feat: Re-enable apps
This commit is contained in:
parent
59e41339e6
commit
44a8b44b45
@ -9,6 +9,7 @@ networks:
|
||||
services:
|
||||
gitea:
|
||||
image: docker.io/gitea/gitea:1.23.1
|
||||
container_name: gitea
|
||||
environment:
|
||||
- USER_UID=1002
|
||||
- USER_GID=1002
|
||||
|
||||
@ -16,6 +16,7 @@ volumes:
|
||||
services:
|
||||
transmission-openvpn:
|
||||
image: haugene/transmission-openvpn:5.3.1
|
||||
container_name: transmission-openvpn
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
networks:
|
||||
@ -63,6 +64,7 @@ services:
|
||||
|
||||
prowlarr:
|
||||
image: lscr.io/linuxserver/prowlarr:1.30.2
|
||||
container_name: prowlarr
|
||||
environment:
|
||||
- PUID=${PUID:-8796}
|
||||
- PGID=${PGID:-3005}
|
||||
@ -91,6 +93,7 @@ services:
|
||||
|
||||
radarr:
|
||||
image: lscr.io/linuxserver/radarr:5.18.4
|
||||
container_name: radarr
|
||||
environment:
|
||||
- PUID=${PUID:-8796}
|
||||
- PGID=${PGID:-3005}
|
||||
@ -124,6 +127,7 @@ services:
|
||||
|
||||
sonarr:
|
||||
image: lscr.io/linuxserver/sonarr:4.0.12
|
||||
container_name: sonarr
|
||||
environment:
|
||||
- PUID=${PUID:-8796}
|
||||
- PGID=${PGID:-3005}
|
||||
@ -156,6 +160,7 @@ services:
|
||||
|
||||
flaresolverr:
|
||||
image: ghcr.io/flaresolverr/flaresolverr:v3.3.21
|
||||
container_name: flaresolverr
|
||||
environment:
|
||||
- LOG_LEVEL=${FLARESOLVERR_LOG_LEVEL:-info}
|
||||
- LOG_HTML=${FLARESOLVERR_LOG_HTML:-false}
|
||||
@ -177,6 +182,7 @@ services:
|
||||
|
||||
jellyseerr:
|
||||
image: fallenbagel/jellyseerr:2.3.0
|
||||
container_name: jellyseerr
|
||||
environment:
|
||||
# - LOG_LEVEL=debug
|
||||
- TZ=America/Vancouver
|
||||
@ -212,6 +218,7 @@ services:
|
||||
|
||||
wizarr:
|
||||
image: tonyd33/wizarr
|
||||
container_name: wizarr
|
||||
environment:
|
||||
# This is intentionally not WIZARR_HOST. I'm still in the process of
|
||||
# migrating everything into mnke.org domain.
|
||||
|
||||
@ -7,6 +7,7 @@ networks:
|
||||
services:
|
||||
agent:
|
||||
image: portainer/agent:2.16.2
|
||||
container_name: agent
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /mnt/docker/docker-root/volumes:/var/lib/docker/volumes
|
||||
@ -20,6 +21,7 @@ services:
|
||||
|
||||
portainer:
|
||||
image: portainer/portainer-ce:2.21.5
|
||||
container_name: portainer
|
||||
command: -H tcp://agent:9001 --tlsskipverify --bind :9000 --tunnel-port 8000 --admin-password ${PORTAINER_HTPASSWD}
|
||||
ports:
|
||||
- "9000:9000"
|
||||
|
||||
@ -7,6 +7,7 @@ networks:
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v3.3
|
||||
container_name: traefik
|
||||
# This seems to be needed to solve the DNS challenge. Otherwise our own
|
||||
# DNS server is used, which isn't correctly configured to allow checking
|
||||
# the DNS entries have been propagated
|
||||
|
||||
17
k8s/apps/external-reverse-proxies/codegen/config/config.yaml
Normal file
17
k8s/apps/external-reverse-proxies/codegen/config/config.yaml
Normal file
@ -0,0 +1,17 @@
|
||||
x-jellyfin: &jellyfin
|
||||
upstream_host: jellyfin.home.mnke.org
|
||||
upstream_port: 8096
|
||||
pass_host_header: false
|
||||
|
||||
proxies:
|
||||
- <<: *jellyfin
|
||||
service_name: jellyfin-mnke
|
||||
tls_secret_name: wildcard-mnke-org-tls
|
||||
listen_hosts:
|
||||
- media.mnke.org
|
||||
- jellyfin.mnke.org
|
||||
|
||||
- <<: *jellyfin
|
||||
service_name: jellyfin-tonydu
|
||||
tls_secret_name: wildcard-tonydu-me-tls
|
||||
listen_host: media.tonydu.me
|
||||
89
k8s/apps/external-reverse-proxies/codegen/generator.py
Normal file
89
k8s/apps/external-reverse-proxies/codegen/generator.py
Normal file
@ -0,0 +1,89 @@
|
||||
from argparse import ArgumentParser
|
||||
from sys import stderr
|
||||
from jinja2 import Template
|
||||
from os import path
|
||||
from yaml import safe_load
|
||||
|
||||
def load_config(config_path):
|
||||
file = open(config_path, 'r')
|
||||
config = safe_load(file.read())
|
||||
file.close()
|
||||
return config
|
||||
|
||||
def load_proxy_template(template_path):
|
||||
file = open(template_path, 'r')
|
||||
template = Template(file.read())
|
||||
file.close()
|
||||
return template
|
||||
|
||||
def write_file(filename, content, dry_run):
|
||||
if dry_run:
|
||||
print(f'### Would generate {filename} ###', file=stderr)
|
||||
print(content, file=stderr)
|
||||
else:
|
||||
with open(filename, 'w') as f:
|
||||
f.write(content)
|
||||
|
||||
kustomize_template = Template('''---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
{%- for filename in filenames %}
|
||||
- {{ filename }}
|
||||
{%- endfor %}
|
||||
''')
|
||||
|
||||
def main(args):
|
||||
dry_run = args.dry_run
|
||||
config_path = args.config
|
||||
template_path = args.template
|
||||
output_path = args.output
|
||||
|
||||
