#_STORAGE______________ --- apiVersion: v1 kind: PersistentVolume metadata: name: homey-pv-nfs-a labels: isbackup: "true" spec: capacity: storage: {{ .Values.homey.storage.backupStorageCapacity }} storageClassName: standard accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Recycle nfs: path: /homey-backup server: {{ .Values.homey.storage.ip }} readOnly: false --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: homey-pvc-nfs-a spec: accessModes: - ReadWriteMany resources: requests: storage: {{ .Values.homey.storage.backupStorageCapacity }} storageClassName: standard selector: matchLabels: isbackup: "true" --- apiVersion: v1 kind: PersistentVolume metadata: name: homey-pv-nfs-b labels: isbackup: "false" spec: capacity: storage: {{ .Values.homey.storage.nobackupStorageCapacity }} storageClassName: standard accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Recycle nfs: path: /homey-nobackup server: {{ .Values.homey.storage.ip }} readOnly: false --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: homey-pvc-nfs-b spec: accessModes: - ReadWriteMany resources: requests: storage: {{ .Values.homey.storage.nobackupStorageCapacity }} storageClassName: standard selector: matchLabels: isbackup: "false" #_DNS_ --- apiVersion: apps/v1 kind: Deployment metadata: name: bind labels: app: bind spec: selector: matchLabels: app: bind replicas: 1 template: metadata: labels: app: bind spec: containers: - name: bind image: cytopia/bind imagePullPolicy: "Always" env: - name: WILDCARD_DNS value: "{{ .Values.homey.url }}={{ .Values.homey.ip }}" --- apiVersion: v1 kind: Service metadata: name: bind-dns spec: selector: app: bind ports: - port: 53 targetPort: 53 protocol: TCP name: dns-tcp - port: 53 targetPort: 53 protocol: UDP name: dns-udp externalIPs: - {{ .Values.homey.ip }} --- #_LDAP______ apiVersion: v1 kind: Secret metadata: name: openldap-admin annotations: secret-generator.v1.mittwald.de/autogenerate: password --- apiVersion: v1 kind: Secret metadata: name: openldap-config annotations: secret-generator.v1.mittwald.de/autogenerate: password --- apiVersion: v1 kind: Secret metadata: name: openldap-ro annotations: secret-generator.v1.mittwald.de/autogenerate: password --- apiVersion: apps/v1 kind: Deployment metadata: name: openldap labels: app.kubernetes.io/name: openldap spec: selector: matchLabels: app.kubernetes.io/name: openldap replicas: 1 template: metadata: labels: app.kubernetes.io/name: openldap spec: # securityContext: # fsGroup: 0 containers: - name: openldap image: osixia/openldap imagePullPolicy: "Always" env: - name: LDAP_ORGANISATION value: {{ .Values.homey.organization }} - name: LDAP_DOMAIN value: {{ .Values.homey.url | quote}} - name: LDAP_ADMIN_USERNAME value: "admin" - name: LDAP_READONLY_USER value: "true" - name: LDAP_ADMIN_PASSWORD valueFrom: secretKeyRef: key: password name: openldap-admin - name: LDAP_CONFIG_PASSWORD valueFrom: secretKeyRef: key: password name: openldap-config - name: LDAP_READONLY_USER_PASSWORD valueFrom: secretKeyRef: key: password name: openldap-ro ports: - name: tcp-ldap containerPort: 389 - name: ssl-ldap containerPort: 636 volumeMounts: - mountPath: /etc/ldap/slapd.d subPath: openldap/etc/ldap/slapd.d name: openldap-volume - mountPath: /var/lib/ldap subPath: openldap/var/lib/ldap name: openldap-volume volumes: - name: openldap-volume persistentVolumeClaim: claimName: homey-pvc-nfs-a --- apiVersion: v1 kind: Service metadata: name: openldap labels: app.kubernetes.io/name: openldap spec: type: ClusterIP ports: - name: tcp-ldap port: 389 targetPort: tcp-ldap - name: ssl-ldap port: 636 targetPort: ssl-ldap selector: app.kubernetes.io/name: openldap #--- # apiVersion: apps/v1 # kind: Deployment # metadata: # name: ldap-auth # namespace: homecenter # labels: # app: ldap-auth # spec: # replicas: 1 # selector: # matchLabels: # app: ldap-auth # template: # metadata: # labels: # app: ldap-auth # name: ldap-auth # spec: # containers: # - name: ldap-auth # image: dignajar/another-ldap-auth:latest # imagePullPolicy: Always # env: # - name: LDAP_ENDPOINT # value: "ldap://openldap:389" # - name: LDAP_MANAGER_DN_USERNAME # value: "cn=readonly,dc=homecenter,dc=zakobar,dc=io" # - name: LDAP_MANAGER_PASSWORD # valueFrom: # secretKeyRef: # name: openldap-ro-pass # key: password # - name: LDAP_SEARCH_BASE # value: "ou=users,dc=homecenter,dc=zakobar,dc=io" # - name: LDAP_SEARCH_FILTER # value: "(objectClass=inetOrgPerson)" # - name: LDAP_BIND_DN # value: "uid={username},ou=users,dc=homecenter,dc=zakobar,dc=io" # --- # apiVersion: v1 # kind: Service # metadata: # name: ldap-auth # spec: # selector: # app: ldap-auth # ports: # - port: 80 # targetPort: 9000 # name: ldap-auth-port --- #_PHPADMIN________ apiVersion: apps/v1 kind: Deployment metadata: name: phpldapadmin labels: app: phpldapadmin spec: replicas: 1 selector: matchLabels: app: phpldapadmin template: metadata: labels: app: phpldapadmin spec: containers: - env: - name: PHPLDAPADMIN_HTTPS value: "false" - name: PHPLDAPADMIN_LDAP_HOSTS value: ldap://openldap:389 image: osixia/phpldapadmin:0.7.1 name: phpldapadmin ports: - containerPort: 80 restartPolicy: Always --- apiVersion: v1 kind: Service metadata: name: phpldapadmin spec: ports: - port: 80 targetPort: 80 selector: app: phpldapadmin --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: phpldapadmin spec: tls: - hosts: - phpldapadmin.{{ .Values.homey.url }} rules: - host: phpldapadmin.{{ .Values.homey.url }} http: paths: - backend: serviceName: phpldapadmin servicePort: 80 #_GIT___ --- apiVersion: v1 kind: Secret metadata: name: gitea-postgres-pass annotations: secret-generator.v1.mittwald.de/autogenerate: password --- apiVersion: v1 kind: ConfigMap metadata: name: gitea-postgres-config labels: app: gitea-postgres data: POSTGRES_DB: gitea POSTGRES_USER: gitea --- apiVersion: apps/v1 kind: Deployment metadata: name: gitea-postgres labels: app: gitea-postgres spec: replicas: 1 selector: matchLabels: app: gitea-postgres template: metadata: labels: app: gitea-postgres name: gitea-postgres spec: containers: - name: gitea-postgres image: postgres:10.4 imagePullPolicy: "IfNotPresent" ports: - containerPort: 5432 envFrom: - configMapRef: name: gitea-postgres-config env: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: gitea-postgres-pass key: password volumeMounts: - mountPath: /var/lib/postgresql/data subPath: gitea/db name: gitea-postgredb volumes: - name: gitea-postgredb persistentVolumeClaim: claimName: homey-pvc-nfs-a --- apiVersion: v1 kind: Service metadata: name: gitea-postgres-service labels: app: gitea-postgres spec: ports: - port: 5432 selector: app: gitea-postgres --- apiVersion: apps/v1 kind: Deployment metadata: name: gitea spec: replicas: 1 selector: matchLabels: app: gitea template: metadata: labels: app: gitea spec: containers: - name: gitea image: gitea/gitea ports: - containerPort: 22 name: ssh - containerPort: 3000 name: http env: - name: GITEA_database_DB_TYPE value: "postgres" - name: GITEA_database_HOST value: "gitea-postgres-service:5432" - name: GITEA_database_NAME value: "gitea" - name: GITEA_database_USER value: "gitea" - name: GITEA_database_PASSWD valueFrom: secretKeyRef: name: gitea-postgres-pass key: password volumeMounts: - name: gitea-persistent-storage mountPath: /data subPath: gitea/gitea/data volumes: - name: gitea-persistent-storage persistentVolumeClaim: claimName: homey-pvc-nfs-a --- apiVersion: v1 kind: Service metadata: name: gitea-svc spec: type: NodePort selector: app: gitea ports: - name: ssh protocol: TCP port: 2222 targetPort: ssh - name: http protocol: TCP port: 3000 targetPort: 3000 selector: app: gitea --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: gitea-ingress spec: rules: - host: git.{{ .Values.homey.url }} http: paths: - path: / pathType: Prefix backend: service: name: gitea-svc port: number: 3000 --- apiVersion: v1 kind: Secret metadata: name: gitea-postgres-pass annotations: secret-generator.v1.mittwald.de/autogenerate: password --- apiVersion: v1 kind: ConfigMap metadata: name: gitea-postgres-config labels: app: gitea-postgres data: POSTGRES_DB: gitea POSTGRES_USER: gitea --- apiVersion: apps/v1 kind: Deployment metadata: name: gitea-postgres labels: app: gitea-postgres spec: replicas: 1 selector: matchLabels: app: gitea-postgres template: metadata: labels: app: gitea-postgres name: gitea-postgres spec: containers: - name: gitea-postgres image: postgres:10.4 imagePullPolicy: "IfNotPresent" ports: - containerPort: 5432 envFrom: - configMapRef: name: gitea-postgres-config env: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: gitea-postgres-pass key: password volumeMounts: - mountPath: /var/lib/postgresql/data subPath: gitea/db name: gitea-postgredb volumes: - name: gitea-postgredb persistentVolumeClaim: claimName: homey-pvc-nfs-a --- apiVersion: v1 kind: Service metadata: name: gitea-postgres-service labels: app: gitea-postgres spec: ports: - port: 5432 selector: app: gitea-postgres