diff --git a/templates/dns.yaml b/templates/dns.yaml new file mode 100644 index 0000000..6e9fb30 --- /dev/null +++ b/templates/dns.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bind + labels: + app: bind +spec: + selector: + matchLabels: + app: bind + replicas: 1 + template: + metadata: + labels: + app: bind + spec: + containers: + - name: bind + image: cytopia/bind + imagePullPolicy: "Always" + env: + - name: WILDCARD_DNS + value: "{{ .Values.homey.url }}={{ .Values.homey.ip }}" +--- +apiVersion: v1 +kind: Service +metadata: + name: bind-dns +spec: + selector: + app: bind + ports: + - port: 53 + targetPort: 53 + protocol: TCP + name: dns-tcp + - port: 53 + targetPort: 53 + protocol: UDP + name: dns-udp + externalIPs: + - {{ .Values.homey.ip }} diff --git a/templates/gitea.yaml b/templates/gitea.yaml new file mode 100644 index 0000000..0587619 --- /dev/null +++ b/templates/gitea.yaml @@ -0,0 +1,152 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: gitea-postgres-pass + annotations: + secret-generator.v1.mittwald.de/autogenerate: password +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: gitea-postgres-config + labels: + app: gitea-postgres +data: + POSTGRES_DB: gitea + POSTGRES_USER: gitea +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitea-postgres + labels: + app: gitea-postgres +spec: + replicas: 1 + selector: + matchLabels: + app: gitea-postgres + template: + metadata: + labels: + app: gitea-postgres + name: gitea-postgres + spec: + containers: + - name: gitea-postgres + image: postgres:10.4 + imagePullPolicy: "IfNotPresent" + ports: + - containerPort: 5432 + envFrom: + - configMapRef: + name: gitea-postgres-config + env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: gitea-postgres-pass + key: password + volumeMounts: + - mountPath: /var/lib/postgresql/data + subPath: backup/gitea/db + name: gitea-postgredb + volumes: + - name: gitea-postgredb + persistentVolumeClaim: + claimName: homey-pvc-nfs +--- +apiVersion: v1 +kind: Service +metadata: + name: gitea-postgres-service + labels: + app: gitea-postgres +spec: + ports: + - port: 5432 + selector: + app: gitea-postgres +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitea +spec: + replicas: 1 + selector: + matchLabels: + app: gitea + template: + metadata: + labels: + app: gitea + spec: + containers: + - name: gitea + image: gitea/gitea + ports: + - containerPort: 22 + name: ssh + - containerPort: 3000 + name: http + env: + - name: GITEA_database_DB_TYPE + value: "postgres" + - name: GITEA_database_HOST + value: "gitea-postgres-service:5432" + - name: GITEA_database_NAME + value: "gitea" + - name: GITEA_database_USER + value: "gitea" + - name: GITEA_database_PASSWD + valueFrom: + secretKeyRef: + name: gitea-postgres-pass + key: password + volumeMounts: + - name: gitea-persistent-storage + mountPath: /data + subPath: backup/gitea/gitea/data + volumes: + - name: gitea-persistent-storage + persistentVolumeClaim: + claimName: homey-pvc-nfs +--- +apiVersion: v1 +kind: Service +metadata: + name: gitea-svc +spec: + type: NodePort + selector: + app: gitea + ports: + - name: ssh + protocol: TCP + port: 2222 + targetPort: ssh + - name: http + protocol: TCP + port: 3000 + targetPort: 3000 + selector: + app: gitea +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: gitea-ingress +spec: + rules: + - host: git.{{ .Values.homey.url }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: gitea-svc + port: + number: 3000 diff --git a/templates/homey.yaml b/templates/homey.yaml deleted file mode 100644 index 2ba3823..0000000 --- a/templates/homey.yaml +++ /dev/null @@ -1,439 +0,0 @@ -#_STORAGE______________ ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: homey-pv-nfs - labels: - isbackup: "true" -spec: - capacity: - storage: {{ .Values.homey.storage.backupStorageCapacity }} - storageClassName: standard - accessModes: - - ReadWriteMany - persistentVolumeReclaimPolicy: Recycle - nfs: - path: / - server: {{ .Values.homey.storage.ip }} - readOnly: false ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: homey-pvc-nfs -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: {{ .Values.homey.storage.storageCapacity }} - storageClassName: standard ---- -#_DNS_ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: bind - labels: - app: bind -spec: - selector: - matchLabels: - app: bind - replicas: 1 - template: - metadata: - labels: - app: bind - spec: - containers: - - name: bind - image: cytopia/bind - imagePullPolicy: "Always" - env: - - name: WILDCARD_DNS - value: "{{ .Values.homey.url }}={{ .Values.homey.ip }}" ---- -apiVersion: v1 -kind: Service -metadata: - name: bind-dns -spec: - selector: - app: bind - ports: - - port: 53 - targetPort: 53 - protocol: TCP - name: dns-tcp - - port: 53 - targetPort: 53 - protocol: UDP - name: dns-udp - externalIPs: - - {{ .Values.homey.ip }} ---- -#_LDAP______ -apiVersion: v1 -kind: Secret -metadata: - name: openldap-admin - annotations: - secret-generator.v1.mittwald.de/autogenerate: password ---- -apiVersion: v1 -kind: Secret -metadata: - name: openldap-config - annotations: - secret-generator.v1.mittwald.de/autogenerate: password ---- -apiVersion: v1 -kind: Secret -metadata: - name: openldap-ro - annotations: - secret-generator.v1.mittwald.de/autogenerate: password ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: openldap - labels: - app.kubernetes.io/name: openldap -spec: - selector: - matchLabels: - app.kubernetes.io/name: openldap - replicas: 1 - template: - metadata: - labels: - app.kubernetes.io/name: openldap - spec: - # securityContext: - # fsGroup: 0 - containers: - - name: openldap - image: osixia/openldap - imagePullPolicy: "Always" - env: - - name: LDAP_ORGANISATION - value: {{ .Values.homey.organization }} - - name: LDAP_DOMAIN - value: {{ .Values.homey.url | quote}} - - name: LDAP_ADMIN_USERNAME - value: "admin" - - name: LDAP_READONLY_USER - value: "true" - - name: LDAP_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: openldap-admin - - name: LDAP_CONFIG_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: openldap-config - - name: LDAP_READONLY_USER_PASSWORD - valueFrom: - secretKeyRef: - key: password - name: openldap-ro - ports: - - name: tcp-ldap - containerPort: 389 - - name: ssl-ldap - containerPort: 636 - volumeMounts: - - mountPath: /etc/ldap/slapd.d - subPath: backup/openldap/etc/ldap/slapd.d - name: openldap-volume - - mountPath: /var/lib/ldap - subPath: backup/openldap/var/lib/ldap - name: openldap-volume - volumes: - - name: openldap-volume - persistentVolumeClaim: - claimName: homey-pvc-nfs ---- -apiVersion: v1 -kind: Service -metadata: - name: openldap - labels: - app.kubernetes.io/name: openldap -spec: - type: ClusterIP - ports: - - name: tcp-ldap - port: 389 - targetPort: tcp-ldap - - name: ssl-ldap - port: 636 - targetPort: ssl-ldap - selector: - app.kubernetes.io/name: openldap ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ldap-auth - labels: - app: ldap-auth -spec: - replicas: 1 - selector: - matchLabels: - app: ldap-auth - template: - metadata: - labels: - app: ldap-auth - name: ldap-auth - spec: - containers: - - name: ldap-auth - image: dignajar/another-ldap-auth:latest - imagePullPolicy: Always - env: - - name: LDAP_ENDPOINT - value: "ldap://openldap:389" - - name: LDAP_MANAGER_DN_USERNAME - value: "cn=readonly,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}" - - name: LDAP_MANAGER_PASSWORD - valueFrom: - secretKeyRef: - name: openldap-ro - key: password - - name: LDAP_SEARCH_BASE - value: "ou=users,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}" - - name: LDAP_SEARCH_FILTER - value: "(objectClass=inetOrgPerson)" - - name: LDAP_BIND_DN - value: "uid={username},ou=users,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}" ---- -apiVersion: v1 -kind: Service -metadata: - name: ldap-auth -spec: - selector: - app: ldap-auth - ports: - - port: 80 - targetPort: 9000 - name: ldap-auth-port ---- -#_PHPADMIN________ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: phpldapadmin - labels: - app: phpldapadmin -spec: - replicas: 1 - selector: - matchLabels: - app: phpldapadmin - template: - metadata: - labels: - app: phpldapadmin - spec: - containers: - - env: - - name: PHPLDAPADMIN_HTTPS - value: "false" - - name: PHPLDAPADMIN_LDAP_HOSTS - value: ldap://openldap:389 - image: osixia/phpldapadmin:0.7.1 - name: phpldapadmin - ports: - - containerPort: 80 - restartPolicy: Always ---- -apiVersion: v1 -kind: Service -metadata: - name: phpldapadmin -spec: - ports: - - port: 80 - targetPort: 80 - selector: - app: phpldapadmin ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: phpldapadmin -spec: - tls: - - hosts: - - phpldapadmin.{{ .Values.homey.url }} - rules: - - host: phpldapadmin.{{ .Values.homey.url }} - http: - paths: - - backend: - serviceName: phpldapadmin - servicePort: 80 -#_GIT___ ---- -apiVersion: v1 -kind: Secret -metadata: - name: gitea-postgres-pass - annotations: - secret-generator.v1.mittwald.de/autogenerate: password ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: gitea-postgres-config - labels: - app: gitea-postgres -data: - POSTGRES_DB: gitea - POSTGRES_USER: gitea ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: gitea-postgres - labels: - app: gitea-postgres -spec: - replicas: 1 - selector: - matchLabels: - app: gitea-postgres - template: - metadata: - labels: - app: gitea-postgres - name: gitea-postgres - spec: - containers: - - name: gitea-postgres - image: postgres:10.4 - imagePullPolicy: "IfNotPresent" - ports: - - containerPort: 5432 - envFrom: - - configMapRef: - name: gitea-postgres-config - env: - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: gitea-postgres-pass - key: password - volumeMounts: - - mountPath: /var/lib/postgresql/data - subPath: backup/gitea/db - name: gitea-postgredb - volumes: - - name: gitea-postgredb - persistentVolumeClaim: - claimName: homey-pvc-nfs ---- -apiVersion: v1 -kind: Service -metadata: - name: gitea-postgres-service - labels: - app: gitea-postgres -spec: - ports: - - port: 5432 - selector: - app: gitea-postgres ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: gitea -spec: - replicas: 1 - selector: - matchLabels: - app: gitea - template: - metadata: - labels: - app: gitea - spec: - containers: - - name: gitea - image: gitea/gitea - ports: - - containerPort: 22 - name: ssh - - containerPort: 3000 - name: http - env: - - name: GITEA_database_DB_TYPE - value: "postgres" - - name: GITEA_database_HOST - value: "gitea-postgres-service:5432" - - name: GITEA_database_NAME - value: "gitea" - - name: GITEA_database_USER - value: "gitea" - - name: GITEA_database_PASSWD - valueFrom: - secretKeyRef: - name: gitea-postgres-pass - key: password - volumeMounts: - - name: gitea-persistent-storage - mountPath: /data - subPath: backup/gitea/gitea/data - volumes: - - name: gitea-persistent-storage - persistentVolumeClaim: - claimName: homey-pvc-nfs ---- -apiVersion: v1 -kind: Service -metadata: - name: gitea-svc -spec: - type: NodePort - selector: - app: gitea - ports: - - name: ssh - protocol: TCP - port: 2222 - targetPort: ssh - - name: http - protocol: TCP - port: 3000 - targetPort: 3000 - selector: - app: gitea ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: gitea-ingress -spec: - rules: - - host: git.{{ .Values.homey.url }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: gitea-svc - port: - number: 3000 ---- diff --git a/templates/ldap-auth.yaml b/templates/ldap-auth.yaml new file mode 100644 index 0000000..12d7d72 --- /dev/null +++ b/templates/ldap-auth.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ldap-auth + labels: + app: ldap-auth +spec: + replicas: 1 + selector: + matchLabels: + app: ldap-auth + template: + metadata: + labels: + app: ldap-auth + name: ldap-auth + spec: + containers: + - name: ldap-auth + image: dignajar/another-ldap-auth:latest + imagePullPolicy: Always + env: + - name: LDAP_ENDPOINT + value: "ldap://openldap:389" + - name: LDAP_MANAGER_DN_USERNAME + value: "cn=readonly,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}" + - name: LDAP_MANAGER_PASSWORD + valueFrom: + secretKeyRef: + name: openldap-ro + key: password + - name: LDAP_SEARCH_BASE + value: "ou=users,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}" + - name: LDAP_SEARCH_FILTER + value: "(objectClass=inetOrgPerson)" + - name: LDAP_BIND_DN + value: "uid={username},ou=users,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}" +--- +apiVersion: v1 +kind: Service +metadata: + name: ldap-auth +spec: + selector: + app: ldap-auth + ports: + - port: 80 + targetPort: 9000 + name: ldap-auth-port diff --git a/templates/ldap.yaml b/templates/ldap.yaml new file mode 100644 index 0000000..272fe57 --- /dev/null +++ b/templates/ldap.yaml @@ -0,0 +1,102 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: openldap-admin + annotations: + secret-generator.v1.mittwald.de/autogenerate: password +--- +apiVersion: v1 +kind: Secret +metadata: + name: openldap-config + annotations: + secret-generator.v1.mittwald.de/autogenerate: password +--- +apiVersion: v1 +kind: Secret +metadata: + name: openldap-ro + annotations: + secret-generator.v1.mittwald.de/autogenerate: password +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: openldap + labels: + app.kubernetes.io/name: openldap +spec: + selector: + matchLabels: + app.kubernetes.io/name: openldap + replicas: 1 + template: + metadata: + labels: + app.kubernetes.io/name: openldap + spec: + # securityContext: + # fsGroup: 0 + containers: + - name: openldap + image: osixia/openldap + imagePullPolicy: "Always" + env: + - name: LDAP_ORGANISATION + value: {{ .Values.homey.organization }} + - name: LDAP_DOMAIN + value: {{ .Values.homey.url | quote}} + - name: LDAP_ADMIN_USERNAME + value: "admin" + - name: LDAP_READONLY_USER + value: "true" + - name: LDAP_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: openldap-admin + - name: LDAP_CONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: openldap-config + - name: LDAP_READONLY_USER_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: openldap-ro + ports: + - name: tcp-ldap + containerPort: 389 + - name: ssl-ldap + containerPort: 636 + volumeMounts: + - mountPath: /etc/ldap/slapd.d + subPath: backup/openldap/etc/ldap/slapd.d + name: openldap-volume + - mountPath: /var/lib/ldap + subPath: backup/openldap/var/lib/ldap + name: openldap-volume + volumes: + - name: openldap-volume + persistentVolumeClaim: + claimName: homey-pvc-nfs +--- +apiVersion: v1 +kind: Service +metadata: + name: openldap + labels: + app.kubernetes.io/name: openldap +spec: + type: ClusterIP + ports: + - name: tcp-ldap + port: 389 + targetPort: tcp-ldap + - name: ssl-ldap + port: 636 + targetPort: ssl-ldap + selector: + app.kubernetes.io/name: openldap diff --git a/templates/phpldapadmin.yaml b/templates/phpldapadmin.yaml new file mode 100644 index 0000000..ce6073d --- /dev/null +++ b/templates/phpldapadmin.yaml @@ -0,0 +1,56 @@ +--- +#_PHPADMIN________ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phpldapadmin + labels: + app: phpldapadmin +spec: + replicas: 1 + selector: + matchLabels: + app: phpldapadmin + template: + metadata: + labels: + app: phpldapadmin + spec: + containers: + - env: + - name: PHPLDAPADMIN_HTTPS + value: "false" + - name: PHPLDAPADMIN_LDAP_HOSTS + value: ldap://openldap:389 + image: osixia/phpldapadmin:0.7.1 + name: phpldapadmin + ports: + - containerPort: 80 + restartPolicy: Always +--- +apiVersion: v1 +kind: Service +metadata: + name: phpldapadmin +spec: + ports: + - port: 80 + targetPort: 80 + selector: + app: phpldapadmin +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: phpldapadmin +spec: + tls: + - hosts: + - phpldapadmin.{{ .Values.homey.url }} + rules: + - host: phpldapadmin.{{ .Values.homey.url }} + http: + paths: + - backend: + serviceName: phpldapadmin + servicePort: 80 diff --git a/templates/storage.yaml b/templates/storage.yaml new file mode 100644 index 0000000..4260994 --- /dev/null +++ b/templates/storage.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: homey-pv-nfs + labels: + isbackup: "true" +spec: + capacity: + storage: {{ .Values.homey.storage.backupStorageCapacity }} + storageClassName: standard + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Recycle + nfs: + path: / + server: {{ .Values.homey.storage.ip }} + readOnly: false +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: homey-pvc-nfs +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.homey.storage.storageCapacity }} + storageClassName: standard