diff --git a/memestream/memestream.ingress.yaml b/memestream/memestream.ingress.yaml index 11fc963..cbb851e 100644 --- a/memestream/memestream.ingress.yaml +++ b/memestream/memestream.ingress.yaml @@ -28,6 +28,7 @@ spec: name: memestream-meili port: number: 7700 + - host: memestream.ntwl.xyz http: paths: diff --git a/ops/grafana.yaml b/ops/grafana.yaml deleted file mode 100644 index 66db06e..0000000 --- a/ops/grafana.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: grafana-pv -spec: - storageClassName: "" - capacity: - storage: 1Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - claimRef: - namespace: monitor - name: grafana-pvc - hostPath: - path: "/var/lib/rancher/k3s/storage/grafana-pv" - type: DirectoryOrCreate ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: grafana-pvc - namespace: monitor -spec: - volumeName: grafana-pv - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi diff --git a/ops/kubeseal.yaml b/ops/kubeseal.yaml new file mode 100755 index 0000000..1e62e62 --- /dev/null +++ b/ops/kubeseal.yaml @@ -0,0 +1,14 @@ +--- + +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: sealed-secrets + namespace: ops +spec: + repo: https://bitnami-labs.github.io/sealed-secrets + chart: sealed-secrets + version: 2.17.3 + targetNamespace: kube-system + valuesContent: |- + fullnameOverride: sealed-secrets-controller diff --git a/ops/minio.ingress.yaml b/ops/minio.ingress.yaml new file mode 100755 index 0000000..46c0d12 --- /dev/null +++ b/ops/minio.ingress.yaml @@ -0,0 +1,39 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: storage + namespace: ops + labels: + app: minio + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" + haproxy.org/proxy-body-size-limit: "1g" +spec: + ingressClassName: haproxy + tls: + - hosts: + - minio.ntwl.xyz + - storage.ntwl.xyz + secretName: minio-tls + rules: + - host: minio.ntwl.xyz + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: minio + port: + number: 9090 + + - host: storage.ntwl.xyz + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: minio + port: + number: 9000 diff --git a/storage/minio.yaml b/ops/minio.yaml old mode 100644 new mode 100755 similarity index 83% rename from storage/minio.yaml rename to ops/minio.yaml index f838e96..4b20202 --- a/storage/minio.yaml +++ b/ops/minio.yaml @@ -4,37 +4,18 @@ --- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: minio-pv -spec: - storageClassName: "" - capacity: - storage: 20Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - claimRef: - namespace: default - name: minio-pvc - hostPath: - path: "/var/lib/rancher/k3s/storage/minio-pv" - type: DirectoryOrCreate - ---- - kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: minio-pvc + name: minio-storage + namespace: ops spec: - volumeName: minio-pv + storageClassName: zfs-fast accessModes: - ReadWriteOnce resources: requests: - storage: 20Gi + storage: 100Gi --- @@ -46,6 +27,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: minio + namespace: ops spec: replicas: 1 selector: @@ -107,7 +89,7 @@ spec: volumes: - name: minio-storage persistentVolumeClaim: - claimName: minio-pvc + claimName: minio-storage --- @@ -115,7 +97,8 @@ spec: apiVersion: v1 kind: Service metadata: - name: minio-service + name: minio + namespace: ops labels: app: minio spec: diff --git a/ops/values.yaml b/ops/values.yaml deleted file mode 100644 index 7f8084c..0000000 --- a/ops/values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -grafana: - persistence: - type: pvc - enabled: true - # annotations: {} - finalizers: - - kubernetes.io/pvc-protection - existingClaim: grafana-pvc - -alertmanager: - enabled: false - -loki: - auth_enabled: false - commonConfig: - replication_factor: 1 - storage: - type: 'filesystem' -singleBinary: - replicas: 1 diff --git a/ops/vlt.seal.json b/ops/vlt.seal.json new file mode 100644 index 0000000..b95e2f5 --- /dev/null +++ b/ops/vlt.seal.json @@ -0,0 +1,29 @@ +{ + "kind": "SealedSecret", + "apiVersion": "bitnami.com/v1alpha1", + "metadata": { + "name": "couchdb-couchdb", + "namespace": "ops", + "creationTimestamp": null + }, + "spec": { + "template": { + "metadata": { + "name": "couchdb-couchdb", + "namespace": "ops", + "creationTimestamp": null, + "labels": { + "app": "couchdb", + "service": "obsidian-livesync" + } + }, + "type": "Opaque" + }, + "encryptedData": { + "adminPassword": "AgAv+nUY0+WeMJ2Kz0DX9F2l3BvdRrtqbWIowaiIcbWOEjBh3CAFNj4YqUBcUSKn0RsTqYcStDuM1bHBdoWvUj+bfjuoZcYXlXck0QYoGH6PkVfP67GvTgAgQpD7D3D1Q/su16lVBQ671jIxjBi6J38Aiq7Iqkg70vqTE3fclxW6rD6uuPSuYcpaUEUr98/ZYwKgdOZdYLbPAtdwFY6iD2u7HmhZN8Io7N77ofd8GcVREjsOl/5f9y29OBEyAgRzb0glj10z4cdnR/fhVQeGMFKlFU/ld3lVMqncpmC+/hi2JiNYa31S8Uld4oJp/w74fkWBsV+1rsDIrch1uXjRmdpVfpZ5EYBew/t/5G6PtaTGvI9I00zlbrRflYeSMSe4qNIPP4B77LP78FjuHo+NCqLP5pvJ+e3jJJppy9fuhnoy+1rDo1wl/8l4YcQTL77idgvSwCYmaOXi4BApbebZBKwHdKVEnO+yEHEG9VomVcfSEo8NZeXT6aa8BlmTuQLDOZf1vEfGeYnKNz2t5m4uy5tYZ76i5NM37w2vLv+TU/mG9LbKzFBSJ+CHnnv+pmfoXSd1co7vS2vbi1CRkeB0t1RuB7i/YYtpPCtVTnk8s6eZ315pQkLR7M0/0yi2RyJiYB3UEvaZlDF4y8DstbKDWzqPslmLq5VumxMZEQDYvzPbsdYQaEiX90hDnMfKHt48rnO1htOC5NwaqKWWMWs6", + "adminUsername": "AgAe33Ip20GvP1XRkon2XNBwsfTa0YVVlH+jg8NqKKEkRy4Xa6+Nwzl3OAcTxCxrLECxx0OCafCZXTU/dxbaoTO8izrtOGcmlb0fxjucf/5vwJFjTuhdk4AehpUSYXqIw76ZkJLJcqFSHewv7BvbCBRwef7gR/xnpFWak2r2Hhi1po6AmRzhJlp/Z3ndLfpywl1Jnqfsz9H54R5lDz3BXUXxW5zYTS8jsXJS60Cp7oFuNO8UQoYYJ+a1C6kXIvqVuEf1NuFwfx6hjTfm56MjSLTKr7G8rIX4bEpGtjHcAiuNXGlk2of5Uw/PgaUvsIfymoz+tnIsLbHEBOK0v1MRBkvsOz1M/D9C+lu2XX0CrtOX3Ww2Z5L542V8SqL5QBR2PBf0J0IvaDSioh4mgdcHZUhvduUZJ3FLbxVptWMQvRKvhsiR6U5/XXXLIMIQDUQ4kDpgsb7rPYmeqbeJOxY0SZ5XO4OY+kreBP1pylza/mr+DuzSWxzDyDV+VM+XfwkzgeBW8hv9dfuWJnD6Z0T4cYOQ+4VGrTwK5K6hNV84aK+zXDlMiijdX5Gxe3oS7Vdl3pAKz40v/7YZ5UWBHHk+TAu5DKU7mAF6MvICwTFj4M0s85jnI/uUGjEZ0y0BlX9W6cZF5wusczTUyhDv1WvSPpNBv4Htk+NZq50Y/v8PPyQUspLEngfoVEBZUL2z6hLtneITFhI=", + "cookieAuthSecret": "AgCIstQYGlgIvZMgx0obHFxz+vpefo9f5ZSiBmdxOm3HiU7saVS2s2Yc1YYhXO4ANvOOz5aRBdTp9l53c735htcq5vIhc9kERsxSLyxsGKfaq7ZtYt8fcHn00cmGwJDfIBzG5u1mBPe+mp+WZaBjXFEbBdISD1cndom7x6JdEljdZ5v19+z3TuAhHo2/kWMK7mVucIn1vglo51SSSz2F1HfgxfdPo7mDPybJYkOV1DOe8xzRvOWcAV7DhPxdkjFlLejTSiwFixkSy8QtnD96gjQXXZfOJsxdaYOXn3QMqNHBOq7qwhdHtJ3ugKHlrlJyGtlYFNhh9+i/MaWCEXvRZmCdZqee7un6KCPlL3vhFR0ABvXqgAWtIHPDgrDihqPHBv+CHvJs8Tu5d2ryKWTUkndMwTs+7BaZFS8KfIUtMrxec7+McEO2SyJOMjMJkDZMzcIz+gfu/9/0LYQ9IGjQ4P4m+/ZxM+VyBQjIRM/TjwmF8pXdB0Zs7HBL3KrWHELoe25lMa0iYOkI0tmZKhR43yCO+NOt93c6LS/QrVcJHnK5aY3GqwG9sjB5MEmR4eycYMNU/EjlYhRHrIMZnRvPb9TF8tD55nc8Eulc9DYZ9uFOG+OFlNRr4XHRvy1cmzS6z8lHntlzGyCMO9lkWGPGHC81llKG9uYpHa/eg0askHa7yjYLU1DfxDPAlIvgOqOLLvODOpoyDqAds/HUxZTpeak=", + "erlangCookie": "AgCTickThp91F/3kKWGpsYTKnGKrG7LWN9dbF1vL/gN/4nZ6thW28bQNNSdfKOYLp05U9oRvso4ja3dOpGBGmCS5NnSQY8UA2lGJuGloi49rgeuc34XW/+99RnCG2pwvjLJGhUJ3Zprb5J2Ky6CH4vUVd5Q0/zjGM5MEpaSxqkHriZj33gNy1cink/ZlkSMLpDGktjjHV4k7QHocT06Cu1Gg/ixrF3C2k8kQ9evoJTsOGAXH94E+vdtq/YvH0Be+AKCMc5MldROBEx69qI6uVKh9aM6YKPNfsgoh9A76ialeCYfYxPV/0oSx7YH86tg1yQ3V1Law3Y02tPjfyTsScuLnGbfoDXdcaShyfxxIaUtbEagohpofEZj6xQfO18wwpObZVVny72T9PEt5z5Fbkvv/wHGi0G9BZJ/E6/0T2Onap4WsJlC8I9CwzmcZMhBuECheRxxJ5z20k4bVq99e/iX5Ays90yZeHoJJwVC0e5zxwvdMZ775OSR9I2ibuKZx8UGLw/ZLrFNjdHvt3yAVKNAsdvOg1g7l0zS0i2CW46PcoUaqeFyX5NVda6upc0bEvVDCQV8TKzAv3Kk+rdaIbUM6ovDaClH80oY6lBpVSdGDtJ7Tf5sn5d/jwnm3TJtFyt5B1YXboQL9KWCdYgsUAcWQp9DuCd57sR0BG7oGUuGXwvxLnhAdCe3JkZRrpi7YXr708PXno3dx8wH3K7+j1/zC" + } + } +} diff --git a/ops/vlt.yaml b/ops/vlt.yaml new file mode 100644 index 0000000..6d26dab --- /dev/null +++ b/ops/vlt.yaml @@ -0,0 +1,62 @@ +--- + +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: couchdb + namespace: ops + labels: + app: couchdb + service: vlt +spec: + repo: https://apache.github.io/couchdb-helm + chart: couchdb + version: 4.6.1 + targetNamespace: ops + valuesContent: |- + clusterSize: 1 + createAdminSecret: false + + couchdbConfig: + couchdb: + single_node: true + uuid: 1723f780-f9df-4efb-84dc2e5a691207d8 + max_document_size: 50000000 + max_http_request_size: 4294967296 + chttpd: + require_valid_user: true + enable_cors: true + httpd: + enable_cors: true + WWW-Authenticate: "Basic realm=\"couchdb\"" + cors: + origins: "*" + credentials: true + methods: "GET, PUT, POST, HEAD, DELETE" + headers: "accept, authorization, content-type, origin, referer, x-csrf-token" + + persistentVolume: + enabled: true + storageClass: "zfs-fast" + size: 10Gi + + service: + type: ClusterIP + port: 5984 + + ingress: + enabled: true + className: haproxy + hosts: + - vlt.ntwl.xyz + tls: + - hosts: + - vlt.ntwl.xyz + secretName: couchdb-tls + + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" + haproxy.org/ssl-redirect: "true" + haproxy.org/proxy-body-size: "100m" + haproxy.org/timeout-client: "600s" + haproxy.org/timeout-server: "600s" diff --git a/storage/minio.ingress.yaml b/storage/minio.ingress.yaml index 02d6684..f442d3f 100644 --- a/storage/minio.ingress.yaml +++ b/storage/minio.ingress.yaml @@ -10,7 +10,6 @@ spec: ingressClassName: haproxy tls: - hosts: - - minio.strix.systems - minio.ntwl.xyz secretName: minio.strix.systems rules: @@ -50,20 +49,9 @@ spec: ingressClassName: haproxy tls: - hosts: - - storage.strix.systems - storage.ntwl.xyz - secretName: storage.strix.systems + secretName: storage.ntwl.xyz rules: - - host: storage.strix.systems - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: minio-service - port: - number: 9000 - host: storage.ntwl.xyz http: paths: