From 5b4bbe8f86fdcd8d3b6a9d1401cb287ca5c6f76a Mon Sep 17 00:00:00 2001 From: j Date: Fri, 22 Aug 2025 22:12:13 +1000 Subject: [PATCH] idk --- .../10-external-secrets/eso-crds/eso.yaml | 0 .../10-external-secrets/external-secrets.yaml | 0 .../10-replicator/replicator.yaml | 0 .../20-domain-names/bind/bind.yaml | 0 .../certmanager-a/certmanager-a.yaml | 0 .../certmanager-b/certmanager-b.yaml | 0 .../20-domain-names/dns.yaml | 0 .../externaldns/externaldns.yaml | 0 .../30-databases/databases.yaml | 0 .../mariadb-database/database.yaml | 0 .../mariadb-operators/mariadb-operators.yaml | 0 .../30-databases/postgresql/bitnami.yaml | 0 .../30-databases/redis/redis.yaml | 0 .../40-authentik/authentik.yaml | 0 .../50-nextcloud/nextcloud.yaml | 0 .../60-general-shit/open-webui.yaml | 0 .../70-monitoring/grafana.yaml | 0 .../70-monitoring/loki.yaml | 0 .../70-monitoring/prometheus.yaml | 0 .../80-private/private.yaml | 0 applications/databases/databases.yaml | 42 ++++++ .../databases/mariadb-database/database.yaml | 13 ++ .../mariadb-operators/mariadb-operators.yaml | 53 +++++++ .../databases/postgresql/bitnami.yaml | 40 +++++ applications/databases/redis/redis.yaml | 38 +++++ applications/domain-names/bind/bind.yaml | 139 ++++++++++++++++++ .../certmanager-a/certmanager-a.yaml | 33 +++++ .../certmanager-b/certmanager-b.yaml | 41 ++++++ applications/domain-names/dns.yaml | 42 ++++++ .../domain-names/externaldns/externaldns.yaml | 78 ++++++++++ applications/replicator/replicator.yaml | 91 ++++++++++++ deploy.old/server.yaml | 76 ++++++++++ deploy/server.yaml | 40 +---- 33 files changed, 691 insertions(+), 35 deletions(-) rename {applications => applications.old}/10-external-secrets/eso-crds/eso.yaml (100%) rename {applications => applications.old}/10-external-secrets/external-secrets.yaml (100%) rename {applications => applications.old}/10-replicator/replicator.yaml (100%) rename {applications => applications.old}/20-domain-names/bind/bind.yaml (100%) rename {applications => applications.old}/20-domain-names/certmanager-a/certmanager-a.yaml (100%) rename {applications => applications.old}/20-domain-names/certmanager-b/certmanager-b.yaml (100%) rename {applications => applications.old}/20-domain-names/dns.yaml (100%) rename {applications => applications.old}/20-domain-names/externaldns/externaldns.yaml (100%) rename {applications => applications.old}/30-databases/databases.yaml (100%) rename {applications => applications.old}/30-databases/mariadb-database/database.yaml (100%) rename {applications => applications.old}/30-databases/mariadb-operators/mariadb-operators.yaml (100%) rename {applications => applications.old}/30-databases/postgresql/bitnami.yaml (100%) rename {applications => applications.old}/30-databases/redis/redis.yaml (100%) rename {applications => applications.old}/40-authentik/authentik.yaml (100%) rename {applications => applications.old}/50-nextcloud/nextcloud.yaml (100%) rename {applications => applications.old}/60-general-shit/open-webui.yaml (100%) rename {applications => applications.old}/70-monitoring/grafana.yaml (100%) rename {applications => applications.old}/70-monitoring/loki.yaml (100%) rename {applications => applications.old}/70-monitoring/prometheus.yaml (100%) rename {applications => applications.old}/80-private/private.yaml (100%) create mode 100644 applications/databases/databases.yaml create mode 100644 applications/databases/mariadb-database/database.yaml create mode 100644 applications/databases/mariadb-operators/mariadb-operators.yaml create mode 100644 applications/databases/postgresql/bitnami.yaml create mode 100644 applications/databases/redis/redis.yaml create mode 100644 applications/domain-names/bind/bind.yaml create mode 100644 applications/domain-names/certmanager-a/certmanager-a.yaml create mode 100644 applications/domain-names/certmanager-b/certmanager-b.yaml create mode 100644 applications/domain-names/dns.yaml create mode 100644 applications/domain-names/externaldns/externaldns.yaml create mode 100644 applications/replicator/replicator.yaml create mode 100644 deploy.old/server.yaml diff --git a/applications/10-external-secrets/eso-crds/eso.yaml b/applications.old/10-external-secrets/eso-crds/eso.yaml similarity index 100% rename from applications/10-external-secrets/eso-crds/eso.yaml rename to applications.old/10-external-secrets/eso-crds/eso.yaml diff --git a/applications/10-external-secrets/external-secrets.yaml b/applications.old/10-external-secrets/external-secrets.yaml similarity index 100% rename from applications/10-external-secrets/external-secrets.yaml rename to applications.old/10-external-secrets/external-secrets.yaml diff --git a/applications/10-replicator/replicator.yaml b/applications.old/10-replicator/replicator.yaml similarity index 100% rename from applications/10-replicator/replicator.yaml rename to applications.old/10-replicator/replicator.yaml diff --git a/applications/20-domain-names/bind/bind.yaml b/applications.old/20-domain-names/bind/bind.yaml similarity index 100% rename from applications/20-domain-names/bind/bind.yaml rename to applications.old/20-domain-names/bind/bind.yaml diff --git a/applications/20-domain-names/certmanager-a/certmanager-a.yaml b/applications.old/20-domain-names/certmanager-a/certmanager-a.yaml similarity index 100% rename from applications/20-domain-names/certmanager-a/certmanager-a.yaml rename to applications.old/20-domain-names/certmanager-a/certmanager-a.yaml diff --git a/applications/20-domain-names/certmanager-b/certmanager-b.yaml b/applications.old/20-domain-names/certmanager-b/certmanager-b.yaml similarity index 100% rename from applications/20-domain-names/certmanager-b/certmanager-b.yaml rename to applications.old/20-domain-names/certmanager-b/certmanager-b.yaml diff --git a/applications/20-domain-names/dns.yaml b/applications.old/20-domain-names/dns.yaml similarity index 100% rename from applications/20-domain-names/dns.yaml rename to applications.old/20-domain-names/dns.yaml diff --git a/applications/20-domain-names/externaldns/externaldns.yaml b/applications.old/20-domain-names/externaldns/externaldns.yaml similarity index 100% rename from applications/20-domain-names/externaldns/externaldns.yaml rename to applications.old/20-domain-names/externaldns/externaldns.yaml diff --git a/applications/30-databases/databases.yaml b/applications.old/30-databases/databases.yaml similarity index 100% rename from applications/30-databases/databases.yaml rename to applications.old/30-databases/databases.yaml diff --git a/applications/30-databases/mariadb-database/database.yaml b/applications.old/30-databases/mariadb-database/database.yaml similarity index 100% rename from applications/30-databases/mariadb-database/database.yaml rename to applications.old/30-databases/mariadb-database/database.yaml diff --git a/applications/30-databases/mariadb-operators/mariadb-operators.yaml b/applications.old/30-databases/mariadb-operators/mariadb-operators.yaml similarity index 100% rename from applications/30-databases/mariadb-operators/mariadb-operators.yaml rename to applications.old/30-databases/mariadb-operators/mariadb-operators.yaml diff --git a/applications/30-databases/postgresql/bitnami.yaml b/applications.old/30-databases/postgresql/bitnami.yaml similarity index 100% rename from applications/30-databases/postgresql/bitnami.yaml rename to applications.old/30-databases/postgresql/bitnami.yaml diff --git a/applications/30-databases/redis/redis.yaml b/applications.old/30-databases/redis/redis.yaml similarity index 100% rename from applications/30-databases/redis/redis.yaml rename to applications.old/30-databases/redis/redis.yaml diff --git a/applications/40-authentik/authentik.yaml b/applications.old/40-authentik/authentik.yaml similarity index 100% rename from applications/40-authentik/authentik.yaml rename to applications.old/40-authentik/authentik.yaml diff --git a/applications/50-nextcloud/nextcloud.yaml b/applications.old/50-nextcloud/nextcloud.yaml similarity index 100% rename from applications/50-nextcloud/nextcloud.yaml rename to applications.old/50-nextcloud/nextcloud.yaml diff --git a/applications/60-general-shit/open-webui.yaml b/applications.old/60-general-shit/open-webui.yaml similarity index 100% rename from applications/60-general-shit/open-webui.yaml rename to applications.old/60-general-shit/open-webui.yaml diff --git a/applications/70-monitoring/grafana.yaml b/applications.old/70-monitoring/grafana.yaml similarity index 100% rename from applications/70-monitoring/grafana.yaml rename to applications.old/70-monitoring/grafana.yaml diff --git a/applications/70-monitoring/loki.yaml b/applications.old/70-monitoring/loki.yaml similarity index 100% rename from applications/70-monitoring/loki.yaml rename to applications.old/70-monitoring/loki.yaml diff --git a/applications/70-monitoring/prometheus.yaml b/applications.old/70-monitoring/prometheus.yaml similarity index 100% rename from applications/70-monitoring/prometheus.yaml rename to applications.old/70-monitoring/prometheus.yaml diff --git a/applications/80-private/private.yaml b/applications.old/80-private/private.yaml similarity index 100% rename from applications/80-private/private.yaml rename to applications.old/80-private/private.yaml diff --git a/applications/databases/databases.yaml b/applications/databases/databases.yaml new file mode 100644 index 0000000..7c57963 --- /dev/null +++ b/applications/databases/databases.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: home-server-databases + namespace: argocd +spec: + goTemplate: true + generators: + - list: + elements: + - name: mariadb-operators + path: applications/30-databases/mariadb-operators + wave: 1 + - name: mariadb-database + path: applications/30-databases/mariadb-database + wave: 2 + - name: postgresql + path: applications/30-databases/postgresql + wave: 2 + - name: redis + path: applications/30-databases/redis + wave: 2 + template: + metadata: + name: '{{.name}}' + spec: + project: default + source: + repoURL: 'https://repobase.net/j/home-server.git' + targetRevision: HEAD + path: '{{.path}}' + destination: + server: 'https://kubernetes.default.svc' + namespace: database + syncPolicy: + automated: + prune: false + selfHeal: true + syncOptions: + - CreateNamespace=true + - SyncWave={{.wave}} diff --git a/applications/databases/mariadb-database/database.yaml b/applications/databases/mariadb-database/database.yaml new file mode 100644 index 0000000..77be256 --- /dev/null +++ b/applications/databases/mariadb-database/database.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb + namespace: database +spec: + rootPasswordSecretKeyRef: + name: db-secrets + key: db-root-password + + storage: + size: 5Gi diff --git a/applications/databases/mariadb-operators/mariadb-operators.yaml b/applications/databases/mariadb-operators/mariadb-operators.yaml new file mode 100644 index 0000000..38bbf24 --- /dev/null +++ b/applications/databases/mariadb-operators/mariadb-operators.yaml @@ -0,0 +1,53 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: mariadb-operator-crds + namespace: argocd +spec: + project: default + source: + repoURL: "https://helm.mariadb.com/mariadb-operator" + chart: "mariadb-operator-crds" + targetRevision: "25.8.3" + helm: + releaseName: "mariadb-operator-crds" + destination: + server: "https://kubernetes.default.svc" + namespace: database + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + - SkipHooks=false + - SyncWave=0 + +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: mariadb-operator + namespace: argocd +spec: + project: default + source: + repoURL: "https://helm.mariadb.com/mariadb-operator" + chart: "mariadb-operator" + targetRevision: "25.8.3" + helm: + releaseName: "mariadb-operator" + destination: + server: "https://kubernetes.default.svc" + namespace: database + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + - SkipHooks=false + - SyncWave=1 diff --git a/applications/databases/postgresql/bitnami.yaml b/applications/databases/postgresql/bitnami.yaml new file mode 100644 index 0000000..7ea11db --- /dev/null +++ b/applications/databases/postgresql/bitnami.yaml @@ -0,0 +1,40 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: postgresql-database + namespace: argocd # Replace with your Argo CD namespace if different +spec: + project: default + + source: + repoURL: https://charts.bitnami.com/bitnami + chart: postgresql + targetRevision: 16.7.26 + helm: + releaseName: postgresql + values: | + auth: + existingSecret: postgresql-secret + secretKeys: + postgresPasswordKey: postgres-password + passwordKey: password + usernameKey: username + databaseKey: database + postgresql: + initdbScriptsConfigMap: postgresql-init + primary: + persistence: + enabled: true + size: 8Gi + architecture: standalone + + destination: + server: https://kubernetes.default.svc + namespace: database + + syncPolicy: + automated: + selfHeal: true + prune: false + syncOptions: + - CreateNamespace=true diff --git a/applications/databases/redis/redis.yaml b/applications/databases/redis/redis.yaml new file mode 100644 index 0000000..c3ec7ff --- /dev/null +++ b/applications/databases/redis/redis.yaml @@ -0,0 +1,38 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis-deployment + namespace: database + labels: + app: redis +spec: + replicas: 1 + selector: + matchLabels: + app: redis + template: + metadata: + labels: + app: redis + spec: + containers: + - name: redis + image: redis:latest + ports: + - containerPort: 6379 +--- +apiVersion: v1 +kind: Service +metadata: + name: redis + namespace: database +spec: + selector: + app: redis + ports: + - protocol: TCP + port: 6379 + targetPort: 6379 + + diff --git a/applications/domain-names/bind/bind.yaml b/applications/domain-names/bind/bind.yaml new file mode 100644 index 0000000..c44f7d5 --- /dev/null +++ b/applications/domain-names/bind/bind.yaml @@ -0,0 +1,139 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: bind-master-config + namespace: home-server +data: + named.conf: | + include "/etc/bind/externaldns-key.conf"; + + options { + directory "/var/cache/bind"; + + recursion yes; + allow-query { any; }; + + listen-on port 53 { any; }; + listen-on-v6 port 53 { any; }; + + forwarders { + 10.40.0.254; + }; + + dnssec-validation auto; + }; + + zone "." IN { + type hint; + file "/usr/share/dns/root.hints"; + }; + + zone "hxme.net." IN { + type master; + file "/etc/bind/db.hxme.net"; + allow-update { key "externaldns-key"; }; + }; + db.hxme.net: | + $TTL 3600 + @ IN SOA ns1.hxme.net. admin.hxme.net. ( + 1 ; Serial + 7200 ; Refresh + 1800 ; Retry + 1209600 ; Expire + 86400 ) ; Negative Cache TTL + ; + @ IN NS ns1.hxme.net. + ns1 IN A 10.40.0.110 + @ IN A 10.40.0.110 + www IN A 10.40.0.110 +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: bind-master + namespace: home-server +spec: + selector: + matchLabels: + app: bind-master + template: + metadata: + labels: + app: bind-master + spec: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + securityContext: + fsGroup: 999 + initContainers: + - name: fetch-root-hints + image: debian:12 + command: + - sh + - -c + - | + apt update && apt -y install curl + curl -sfSL https://www.internic.net/domain/named.cache -o /usr/share/dns/root.hints + volumeMounts: + - mountPath: /usr/share/dns + name: root-hints + containers: + - name: bind-master + image: internetsystemsconsortium/bind9:9.18 + command: ["named", "-g", "-c", "/etc/bind/named.conf"] + ports: + - containerPort: 53 + protocol: UDP + - containerPort: 53 + protocol: TCP + volumeMounts: + - name: config + mountPath: /etc/bind/named.conf + subPath: named.conf + - name: config + mountPath: /etc/bind/db.hxme.net + subPath: db.hxme.net + - name: dns-secrets + mountPath: /etc/bind/externaldns-key.conf + subPath: externaldns-key.conf + - name: bind-cache + mountPath: /var/cache/bind + - name: bind-rundir + mountPath: /var/run/named + - name: root-hints + mountPath: /usr/share/dns + volumes: + - name: dns-secrets + secret: + secretName: dns-secrets + - name: config + configMap: + name: bind-master-config + - name: bind-cache + emptyDir: {} + - name: bind-rundir + emptyDir: {} + - name: root-hints + emptyDir: {} + +--- +apiVersion: v1 +kind: Service +metadata: + name: bind-master + namespace: home-server +spec: + selector: + app: bind-master + ports: + - name: dns-udp + port: 53 + protocol: UDP + targetPort: 53 + - name: dns-tcp + port: 53 + protocol: TCP + targetPort: 53 + + diff --git a/applications/domain-names/certmanager-a/certmanager-a.yaml b/applications/domain-names/certmanager-a/certmanager-a.yaml new file mode 100644 index 0000000..b0fa560 --- /dev/null +++ b/applications/domain-names/certmanager-a/certmanager-a.yaml @@ -0,0 +1,33 @@ +--- +# 1. cert-manager Helm chart +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager + namespace: argocd +spec: + project: default + source: + repoURL: "https://charts.jetstack.io" + chart: "cert-manager" + targetRevision: "v1.18.2" + helm: + releaseName: "cert-manager" + values: | + installCRDs: true + extraArgs: + - --dns01-recursive-nameservers-only + - --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53 + destination: + server: "https://kubernetes.default.svc" + namespace: home-server + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + - SkipHooks=false + - SyncWave=0 # ensure cert-manager is installed first + diff --git a/applications/domain-names/certmanager-b/certmanager-b.yaml b/applications/domain-names/certmanager-b/certmanager-b.yaml new file mode 100644 index 0000000..a116f35 --- /dev/null +++ b/applications/domain-names/certmanager-b/certmanager-b.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-rfc2136 +spec: + acme: + email: admin@hxme.net + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-rfc2136 + solvers: + - dns01: + rfc2136: + nameserver: hawke.hxst.com.au:53 + tsigKeyName: "hxme-update-key" + tsigAlgorithm: HMACSHA512 + tsigSecretSecretRef: + name: hxme-update-key + key: hxme-update-key + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: wildcard-hxme-net + namespace: home-server +spec: + secretName: wildcard-hxme-net + secretTemplate: + annotations: + replicator.v1.mittwald.de/replication-allowed: "true" + replicator.v1.mittwald.de/replicate-to: "home-media" + issuerRef: + name: letsencrypt-rfc2136 + kind: ClusterIssuer + commonName: "hxme.net" + dnsNames: + - "hxme.net" + - "*.hxme.net" + diff --git a/applications/domain-names/dns.yaml b/applications/domain-names/dns.yaml new file mode 100644 index 0000000..b9d5e5a --- /dev/null +++ b/applications/domain-names/dns.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: hxme-dns-deploy + namespace: argocd +spec: + goTemplate: true + generators: + - list: + elements: + - name: certmanager-crds + path: applications/20-domain-names/certmanager-a + wave: 1 + - name: certmanager-not-crds + path: applications/20-domain-names/certmanager-b + wave: 2 + - name: bind + path: applications/20-domain-names/bind + wave: 3 + - name: externaldns + path: applications/20-domain-names/externaldns + wave: 3 + template: + metadata: + name: '{{.name}}' + spec: + project: default + source: + repoURL: 'https://repobase.net/j/home-server.git' + targetRevision: HEAD + path: '{{.path}}' + destination: + server: 'https://kubernetes.default.svc' + namespace: database + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - SyncWave={{.wave}} diff --git a/applications/domain-names/externaldns/externaldns.yaml b/applications/domain-names/externaldns/externaldns.yaml new file mode 100644 index 0000000..c3a9736 --- /dev/null +++ b/applications/domain-names/externaldns/externaldns.yaml @@ -0,0 +1,78 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: external-dns +rules: + - apiGroups: [""] + resources: ["services","endpoints","pods"] + verbs: ["get","watch","list"] + - apiGroups: ["extensions","networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get","watch","list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list","watch"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "watch", "list"] + # Add DNS provider specific rules here if needed (e.g., for AWS IAM, GCP etc.) +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: external-dns-viewer +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-dns +subjects: + - kind: ServiceAccount + name: external-dns + namespace: home-server +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: external-dns + namespace: home-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: external-dns + namespace: home-server +spec: + replicas: 1 + selector: + matchLabels: + app: external-dns + template: + metadata: + labels: + app: external-dns + spec: + serviceAccountName: external-dns + containers: + - name: external-dns + image: bitnami/external-dns:latest + args: + - --source=service + - --source=ingress + - --provider=rfc2136 + - --rfc2136-host=bind-master.home-server.svc.cluster.local + - --rfc2136-port=53 + - --rfc2136-zone=hxme.net + - --rfc2136-tsig-secret=$(RFC2136_TSIG_SECRET) + - --rfc2136-tsig-secret-alg=hmac-sha256 + - --rfc2136-tsig-keyname=externaldns-key + - --policy=sync + - --registry=txt + - --txt-owner-id=my-cluster + env: + - name: RFC2136_TSIG_SECRET + valueFrom: + secretKeyRef: + name: dns-secrets + key: externaldns-secret + diff --git a/applications/replicator/replicator.yaml b/applications/replicator/replicator.yaml new file mode 100644 index 0000000..e7aa4cb --- /dev/null +++ b/applications/replicator/replicator.yaml @@ -0,0 +1,91 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubernetes-replicator + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubernetes-replicator +rules: + - apiGroups: ["", "apps", "extensions"] + resources: + - secrets + - configmaps + - roles + - rolebindings + - cronjobs + - deployments + - events + - ingresses + - jobs + - pods + - pods/attach + - pods/exec + - pods/log + - pods/portforward + - services + - namespaces + - serviceaccounts + verbs: ["*"] + - apiGroups: ["batch"] + resources: + - configmaps + - cronjobs + - deployments + - events + - ingresses + - jobs + - pods + - pods/attach + - pods/exec + - pods/log + - pods/portforward + - services + verbs: ["*"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: + - roles + - rolebindings + - clusterrolebindings + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubernetes-replicator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubernetes-replicator +subjects: + - kind: ServiceAccount + name: kubernetes-replicator + namespace: kube-system +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kubernetes-replicator + namespace: argocd +spec: + project: default + source: + repoURL: "https://helm.mittwald.de" + chart: "kubernetes-replicator" + targetRevision: "2.12.0" + helm: + releaseName: "kubernetes-replicator" + values: | + serviceAccount: + create: false + name: kubernetes-replicator + destination: + server: "https://kubernetes.default.svc" + namespace: kube-system + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/deploy.old/server.yaml b/deploy.old/server.yaml new file mode 100644 index 0000000..59efb4e --- /dev/null +++ b/deploy.old/server.yaml @@ -0,0 +1,76 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: deploy-hxme + namespace: argocd +spec: + goTemplate: true + generators: + - list: + elements: + - name: deploy-eso + path: applications/10-external-secrets + namespace: home-server + wave: 1 + + - name: deploy-replicator + path: applications/10-replicator + namespace: home-server + wave: 2 + + - name: deploy-dns + path: applications/20-domain-names + namespace: home-server + wave: 3 + + - name: deploy-databases + path: applications/30-databases + namespace: database + wave: 4 + + - name: deploy-authentik + path: applications/40-authentik + namespace: home-server + wave: 5 + + - name: deploy-nextcloud + path: applications/50-nextcloud + namespace: home-server + wave: 6 + + - name: deploy-general-shit + path: applications/60-general-shit + namespace: home-server + wave: 7 + + - name: deploy-monitoring + path: applications/70-monitoring + namespace: home-server + wave: 8 + + - name: deploy-private + path: applications/80-private + namespace: home-server-private + wave: 9 + + template: + metadata: + name: "{{.name}}" + spec: + project: default + source: + repoURL: 'https://repobase.net/j/home-server.git' + targetRevision: main + path: "{{.path}}" + destination: + server: 'https://kubernetes.default.svc' + namespace: '{{.namespace}}' + syncPolicy: + automated: + enabled: true + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - SyncWave={{.wave}} diff --git a/deploy/server.yaml b/deploy/server.yaml index 59efb4e..5822477 100644 --- a/deploy/server.yaml +++ b/deploy/server.yaml @@ -9,50 +9,20 @@ spec: generators: - list: elements: - - name: deploy-eso - path: applications/10-external-secrets + - name: deploy-domain-names + path: applications/domain-names namespace: home-server wave: 1 - name: deploy-replicator - path: applications/10-replicator + path: applications/replicator namespace: home-server wave: 2 - - name: deploy-dns - path: applications/20-domain-names - namespace: home-server - wave: 3 - - name: deploy-databases - path: applications/30-databases + path: applications/databases namespace: database - wave: 4 - - - name: deploy-authentik - path: applications/40-authentik - namespace: home-server - wave: 5 - - - name: deploy-nextcloud - path: applications/50-nextcloud - namespace: home-server - wave: 6 - - - name: deploy-general-shit - path: applications/60-general-shit - namespace: home-server - wave: 7 - - - name: deploy-monitoring - path: applications/70-monitoring - namespace: home-server - wave: 8 - - - name: deploy-private - path: applications/80-private - namespace: home-server-private - wave: 9 + wave: 3 template: metadata: