx/README.md b/kubernetes/system/network/ingress-nginx/README.md new file mode 100644 index 0000000..c4ee11c --- /dev/null +++ b/kubernetes/system/network/ingress-nginx/README.md @@ -0,0 +1,11 @@ +# Ingress-nginx + +More info [nginx](https://kubernetes.github.io/ingress-nginx/deploy/) + +## Installation + +```bash +helm upgrade --install ingress-nginx ingress-nginx \ + --repo https://kubernetes.github.io/ingress-nginx \ + --namespace ingress-nginx --create-namespace +``` \ No newline at end of file diff --git a/kubernetes/system/network/ingress-nginx/values.yaml b/kubernetes/system/network/ingress-nginx/values.yaml new file mode 100644 index 0000000..bb26fb8 --- /dev/null +++ b/kubernetes/system/network/ingress-nginx/values.yaml @@ -0,0 +1,9 @@ +ingress-nginx: + controller: + # port: 10254 + metrics: + enabled: true + serviceMonitor: + enabled: true + ingressClassResource: + default: true \ No newline at end of file diff --git a/kubernetes/system/security/external-secrets/Chart.yaml b/kubernetes/system/security/external-secrets/Chart.yaml new file mode 100644 index 0000000..4824c4a --- /dev/null +++ b/kubernetes/system/security/external-secrets/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: external-secret +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "0.0.0" + +dependencies: + - name: external-secrets + repository: https://charts.external-secrets.io + version: 0.9.19 diff --git a/kubernetes/system/security/external-secrets/README.md b/kubernetes/system/security/external-secrets/README.md new file mode 100644 index 0000000..a86d624 --- /dev/null +++ b/kubernetes/system/security/external-secrets/README.md @@ -0,0 +1,14 @@ +# external-secret + +## Installation + +```bash +helm repo add external-secrets https://charts.external-secrets.io + +helm install external-secrets \ + external-secrets/external-secrets \ + -n external-secrets \ + --create-namespace +``` + +More information: [here](https://external-secrets.io/latest/introduction/getting-started/) \ No newline at end of file diff --git a/kubernetes/system/storage/nfs-provisioner/Chart.yaml b/kubernetes/system/storage/nfs-provisioner/Chart.yaml new file mode 100644 index 0000000..a75ef13 --- /dev/null +++ b/kubernetes/system/storage/nfs-provisioner/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: nfs-subdir-external-provisioner +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: "0.0.0" + +dependencies: + - name: nfs-subdir-external-provisioner + repository: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ + version: 4.0.18 diff --git a/kubernetes/system/storage/nfs-provisioner/README.md b/kubernetes/system/storage/nfs-provisioner/README.md new file mode 100644 index 0000000..53e4651 --- /dev/null +++ b/kubernetes/system/storage/nfs-provisioner/README.md @@ -0,0 +1,64 @@ +# nfs-external-provisioner + +The NFS subdir external [provisioner](https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner) is an automatic provisioner for Kubernetes that uses your already configured NFS server, automatically creating Persistent Volumes. + +## Installation + +More information in [readme](https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/blob/master/charts/nfs-subdir-external-provisioner/README.md). + +```bash +# On client, install nfs-common +apt-get install nfs-common -y + +helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ + +helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner --set nfs.server=192.168.10.252 --set nfs.path=/volume1/nfs/kubernetes --set storageClass.reclaimPolicy=Retain -n nfs-provisioner --create-namespace + +# OR + +helm install nfs-subdir-external-provisioner . -n nfs-provisioner --create-namespace +``` + +After the installation, the storageClassName to use is `nfs-client`. + +## Usage + +Pod config +```yaml +kind: Pod +apiVersion: v1 +metadata: + name: test-pod +spec: + containers: + - name: test-pod + image: busybox:stable + command: + - "/bin/sh" + args: + - "-c" + - "touch /mnt/SUCCESS && exit 0 || exit 1" + volumeMounts: + - name: nfs-pvc + mountPath: "/mnt" + restartPolicy: "Never" + volumes: + - name: nfs-pvc + persistentVolumeClaim: + claimName: test-claim +``` + +PVC config +```yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: test-claim +spec: + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Mi +``` \ No newline at end of file diff --git a/kubernetes/system/storage/nfs-provisioner/values.yaml b/kubernetes/system/storage/nfs-provisioner/values.yaml new file mode 100644 index 0000000..5cb83da --- /dev/null +++ b/kubernetes/system/storage/nfs-provisioner/values.yaml @@ -0,0 +1,6 @@ +nfs-subdir-external-provisioner: + nfs: + server: 192.168.10.252 + path: /volume1/nfs/kubernetes + storageClass: + reclaimPolicy: Retain \ No newline at end of file diff --git a/kubernetes/system/storage/openebs-system/Chart.yaml b/kubernetes/system/storage/openebs-system/Chart.yaml new file mode 100644 index 0000000..163e92c --- /dev/null +++ b/kubernetes/system/storage/openebs-system/Chart.yaml @@ -0,0 +1,12 @@ + +apiVersion: v2 +name: openebs +description: A Helm chart for Kubernetes +type: application +version: 0.1.0 +appVersion: 3.10.0 + +dependencies: + - name: openebs + repository: https://openebs.github.io/charts + version: 3.10.0 \ No newline at end of file diff --git a/kubernetes/system/storage/openebs-system/README.md b/kubernetes/system/storage/openebs-system/README.md new file mode 100644 index 0000000..2909a17 --- /dev/null +++ b/kubernetes/system/storage/openebs-system/README.md @@ -0,0 +1,9 @@ +# openebs + +Quick start installation [guide](https://openebs.io/docs/quickstart-guide/installation) + +Install driver on node before installing `ZFS`. See [documentation](https://openebs.io/docs/user-guides/local-storage-user-guide/local-pv-zfs/zfs-installation) + +```bash +helm install openebs . -n openebs-system --create-namespace +``` diff --git a/kubernetes/system/storage/openebs-system/values.yaml b/kubernetes/system/storage/openebs-system/values.yaml new file mode 100644 index 0000000..c9b3414 --- /dev/null +++ b/kubernetes/system/storage/openebs-system/values.yaml @@ -0,0 +1,5 @@ +openebs: + localprovisioner: + basePath: "/data" + deviceClass: + reclaimPolicy: Retain \ No newline at end of file