From 87ea6d4ba17812fb7a72203e222dfde345f48f24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franciszek=20=C5=81opusza=C5=84ski?= Date: Wed, 7 Jan 2026 23:41:08 +0100 Subject: [PATCH] Setup linting --- .gitignore | 1 + .pre-commit-config.yaml | 23 ++++++++++ .prettierrc | 6 +++ .yamllint.yaml | 12 +++++ kubernetes/apps/gitea/deployment.yaml | 31 +++++++++++++ kubernetes/apps/gitea/ingress.yaml | 29 ++++++++++++ kubernetes/apps/gitea/kustomization.yaml | 10 +++++ kubernetes/apps/gitea/namespace.yaml | 4 ++ kubernetes/apps/gitea/pvc.yaml | 12 +++++ kubernetes/apps/gitea/service.yaml | 15 +++++++ kubernetes/apps/kustomization.yaml | 8 ++++ kubernetes/apps/nginx-test/deployment.yaml | 20 +++++++++ kubernetes/apps/nginx-test/ingress.yaml | 30 +++++++++++++ kubernetes/apps/nginx-test/kustomization.yaml | 9 ++++ kubernetes/apps/nginx-test/namespace.yaml | 4 ++ kubernetes/apps/nginx-test/service.yaml | 13 ++++++ kubernetes/apps/uptime-kuma/deployment.yaml | 35 +++++++++++++++ kubernetes/apps/uptime-kuma/ingress.yaml | 30 +++++++++++++ .../apps/uptime-kuma/kustomization.yaml | 10 +++++ kubernetes/apps/uptime-kuma/namespace.yaml | 4 ++ kubernetes/apps/uptime-kuma/pvc.yaml | 12 +++++ kubernetes/apps/uptime-kuma/service.yaml | 11 +++++ kubernetes/apps/whoami/deployment.yaml | 20 +++++++++ kubernetes/apps/whoami/ingress.yaml | 29 ++++++++++++ kubernetes/apps/whoami/kustomization.yaml | 9 ++++ kubernetes/apps/whoami/namespace.yaml | 4 ++ kubernetes/apps/whoami/service.yaml | 12 +++++ kubernetes/base/cert-manager/cert-issuer.yaml | 41 +++++++++++++++++ .../base/cert-manager/kustomization.yaml | 7 +++ kubernetes/base/kustomization.yaml | 6 +++ kubernetes/base/longhorn-system/ingress.yaml | 29 ++++++++++++ .../base/longhorn-system/kustomization.yaml | 17 +++++++ .../base/longhorn-system/namespace.yaml | 4 ++ .../base/longhorn-system/storageclass.yaml | 15 +++++++ kubernetes/base/traefik/ingress.yaml | 27 ++++++++++++ kubernetes/base/traefik/kustomization.yaml | 7 +++ kubernetes/base/traefik/traefik-config.yaml | 44 +++++++++++++++++++ .../base/traefik/traefik-dashboard.yaml | 18 ++++++++ kubernetes/base/traefik/traefik-redirect.yaml | 8 ++++ 39 files changed, 626 insertions(+) create mode 100644 .gitignore create mode 100644 .pre-commit-config.yaml create mode 100644 .prettierrc create mode 100644 .yamllint.yaml create mode 100644 kubernetes/apps/gitea/deployment.yaml create mode 100644 kubernetes/apps/gitea/ingress.yaml create mode 100644 kubernetes/apps/gitea/kustomization.yaml create mode 100644 kubernetes/apps/gitea/namespace.yaml create mode 100644 kubernetes/apps/gitea/pvc.yaml create mode 100644 kubernetes/apps/gitea/service.yaml create mode 100644 kubernetes/apps/kustomization.yaml create mode 100644 kubernetes/apps/nginx-test/deployment.yaml create mode 100644 kubernetes/apps/nginx-test/ingress.yaml create mode 100644 kubernetes/apps/nginx-test/kustomization.yaml create mode 100644 kubernetes/apps/nginx-test/namespace.yaml create mode 100644 kubernetes/apps/nginx-test/service.yaml create mode 100644 kubernetes/apps/uptime-kuma/deployment.yaml create mode 100644 kubernetes/apps/uptime-kuma/ingress.yaml create mode 100644 kubernetes/apps/uptime-kuma/kustomization.yaml create mode 100644 kubernetes/apps/uptime-kuma/namespace.yaml create mode 100644 kubernetes/apps/uptime-kuma/pvc.yaml create mode 100644 kubernetes/apps/uptime-kuma/service.yaml create mode 100644 kubernetes/apps/whoami/deployment.yaml create mode 100644 kubernetes/apps/whoami/ingress.yaml create mode 100644 kubernetes/apps/whoami/kustomization.yaml create mode 100644 kubernetes/apps/whoami/namespace.yaml create mode 100644 kubernetes/apps/whoami/service.yaml create mode 100644 kubernetes/base/cert-manager/cert-issuer.yaml create mode 100644 kubernetes/base/cert-manager/kustomization.yaml create mode 100644 kubernetes/base/kustomization.yaml create mode 100644 kubernetes/base/longhorn-system/ingress.yaml create mode 100644 kubernetes/base/longhorn-system/kustomization.yaml create mode 100644 kubernetes/base/longhorn-system/namespace.yaml create mode 100644 kubernetes/base/longhorn-system/storageclass.yaml create mode 100644 kubernetes/base/traefik/ingress.yaml create mode 100644 kubernetes/base/traefik/kustomization.yaml create mode 100644 kubernetes/base/traefik/traefik-config.yaml create mode 100644 kubernetes/base/traefik/traefik-dashboard.yaml create mode 100644 kubernetes/base/traefik/traefik-redirect.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3c3629e --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +node_modules diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..a7aa7a9 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,23 @@ +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v6.0.0 + hooks: + - id: trailing-whitespace + - id: end-of-file-fixer + - id: check-yaml + args: [--allow-multiple-documents] # Required for K8s multi-resource files + - id: check-added-large-files + - repo: https://github.com/adrienverge/yamllint + rev: v1.37.1 + hooks: + - id: yamllint + args: [-c, .yamllint.yaml] + - repo: https://github.com/pre-commit/mirrors-prettier + rev: v4.0.0-alpha.8 + hooks: + - id: prettier + types: [yaml] + - repo: https://github.com/gitleaks/gitleaks + rev: v8.30.0 + hooks: + - id: gitleaks diff --git a/.prettierrc b/.prettierrc new file mode 100644 index 0000000..cb1bafb --- /dev/null +++ b/.prettierrc @@ -0,0 +1,6 @@ +{ + "printWidth": 100, + "tabWidth": 2, + "useTabs": false, + "singleQuote": false +} diff --git a/.yamllint.yaml b/.yamllint.yaml new file mode 100644 index 0000000..15c528f --- /dev/null +++ b/.yamllint.yaml @@ -0,0 +1,12 @@ +extends: default + +rules: + indentation: + spaces: 2 + indent-sequences: true + line-length: + max: 120 + allow-non-breakable-words: true + truthy: + allowed-values: ["true", "false"] # Fixes issues with 'yes/no' in K8s + document-start: disable # Kubernetes YAMLs often omit '---' diff --git a/kubernetes/apps/gitea/deployment.yaml b/kubernetes/apps/gitea/deployment.yaml new file mode 100644 index 0000000..43cefb3 --- /dev/null +++ b/kubernetes/apps/gitea/deployment.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitea + namespace: gitea +spec: + replicas: 1 + selector: + matchLabels: + app: gitea + template: + metadata: + labels: + app: gitea + spec: + containers: + - name: gitea + image: gitea/gitea:latest + imagePullPolicy: Always + ports: + - name: gitea-http + containerPort: 3000 + - name: gitea-ssh + containerPort: 22 + volumeMounts: + - name: gitea-data + mountPath: /data + volumes: + - name: gitea-data + persistentVolumeClaim: + claimName: gitea-pvc diff --git a/kubernetes/apps/gitea/ingress.yaml b/kubernetes/apps/gitea/ingress.yaml new file mode 100644 index 0000000..fb12308 --- /dev/null +++ b/kubernetes/apps/gitea/ingress.yaml @@ -0,0 +1,29 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: gitea-tls + namespace: gitea +spec: + secretName: gitea-tls + issuerRef: + name: letsencrypt-prod + kind: ClusterIssuer + dnsNames: + - gitea.frankoslaw.top +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: gitea-tls-ingress + namespace: gitea +spec: + entryPoints: + - websecure + routes: + - match: Host(`gitea.frankoslaw.top`) + kind: Rule + services: + - name: gitea + port: gitea-http + tls: + secretName: gitea-tls diff --git a/kubernetes/apps/gitea/kustomization.yaml b/kubernetes/apps/gitea/kustomization.yaml new file mode 100644 index 0000000..b054053 --- /dev/null +++ b/kubernetes/apps/gitea/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: gitea + +resources: + - namespace.yaml + - pvc.yaml + - deployment.yaml + - service.yaml + - ingress.yaml diff --git a/kubernetes/apps/gitea/namespace.yaml b/kubernetes/apps/gitea/namespace.yaml new file mode 100644 index 0000000..6c65a38 --- /dev/null +++ b/kubernetes/apps/gitea/namespace.yaml @@ -0,0 +1,4 @@ +kind: Namespace +apiVersion: v1 +metadata: + name: gitea diff --git a/kubernetes/apps/gitea/pvc.yaml b/kubernetes/apps/gitea/pvc.yaml new file mode 100644 index 0000000..93c1939 --- /dev/null +++ b/kubernetes/apps/gitea/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: gitea-pvc + namespace: gitea +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 5Gi diff --git a/kubernetes/apps/gitea/service.yaml b/kubernetes/apps/gitea/service.yaml new file mode 100644 index 0000000..3d7a9a3 --- /dev/null +++ b/kubernetes/apps/gitea/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: gitea + namespace: gitea +spec: + selector: + app: gitea + ports: + - name: gitea-http + port: 3000 + targetPort: 3000 + - name: gitea-ssh + port: 22 + targetPort: 22 diff --git a/kubernetes/apps/kustomization.yaml b/kubernetes/apps/kustomization.yaml new file mode 100644 index 0000000..0d249b1 --- /dev/null +++ b/kubernetes/apps/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - whoami + - nginx-test + - gitea + - uptime-kuma diff --git a/kubernetes/apps/nginx-test/deployment.yaml b/kubernetes/apps/nginx-test/deployment.yaml new file mode 100644 index 0000000..d4fb64a --- /dev/null +++ b/kubernetes/apps/nginx-test/deployment.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-deployment + namespace: nginx-test +spec: + selector: + matchLabels: + app: nginx + replicas: 1 + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx:alpine + ports: + - containerPort: 80 diff --git a/kubernetes/apps/nginx-test/ingress.yaml b/kubernetes/apps/nginx-test/ingress.yaml new file mode 100644 index 0000000..5dd03a3 --- /dev/null +++ b/kubernetes/apps/nginx-test/ingress.yaml @@ -0,0 +1,30 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: nginx-test-tls + namespace: nginx-test +spec: + commonName: nginx-test.frankoslaw.top + secretName: nginx-test-tls + issuerRef: + name: letsencrypt-staging + kind: ClusterIssuer + dnsNames: + - nginx-test.frankoslaw.top +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: nginx-tls-ingress + namespace: nginx-test +spec: + entryPoints: + - websecure + routes: + - match: Host(`nginx-test.frankoslaw.top`) + kind: Rule + services: + - name: nginx-service + port: http + tls: + secretName: nginx-test-tls diff --git a/kubernetes/apps/nginx-test/kustomization.yaml b/kubernetes/apps/nginx-test/kustomization.yaml new file mode 100644 index 0000000..79b1a76 --- /dev/null +++ b/kubernetes/apps/nginx-test/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: nginx-test + +resources: + - namespace.yaml + - deployment.yaml + - service.yaml + - ingress.yaml diff --git a/kubernetes/apps/nginx-test/namespace.yaml b/kubernetes/apps/nginx-test/namespace.yaml new file mode 100644 index 0000000..8c92b88 --- /dev/null +++ b/kubernetes/apps/nginx-test/namespace.yaml @@ -0,0 +1,4 @@ +kind: Namespace +apiVersion: v1 +metadata: + name: nginx-test diff --git a/kubernetes/apps/nginx-test/service.yaml b/kubernetes/apps/nginx-test/service.yaml new file mode 100644 index 0000000..2eb0ae9 --- /dev/null +++ b/kubernetes/apps/nginx-test/service.yaml @@ -0,0 +1,13 @@ +kind: Service +apiVersion: v1 +metadata: + name: nginx-service + namespace: nginx-test +spec: + selector: + app: nginx + ports: + - name: http + protocol: TCP + port: 80 + targetPort: 80 diff --git a/kubernetes/apps/uptime-kuma/deployment.yaml b/kubernetes/apps/uptime-kuma/deployment.yaml new file mode 100644 index 0000000..18ac05f --- /dev/null +++ b/kubernetes/apps/uptime-kuma/deployment.yaml @@ -0,0 +1,35 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: uptime-kuma + namespace: kuma +spec: + replicas: 1 + serviceName: uptime-kuma-service + selector: + matchLabels: + app: uptime-kuma + template: + metadata: + labels: + app: uptime-kuma + spec: + containers: + - name: uptime-kuma + image: louislam/uptime-kuma:1.23.7 + env: + - name: UPTIME_KUMA_PORT + value: "3001" + - name: PORT + value: "3001" + ports: + - name: uptime-kuma + containerPort: 3001 + protocol: TCP + volumeMounts: + - name: kuma-data + mountPath: /app/data + volumes: + - name: kuma-data + persistentVolumeClaim: + claimName: uptime-kuma-pvc diff --git a/kubernetes/apps/uptime-kuma/ingress.yaml b/kubernetes/apps/uptime-kuma/ingress.yaml new file mode 100644 index 0000000..65fe1cc --- /dev/null +++ b/kubernetes/apps/uptime-kuma/ingress.yaml @@ -0,0 +1,30 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: uptime-kuma-tls + namespace: kuma +spec: + secretName: uptime-kuma-tls + issuerRef: + name: letsencrypt-prod + kind: ClusterIssuer + dnsNames: + - uptime.frankoslaw.top +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: uptime-kuma-tls-ingress + namespace: kuma +spec: + entryPoints: + - web + - websecure + routes: + - match: Host(`uptime.frankoslaw.top`) + kind: Rule + services: + - name: uptime-kuma-service + port: uptime-kuma + tls: + secretName: uptime-kuma-tls diff --git a/kubernetes/apps/uptime-kuma/kustomization.yaml b/kubernetes/apps/uptime-kuma/kustomization.yaml new file mode 100644 index 0000000..401d6f1 --- /dev/null +++ b/kubernetes/apps/uptime-kuma/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kuma + +resources: + - namespace.yaml + - pvc.yaml + - deployment.yaml + - service.yaml + - ingress.yaml diff --git a/kubernetes/apps/uptime-kuma/namespace.yaml b/kubernetes/apps/uptime-kuma/namespace.yaml new file mode 100644 index 0000000..29b883e --- /dev/null +++ b/kubernetes/apps/uptime-kuma/namespace.yaml @@ -0,0 +1,4 @@ +kind: Namespace +apiVersion: v1 +metadata: + name: kuma diff --git a/kubernetes/apps/uptime-kuma/pvc.yaml b/kubernetes/apps/uptime-kuma/pvc.yaml new file mode 100644 index 0000000..d5512c5 --- /dev/null +++ b/kubernetes/apps/uptime-kuma/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: uptime-kuma-pvc + namespace: kuma +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 1Gi diff --git a/kubernetes/apps/uptime-kuma/service.yaml b/kubernetes/apps/uptime-kuma/service.yaml new file mode 100644 index 0000000..b88363f --- /dev/null +++ b/kubernetes/apps/uptime-kuma/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: uptime-kuma-service + namespace: kuma +spec: + selector: + app: uptime-kuma + ports: + - name: uptime-kuma + port: 3001 diff --git a/kubernetes/apps/whoami/deployment.yaml b/kubernetes/apps/whoami/deployment.yaml new file mode 100644 index 0000000..bb1633c --- /dev/null +++ b/kubernetes/apps/whoami/deployment.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: whoami + namespace: whoami +spec: + selector: + matchLabels: + app: whoami + replicas: 1 + template: + metadata: + labels: + app: whoami + spec: + containers: + - name: whoami + image: traefik/whoami:v1.9.0 + ports: + - containerPort: 80 diff --git a/kubernetes/apps/whoami/ingress.yaml b/kubernetes/apps/whoami/ingress.yaml new file mode 100644 index 0000000..e4b00c1 --- /dev/null +++ b/kubernetes/apps/whoami/ingress.yaml @@ -0,0 +1,29 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: whoami-tls + namespace: whoami +spec: + secretName: whoami-tls + issuerRef: + name: letsencrypt-staging + kind: ClusterIssuer + dnsNames: + - whoami.frankoslaw.top +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: whoami-tls-ingress + namespace: whoami +spec: + entryPoints: + - websecure + routes: + - match: Host(`whoami.frankoslaw.top`) + kind: Rule + services: + - name: whoami + port: 5678 + tls: + secretName: whoami-tls diff --git a/kubernetes/apps/whoami/kustomization.yaml b/kubernetes/apps/whoami/kustomization.yaml new file mode 100644 index 0000000..8a44b86 --- /dev/null +++ b/kubernetes/apps/whoami/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: whoami + +resources: + - namespace.yaml + - deployment.yaml + - service.yaml + - ingress.yaml diff --git a/kubernetes/apps/whoami/namespace.yaml b/kubernetes/apps/whoami/namespace.yaml new file mode 100644 index 0000000..5d6b482 --- /dev/null +++ b/kubernetes/apps/whoami/namespace.yaml @@ -0,0 +1,4 @@ +kind: Namespace +apiVersion: v1 +metadata: + name: whoami diff --git a/kubernetes/apps/whoami/service.yaml b/kubernetes/apps/whoami/service.yaml new file mode 100644 index 0000000..4aeca3f --- /dev/null +++ b/kubernetes/apps/whoami/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: whoami + namespace: whoami +spec: + type: ClusterIP + ports: + - port: 5678 + targetPort: 80 + selector: + app: whoami diff --git a/kubernetes/base/cert-manager/cert-issuer.yaml b/kubernetes/base/cert-manager/cert-issuer.yaml new file mode 100644 index 0000000..80e9736 --- /dev/null +++ b/kubernetes/base/cert-manager/cert-issuer.yaml @@ -0,0 +1,41 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: selfsigned + namespace: cert-manager +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging + namespace: cert-manager +spec: + acme: + server: https://acme-staging-v02.api.letsencrypt.org/directory + email: franopusz2006@gmail.com + privateKeySecretRef: + name: letsencrypt-staging + solvers: + - selector: {} + http01: + ingress: + class: traefik +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod + namespace: cert-manager +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: franopusz2006@gmail.com + privateKeySecretRef: + name: letsencrypt-prod + solvers: + - selector: {} + http01: + ingress: + class: traefik diff --git a/kubernetes/base/cert-manager/kustomization.yaml b/kubernetes/base/cert-manager/kustomization.yaml new file mode 100644 index 0000000..136c3f1 --- /dev/null +++ b/kubernetes/base/cert-manager/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: cert-manager + +resources: + - https://github.com/cert-manager/cert-manager/releases/download/v1.19.2/cert-manager.yaml + - cert-issuer.yaml diff --git a/kubernetes/base/kustomization.yaml b/kubernetes/base/kustomization.yaml new file mode 100644 index 0000000..4dc4f94 --- /dev/null +++ b/kubernetes/base/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - cert-manager + - traefik + - longhorn-system diff --git a/kubernetes/base/longhorn-system/ingress.yaml b/kubernetes/base/longhorn-system/ingress.yaml new file mode 100644 index 0000000..20a1a76 --- /dev/null +++ b/kubernetes/base/longhorn-system/ingress.yaml @@ -0,0 +1,29 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: longhorn-tls + namespace: longhorn-system +spec: + secretName: longhorn-tls + issuerRef: + name: letsencrypt-staging # TODO: change to letsencrypt-prod after timeout + kind: ClusterIssuer + dnsNames: + - longhorn.frankoslaw.top +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: longhorn-tls-ingress + namespace: longhorn-system +spec: + entryPoints: + - websecure + routes: + - match: Host(`longhorn.frankoslaw.top`) + kind: Rule + services: + - name: longhorn-frontend + port: 80 + tls: + secretName: longhorn-tls diff --git a/kubernetes/base/longhorn-system/kustomization.yaml b/kubernetes/base/longhorn-system/kustomization.yaml new file mode 100644 index 0000000..f2e99ba --- /dev/null +++ b/kubernetes/base/longhorn-system/kustomization.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: longhorn-system + +resources: + - https://raw.githubusercontent.com/longhorn/longhorn/v1.10.1/deploy/longhorn.yaml + - ingress.yaml + +patches: + - path: namespace.yaml + +configMapGenerator: + - name: longhorn-storageclass + behavior: merge + namespace: longhorn-system + files: + - storageclass.yaml diff --git a/kubernetes/base/longhorn-system/namespace.yaml b/kubernetes/base/longhorn-system/namespace.yaml new file mode 100644 index 0000000..9ac9395 --- /dev/null +++ b/kubernetes/base/longhorn-system/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: longhorn-system diff --git a/kubernetes/base/longhorn-system/storageclass.yaml b/kubernetes/base/longhorn-system/storageclass.yaml new file mode 100644 index 0000000..f3690e4 --- /dev/null +++ b/kubernetes/base/longhorn-system/storageclass.yaml @@ -0,0 +1,15 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: longhorn + annotations: + storageclass.kubernetes.io/is-default-class: "true" +provisioner: driver.longhorn.io +allowVolumeExpansion: true +reclaimPolicy: Delete +volumeBindingMode: Immediate +parameters: + numberOfReplicas: "1" + staleReplicaTimeout: "2880" + dataLocality: "best-effort" + fsType: "ext4" diff --git a/kubernetes/base/traefik/ingress.yaml b/kubernetes/base/traefik/ingress.yaml new file mode 100644 index 0000000..557f472 --- /dev/null +++ b/kubernetes/base/traefik/ingress.yaml @@ -0,0 +1,27 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: traefik-tls +spec: + secretName: traefik-tls + issuerRef: + name: letsencrypt-prod + kind: ClusterIssuer + dnsNames: + - traefik.frankoslaw.top +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: dashboard +spec: + entryPoints: + - websecure + routes: + - match: Host(`traefik.frankoslaw.top`) + kind: Rule + services: + - name: api@internal + kind: TraefikService + tls: + secretName: traefik-tls diff --git a/kubernetes/base/traefik/kustomization.yaml b/kubernetes/base/traefik/kustomization.yaml new file mode 100644 index 0000000..b6dfd25 --- /dev/null +++ b/kubernetes/base/traefik/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - traefik-config.yaml + - traefik-redirect.yaml + - traefik-dashboard.yaml + - ingress.yaml diff --git a/kubernetes/base/traefik/traefik-config.yaml b/kubernetes/base/traefik/traefik-config.yaml new file mode 100644 index 0000000..8e378e0 --- /dev/null +++ b/kubernetes/base/traefik/traefik-config.yaml @@ -0,0 +1,44 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChartConfig +metadata: + name: traefik + namespace: kube-system +spec: + valuesContent: |- + image: + name: traefik + ports: + web: + port: 80 + expose: + default: true + exposedPort: 80 + protocol: TCP + redirections: + entryPoint: + to: websecure + scheme: https + permanent: true + websecure: + port: 443 + expose: + default: true + exposedPort: 443 + protocol: TCP + tls: + enabled: true + ingressRoute: + dashboard: + enabled: false + persistence: + enabled: true + path: /certs + size: 128Mi + securityContext: + capabilities: + drop: [ALL] + add: [NET_BIND_SERVICE] + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 diff --git a/kubernetes/base/traefik/traefik-dashboard.yaml b/kubernetes/base/traefik/traefik-dashboard.yaml new file mode 100644 index 0000000..4a6eb4d --- /dev/null +++ b/kubernetes/base/traefik/traefik-dashboard.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: traefik-dashboard + namespace: kube-system + labels: + app.kubernetes.io/instance: traefik + app.kubernetes.io/name: traefik-dashboard +spec: + type: ClusterIP + ports: + - name: traefik + port: 9000 + targetPort: traefik + protocol: TCP + selector: + app.kubernetes.io/instance: traefik-kube-system + app.kubernetes.io/name: traefik diff --git a/kubernetes/base/traefik/traefik-redirect.yaml b/kubernetes/base/traefik/traefik-redirect.yaml new file mode 100644 index 0000000..e5eedb9 --- /dev/null +++ b/kubernetes/base/traefik/traefik-redirect.yaml @@ -0,0 +1,8 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: redirect-https +spec: + redirectScheme: + scheme: https + permanent: true