From ea53f54ea666adc2cf588139731ad9f9209f3f69 Mon Sep 17 00:00:00 2001 From: Aner Zakobar Date: Tue, 7 Sep 2021 22:36:43 +0300 Subject: [PATCH] Initial commit --- Chart.yaml | 15 +++ templates/homey.yaml | 226 +++++++++++++++++++++++++++++++++++++++++++ values.yaml | 89 +++++++++++++++++ 3 files changed, 330 insertions(+) create mode 100644 Chart.yaml create mode 100644 templates/homey.yaml create mode 100644 values.yaml diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..e7a9eca --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +name: homey +description: Deploy a fancy home environment! +type: application +version: 0.1.0 +appVersion: "1.16.0" + +dependencies: +- name: kubernetes-secret-generator + repository: "https://helm.mittwald.de" + version: ">= 1.0.0" +- name: ingress-nginx + repository: "https://kubernetes.github.io/ingress-nginx" + version: ">= 1.12.0" + diff --git a/templates/homey.yaml b/templates/homey.yaml new file mode 100644 index 0000000..f5426a5 --- /dev/null +++ b/templates/homey.yaml @@ -0,0 +1,226 @@ +#_STORAGE______________ + +apiVersion: v1 +kind: PersistentVolume +metadata: + name: homey-pv-nfs-a + labels: + isbackup: "true" +spec: + capacity: + storage: {{ .Values.homey.homeyStorage.backupStorageCapacity }} + storageClassName: standard + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Recycle + nfs: + path: /homey-backup + server: {{ .Values.homey.homeyStorage.ip }} + readOnly: false +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: homey-pvc-nfs-a +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.homey.homeyStorage.backupStorageCapacity }} + storageClassName: standard + selector: + matchLabels: + isbackup: "true" +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: homey-pv-nfs-b + labels: + isbackup: "false" +spec: + capacity: + storage: {{ .Values.homey.homeyStorage.nobackupStorageCapacity }} + storageClassName: standard + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Recycle + nfs: + path: /homey-nobackup + server: {{ .Values.homey.homeyStorage.ip }} + readOnly: false +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: homey-pvc-nfs-b +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.homey.homeyStorage.nobackupStorageCapacity }} + storageClassName: standard + selector: + matchLabels: + isbackup: "false" +--- +#_LDAP______ +apiVersion: v1 +kind: Secret +metadata: + name: openldap-admin + annotations: + secret-generator.v1.mittwald.de/autogenerate: password +--- +apiVersion: v1 +kind: Secret +metadata: + name: openldap-config + annotations: + secret-generator.v1.mittwald.de/autogenerate: password +--- +apiVersion: v1 +kind: Secret +metadata: + name: openldap-ro + annotations: + secret-generator.v1.mittwald.de/autogenerate: password +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: openldap + labels: + app.kubernetes.io/name: openldap +spec: + selector: + matchLabels: + app.kubernetes.io/name: openldap + replicas: 1 + template: + metadata: + labels: + app.kubernetes.io/name: openldap + spec: + # securityContext: + # fsGroup: 0 + containers: + - name: openldap + image: osixia/openldap + imagePullPolicy: "Always" + env: + - name: LDAP_ORGANISATION + value: {{ .Values.homey.organization }} + - name: LDAP_DOMAIN + value: {{ .Values.homey.url }} + - name: LDAP_ADMIN_USERNAME + value: "admin" + - name: LDAP_READONLY_USER + value: "true" + - name: LDAP_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: openldap-admin + - name: LDAP_CONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: openldap-config + - name: LDAP_READONLY_USER_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: openldap-ro + ports: + - name: tcp-ldap + containerPort: 389 + - name: ssl-ldap + containerPort: 636 + volumeMounts: + - mountPath: /etc/ldap/slapd.d + subPath: openldap/etc/ldap/slapd.d + name: openldap-volume + - mountPath: /var/lib/ldap + subPath: openldap/var/lib/ldap + name: openldap-volume + volumes: + - name: openldap-volume + persistentVolumeClaim: + claimName: homey-pvc-nfs-a +--- +apiVersion: v1 +kind: Service +metadata: + name: openldap + labels: + app.kubernetes.io/name: openldap +spec: + type: ClusterIP + ports: + - name: tcp-ldap + port: 389 + targetPort: tcp-ldap + - name: ssl-ldap + port: 636 + targetPort: ssl-ldap + selector: + app.kubernetes.io/name: openldap +--- +#_PHPADMIN________ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phpldapadmin + labels: + app: phpldapadmin +spec: + replicas: 1 + selector: + matchLabels: + app: phpldapadmin + template: + metadata: + labels: + app: phpldapadmin + spec: + containers: + - env: + - name: PHPLDAPADMIN_HTTPS + value: "false" + - name: PHPLDAPADMIN_LDAP_HOSTS + value: ldap://openldap:389 + image: osixia/phpldapadmin:0.7.1 + name: phpldapadmin + ports: + - containerPort: 80 + restartPolicy: Always +--- +apiVersion: v1 +kind: Service +metadata: + name: phpldapadmin +spec: + ports: + - port: 80 + targetPort: 80 + selector: + app: phpldapadmin +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: phpldapadmin +spec: + tls: + - hosts: + - phpldapadmin.{{ .Values.homey.url }} + rules: + - host: phpldapadmin.{{ .Values.homey.url }} + http: + paths: + - backend: + serviceName: phpldapadmin + servicePort: 80 diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..b5fc726 --- /dev/null +++ b/values.yaml @@ -0,0 +1,89 @@ +replicaCount: 1 + +homeyNamespace: homey + +image: + repository: nginx + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "homey-app" +fullnameOverride: "homey-chart" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "homey" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +homey: + organization: "Zakobar Home Server" + homeyStorage: + ip: "192.168.0.101" + backupStorageCapacity: 30Gi + nobackupStorageCapacity: 400Gi + url: "home.zakobar.io" +