aner/homey
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7f3f081fe6f0cf4363e389a65afafb850f139521
homey/templates/homey.yaml
T

440 lines
9.1 KiB
YAML
Raw Blame History

#_STORAGE______________
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: homey-pv-nfs
labels:
isbackup: "true"
spec:
capacity:
storage: {{ .Values.homey.storage.backupStorageCapacity }}
storageClassName: standard
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Recycle
nfs:
path: /
server: {{ .Values.homey.storage.ip }}
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: homey-pvc-nfs
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.homey.storage.storageCapacity }}
storageClassName: standard
---
#_DNS_
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bind
labels:
app: bind
spec:
selector:
matchLabels:
app: bind
replicas: 1
template:
metadata:
labels:
app: bind
spec:
containers:
- name: bind
image: cytopia/bind
imagePullPolicy: "Always"
env:
- name: WILDCARD_DNS
value: "{{ .Values.homey.url }}={{ .Values.homey.ip }}"
---
apiVersion: v1
kind: Service
metadata:
name: bind-dns
spec:
selector:
app: bind
ports:
- port: 53
targetPort: 53
protocol: TCP
name: dns-tcp
- port: 53
targetPort: 53
protocol: UDP
name: dns-udp
externalIPs:
- {{ .Values.homey.ip }}
---
#_LDAP______
apiVersion: v1
kind: Secret
metadata:
name: openldap-admin
annotations:
secret-generator.v1.mittwald.de/autogenerate: password
---
apiVersion: v1
kind: Secret
metadata:
name: openldap-config
annotations:
secret-generator.v1.mittwald.de/autogenerate: password
---
apiVersion: v1
kind: Secret
metadata:
name: openldap-ro
annotations:
secret-generator.v1.mittwald.de/autogenerate: password
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: openldap
labels:
app.kubernetes.io/name: openldap
spec:
selector:
matchLabels:
app.kubernetes.io/name: openldap
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: openldap
spec:
# securityContext:
# fsGroup: 0
containers:
- name: openldap
image: osixia/openldap
imagePullPolicy: "Always"
env:
- name: LDAP_ORGANISATION
value: {{ .Values.homey.organization }}
- name: LDAP_DOMAIN
value: {{ .Values.homey.url | quote}}
- name: LDAP_ADMIN_USERNAME
value: "admin"
- name: LDAP_READONLY_USER
value: "true"
- name: LDAP_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: openldap-admin
- name: LDAP_CONFIG_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: openldap-config
- name: LDAP_READONLY_USER_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: openldap-ro
ports:
- name: tcp-ldap
containerPort: 389
- name: ssl-ldap
containerPort: 636
volumeMounts:
- mountPath: /etc/ldap/slapd.d
subPath: backup/openldap/etc/ldap/slapd.d
name: openldap-volume
- mountPath: /var/lib/ldap
subPath: backup/openldap/var/lib/ldap
name: openldap-volume
volumes:
- name: openldap-volume
persistentVolumeClaim:
claimName: homey-pvc-nfs
---
apiVersion: v1
kind: Service
metadata:
name: openldap
labels:
app.kubernetes.io/name: openldap
spec:
type: ClusterIP
ports:
- name: tcp-ldap
port: 389
targetPort: tcp-ldap
- name: ssl-ldap
port: 636
targetPort: ssl-ldap
selector:
app.kubernetes.io/name: openldap
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ldap-auth
labels:
app: ldap-auth
spec:
replicas: 1
selector:
matchLabels:
app: ldap-auth
template:
metadata:
labels:
app: ldap-auth
name: ldap-auth
spec:
containers:
- name: ldap-auth
image: dignajar/another-ldap-auth:latest
imagePullPolicy: Always
env:
- name: LDAP_ENDPOINT
value: "ldap://openldap:389"
- name: LDAP_MANAGER_DN_USERNAME
value: "cn=readonly,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}"
- name: LDAP_MANAGER_PASSWORD
valueFrom:
secretKeyRef:
name: openldap-ro
key: password
- name: LDAP_SEARCH_BASE
value: "ou=users,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}"
- name: LDAP_SEARCH_FILTER
value: "(objectClass=inetOrgPerson)"
- name: LDAP_BIND_DN
value: "uid={username},ou=users,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}"
---
apiVersion: v1
kind: Service
metadata:
name: ldap-auth
spec:
selector:
app: ldap-auth
ports:
- port: 80
targetPort: 9000
name: ldap-auth-port
---
#_PHPADMIN________
apiVersion: apps/v1
kind: Deployment
metadata:
name: phpldapadmin
labels:
app: phpldapadmin
spec:
replicas: 1
selector:
matchLabels:
app: phpldapadmin
template:
metadata:
labels:
app: phpldapadmin
spec:
containers:
- env:
- name: PHPLDAPADMIN_HTTPS
value: "false"
- name: PHPLDAPADMIN_LDAP_HOSTS
value: ldap://openldap:389
image: osixia/phpldapadmin:0.7.1
name: phpldapadmin
ports:
- containerPort: 80
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: phpldapadmin
spec:
ports:
- port: 80
targetPort: 80
selector:
app: phpldapadmin
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: phpldapadmin
spec:
tls:
- hosts:
- phpldapadmin.{{ .Values.homey.url }}
rules:
- host: phpldapadmin.{{ .Values.homey.url }}
http:
paths:
- backend:
serviceName: phpldapadmin
servicePort: 80
#_GIT___
---
apiVersion: v1
kind: Secret
metadata:
name: gitea-postgres-pass
annotations:
secret-generator.v1.mittwald.de/autogenerate: password
---
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-postgres-config
labels:
app: gitea-postgres
data:
POSTGRES_DB: gitea
POSTGRES_USER: gitea
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea-postgres
labels:
app: gitea-postgres
spec:
replicas: 1
selector:
matchLabels:
app: gitea-postgres
template:
metadata:
labels:
app: gitea-postgres
name: gitea-postgres
spec:
containers:
- name: gitea-postgres
image: postgres:10.4
imagePullPolicy: "IfNotPresent"
ports:
- containerPort: 5432
envFrom:
- configMapRef:
name: gitea-postgres-config
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: gitea-postgres-pass
key: password
volumeMounts:
- mountPath: /var/lib/postgresql/data
subPath: backup/gitea/db
name: gitea-postgredb
volumes:
- name: gitea-postgredb
persistentVolumeClaim:
claimName: homey-pvc-nfs
---
apiVersion: v1
kind: Service
metadata:
name: gitea-postgres-service
labels:
app: gitea-postgres
spec:
ports:
- port: 5432
selector:
app: gitea-postgres
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea
spec:
replicas: 1
selector:
matchLabels:
app: gitea
template:
metadata:
labels:
app: gitea
spec:
containers:
- name: gitea
image: gitea/gitea
ports:
- containerPort: 22
name: ssh
- containerPort: 3000
name: http
env:
- name: GITEA_database_DB_TYPE
value: "postgres"
- name: GITEA_database_HOST
value: "gitea-postgres-service:5432"
- name: GITEA_database_NAME
value: "gitea"
- name: GITEA_database_USER
value: "gitea"
- name: GITEA_database_PASSWD
valueFrom:
secretKeyRef:
name: gitea-postgres-pass
key: password
volumeMounts:
- name: gitea-persistent-storage
mountPath: /data
subPath: backup/gitea/gitea/data
volumes:
- name: gitea-persistent-storage
persistentVolumeClaim:
claimName: homey-pvc-nfs
---
apiVersion: v1
kind: Service
metadata:
name: gitea-svc
spec:
type: NodePort
selector:
app: gitea
ports:
- name: ssh
protocol: TCP
port: 2222
targetPort: ssh
- name: http
protocol: TCP
port: 3000
targetPort: 3000
selector:
app: gitea
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gitea-ingress
spec:
rules:
- host: git.{{ .Values.homey.url }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: gitea-svc
port:
number: 3000
---
Reference in New Issue View Git Blame Copy Permalink