aner/homey
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ca0ce8cdaad8eb0df380a4de4362bde06f4ef95c
homey/templates/homey.yaml
T
Aner Zakobar ca0ce8cdaa Continue
2021-09-08 10:18:11 +03:00

546 lines
11 KiB
YAML
Raw Blame History

#_STORAGE______________
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: homey-pv-nfs-a
labels:
isbackup: "true"
spec:
capacity:
storage: {{ .Values.homey.storage.backupStorageCapacity }}
storageClassName: standard
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Recycle
nfs:
path: /homey-backup
server: {{ .Values.homey.storage.ip }}
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: homey-pvc-nfs-a
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.homey.storage.backupStorageCapacity }}
storageClassName: standard
selector:
matchLabels:
isbackup: "true"
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: homey-pv-nfs-b
labels:
isbackup: "false"
spec:
capacity:
storage: {{ .Values.homey.storage.nobackupStorageCapacity }}
storageClassName: standard
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Recycle
nfs:
path: /homey-nobackup
server: {{ .Values.homey.storage.ip }}
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: homey-pvc-nfs-b
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.homey.storage.nobackupStorageCapacity }}
storageClassName: standard
selector:
matchLabels:
isbackup: "false"
#_DNS_
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bind
labels:
app: bind
spec:
selector:
matchLabels:
app: bind
replicas: 1
template:
metadata:
labels:
app: bind
spec:
containers:
- name: bind
image: cytopia/bind
imagePullPolicy: "Always"
env:
- name: WILDCARD_DNS
value: "{{ .Values.homey.url }}={{ .Values.homey.ip }}"
---
apiVersion: v1
kind: Service
metadata:
name: bind-dns
spec:
selector:
app: bind
ports:
- port: 53
targetPort: 53
protocol: TCP
name: dns-tcp
- port: 53
targetPort: 53
protocol: UDP
name: dns-udp
externalIPs:
- {{ .Values.homey.ip }}
---
#_LDAP______
apiVersion: v1
kind: Secret
metadata:
name: openldap-admin
annotations:
secret-generator.v1.mittwald.de/autogenerate: password
---
apiVersion: v1
kind: Secret
metadata:
name: openldap-config
annotations:
secret-generator.v1.mittwald.de/autogenerate: password
---
apiVersion: v1
kind: Secret
metadata:
name: openldap-ro
annotations:
secret-generator.v1.mittwald.de/autogenerate: password
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: openldap
labels:
app.kubernetes.io/name: openldap
spec:
selector:
matchLabels:
app.kubernetes.io/name: openldap
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: openldap
spec:
# securityContext:
# fsGroup: 0
containers:
- name: openldap
image: osixia/openldap
imagePullPolicy: "Always"
env:
- name: LDAP_ORGANISATION
value: {{ .Values.homey.organization }}
- name: LDAP_DOMAIN
value: {{ .Values.homey.url | quote}}
- name: LDAP_ADMIN_USERNAME
value: "admin"
- name: LDAP_READONLY_USER
value: "true"
- name: LDAP_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: openldap-admin
- name: LDAP_CONFIG_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: openldap-config
- name: LDAP_READONLY_USER_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: openldap-ro
ports:
- name: tcp-ldap
containerPort: 389
- name: ssl-ldap
containerPort: 636
volumeMounts:
- mountPath: /etc/ldap/slapd.d
subPath: openldap/etc/ldap/slapd.d
name: openldap-volume
- mountPath: /var/lib/ldap
subPath: openldap/var/lib/ldap
name: openldap-volume
volumes:
- name: openldap-volume
persistentVolumeClaim:
claimName: homey-pvc-nfs-a
---
apiVersion: v1
kind: Service
metadata:
name: openldap
labels:
app.kubernetes.io/name: openldap
spec:
type: ClusterIP
ports:
- name: tcp-ldap
port: 389
targetPort: tcp-ldap
- name: ssl-ldap
port: 636
targetPort: ssl-ldap
selector:
app.kubernetes.io/name: openldap
#---
# apiVersion: apps/v1
# kind: Deployment
# metadata:
# name: ldap-auth
# namespace: homecenter
# labels:
# app: ldap-auth
# spec:
# replicas: 1
# selector:
# matchLabels:
# app: ldap-auth
# template:
# metadata:
# labels:
# app: ldap-auth
# name: ldap-auth
# spec:
# containers:
# - name: ldap-auth
# image: dignajar/another-ldap-auth:latest
# imagePullPolicy: Always
# env:
# - name: LDAP_ENDPOINT
# value: "ldap://openldap:389"
# - name: LDAP_MANAGER_DN_USERNAME
# value: "cn=readonly,dc=homecenter,dc=zakobar,dc=io"
# - name: LDAP_MANAGER_PASSWORD
# valueFrom:
# secretKeyRef:
# name: openldap-ro-pass
# key: password
# - name: LDAP_SEARCH_BASE
# value: "ou=users,dc=homecenter,dc=zakobar,dc=io"
# - name: LDAP_SEARCH_FILTER
# value: "(objectClass=inetOrgPerson)"
# - name: LDAP_BIND_DN
# value: "uid={username},ou=users,dc=homecenter,dc=zakobar,dc=io"
# ---
# apiVersion: v1
# kind: Service
# metadata:
# name: ldap-auth
# spec:
# selector:
# app: ldap-auth
# ports:
# - port: 80
# targetPort: 9000
# name: ldap-auth-port
---
#_PHPADMIN________
apiVersion: apps/v1
kind: Deployment
metadata:
name: phpldapadmin
labels:
app: phpldapadmin
spec:
replicas: 1
selector:
matchLabels:
app: phpldapadmin
template:
metadata:
labels:
app: phpldapadmin
spec:
containers:
- env:
- name: PHPLDAPADMIN_HTTPS
value: "false"
- name: PHPLDAPADMIN_LDAP_HOSTS
value: ldap://openldap:389
image: osixia/phpldapadmin:0.7.1
name: phpldapadmin
ports:
- containerPort: 80
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: phpldapadmin
spec:
ports:
- port: 80
targetPort: 80
selector:
app: phpldapadmin
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: phpldapadmin
spec:
tls:
- hosts:
- phpldapadmin.{{ .Values.homey.url }}
rules:
- host: phpldapadmin.{{ .Values.homey.url }}
http:
paths:
- backend:
serviceName: phpldapadmin
servicePort: 80
#_GIT___
---
apiVersion: v1
kind: Secret
metadata:
name: gitea-postgres-pass
annotations:
secret-generator.v1.mittwald.de/autogenerate: password
---
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-postgres-config
labels:
app: gitea-postgres
data:
POSTGRES_DB: gitea
POSTGRES_USER: gitea
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea-postgres
labels:
app: gitea-postgres
spec:
replicas: 1
selector:
matchLabels:
app: gitea-postgres
template:
metadata:
labels:
app: gitea-postgres
name: gitea-postgres
spec:
containers:
- name: gitea-postgres
image: postgres:10.4
imagePullPolicy: "IfNotPresent"
ports:
- containerPort: 5432
envFrom:
- configMapRef:
name: gitea-postgres-config
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: gitea-postgres-pass
key: password
volumeMounts:
- mountPath: /var/lib/postgresql/data
subPath: gitea/db
name: gitea-postgredb
volumes:
- name: gitea-postgredb
persistentVolumeClaim:
claimName: homey-pvc-nfs-a
---
apiVersion: v1
kind: Service
metadata:
name: gitea-postgres-service
labels:
app: gitea-postgres
spec:
ports:
- port: 5432
selector:
app: gitea-postgres
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea
spec:
replicas: 1
selector:
matchLabels:
app: gitea
template:
metadata:
labels:
app: gitea
spec:
containers:
- name: gitea
image: gitea/gitea
ports:
- containerPort: 22
name: ssh
- containerPort: 3000
name: http
env:
- name: GITEA_database_DB_TYPE
value: "postgres"
- name: GITEA_database_HOST
value: "gitea-postgres-service:5432"
- name: GITEA_database_NAME
value: "gitea"
- name: GITEA_database_USER
value: "gitea"
- name: GITEA_database_PASSWD
valueFrom:
secretKeyRef:
name: gitea-postgres-pass
key: password
volumeMounts:
- name: gitea-persistent-storage
mountPath: /data
subPath: gitea/gitea/data
volumes:
- name: gitea-persistent-storage
persistentVolumeClaim:
claimName: homey-pvc-nfs-a
---
apiVersion: v1
kind: Service
metadata:
name: gitea-svc
spec:
type: NodePort
selector:
app: gitea
ports:
- name: ssh
protocol: TCP
port: 2222
targetPort: ssh
- name: http
protocol: TCP
port: 3000
targetPort: 3000
selector:
app: gitea
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: gitea-ingress
spec:
rules:
- host: git.{{ .Values.homey.url }}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: gitea-svc
port:
number: 3000
---
apiVersion: v1
kind: Secret
metadata:
name: gitea-postgres-pass
annotations:
secret-generator.v1.mittwald.de/autogenerate: password
---
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-postgres-config
labels:
app: gitea-postgres
data:
POSTGRES_DB: gitea
POSTGRES_USER: gitea
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea-postgres
labels:
app: gitea-postgres
spec:
replicas: 1
selector:
matchLabels:
app: gitea-postgres
template:
metadata:
labels:
app: gitea-postgres
name: gitea-postgres
spec:
containers:
- name: gitea-postgres
image: postgres:10.4
imagePullPolicy: "IfNotPresent"
ports:
- containerPort: 5432
envFrom:
- configMapRef:
name: gitea-postgres-config
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: gitea-postgres-pass
key: password
volumeMounts:
- mountPath: /var/lib/postgresql/data
subPath: gitea/db
name: gitea-postgredb
volumes:
- name: gitea-postgredb
persistentVolumeClaim:
claimName: homey-pvc-nfs-a
---
apiVersion: v1
kind: Service
metadata:
name: gitea-postgres-service
labels:
app: gitea-postgres
spec:
ports:
- port: 5432
selector:
app: gitea-postgres
Reference in New Issue View Git Blame Copy Permalink