template = load_proxy_template(template_path)
|
||||
|
||||
config = load_config(config_path)
|
||||
|
||||
if config is None:
|
||||
print(f'Config at {config_path} is invalid', file=stderr)
|
||||
exit(1)
|
||||
|
||||
filenames = []
|
||||
for proxy in config['proxies']:
|
||||
listen_hosts = proxy.get('listen_hosts', [proxy.get('listen_host', None)])
|
||||
content = template.render(proxy, listen_hosts=listen_hosts)
|
||||
|
||||
generated_filename = path.join(output_path, proxy['service_name']) + ".yaml"
|
||||
filenames.append(path.basename(generated_filename))
|
||||
write_file(generated_filename, content, dry_run)
|
||||
|
||||
kustomize_filename = path.join(output_path, 'kustomize.yaml')
|
||||
kustomize_content = kustomize_template.render(filenames=filenames)
|
||||
write_file(kustomize_filename, kustomize_content, dry_run)
|
||||
|
||||
if __name__ == '__main__':
|
||||
default_config_path = path.join(path.dirname(__file__), 'config', 'config.yaml')
|
||||
default_template_path = path.join(path.dirname(__file__), 'templates', 'proxy.yaml.j2')
|
||||
default_output_path = path.normpath(path.join(path.dirname(__file__), '..', 'generated'))
|
||||
|
||||
parser = ArgumentParser(
|
||||
prog='External Reverse Proxy Generator',
|
||||
description='Generate reverse proxy manifests',
|
||||
)
|
||||
parser.add_argument(
|
||||
'-n',
|
||||
'--dry-run',
|
||||
action='store_true',
|
||||
help='Print generated manifests instead of writing them to disk'
|
||||
)
|
||||
parser.add_argument(
|
||||
'-k',
|
||||
'--skip-kustomize',
|
||||
action='store_true',
|
||||
help='Skip generation of kustomization.yaml file'
|
||||
)
|
||||
parser.add_argument('-c', '--config', help='Path to config file', default=default_config_path)
|
||||
parser.add_argument('-t', '--template', help='Path to proxy template file', default=default_template_path)
|
||||
parser.add_argument('-o', '--output', help='Output directory', default=default_output_path)
|
||||
|
||||
args=parser.parse_args()
|
||||
main(args)
|
||||
@ -0,0 +1,38 @@
|
||||
---
|
||||
# This file was automatically generated. Do not modify.
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ service_name }}-external
|
||||
namespace: default
|
||||
spec:
|
||||
type: ExternalName
|
||||
externalName: {{ upstream_host }}
|
||||
ports:
|
||||
- name: {{ service_name }}-external
|
||||
port: {{ upstream_port }}
|
||||
targetPort: {{ upstream_port }}
|
||||
|
||||
---
|
||||
# This file was automatically generated. Do not modify.
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: {{ service_name }}-external
|
||||
namespace: default
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
{%- for listen_host in listen_hosts %}
|
||||
- match: Host(`{{ listen_host }}`)
|
||||
kind: Rule
|
||||
services:
|
||||
- kind: Service
|
||||
name: {{ service_name }}-external
|
||||
port: {{ upstream_port }}
|
||||
passHostHeader: {{ pass_host_header }}
|
||||
{%- endfor %}
|
||||
tls:
|
||||
secretName: {{ tls_secret_name }}
|
||||
|
||||
@ -0,0 +1,40 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: jellyfin-mnke-external
|
||||
namespace: default
|
||||
spec:
|
||||
type: ExternalName
|
||||
externalName: jellyfin.home.mnke.org
|
||||
ports:
|
||||
- name: jellyfin-mnke-external
|
||||
port: 8096
|
||||
targetPort: 8096
|
||||
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: jellyfin-mnke-external
|
||||
namespace: default
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`media.mnke.org`)
|
||||
kind: Rule
|
||||
services:
|
||||
- kind: Service
|
||||
name: jellyfin-mnke-external
|
||||
port: 8096
|
||||
passHostHeader: False
|
||||
- match: Host(`jellyfin.mnke.org`)
|
||||
kind: Rule
|
||||
services:
|
||||
- kind: Service
|
||||
name: jellyfin-mnke-external
|
||||
port: 8096
|
||||
passHostHeader: False
|
||||
tls:
|
||||
secretName: wildcard-mnke-org-tls
|
||||
@ -0,0 +1,33 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: jellyfin-tonydu-external
|
||||
namespace: default
|
||||
spec:
|
||||
type: ExternalName
|
||||
externalName: jellyfin.home.mnke.org
|
||||
ports:
|
||||
- name: jellyfin-tonydu-external
|
||||
port: 8096
|
||||
targetPort: 8096
|
||||
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: jellyfin-tonydu-external
|
||||
namespace: default
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`media.tonydu.me`)
|
||||
kind: Rule
|
||||
services:
|
||||
- kind: Service
|
||||
name: jellyfin-tonydu-external
|
||||
port: 8096
|
||||
passHostHeader: False
|
||||
tls:
|
||||
secretName: wildcard-tonydu-me-tls
|
||||
@ -0,0 +1,6 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- jellyfin-mnke.yaml
|
||||
- jellyfin-tonydu.yaml
|
||||
6
k8s/apps/external-reverse-proxies/kustomization.yaml
Normal file
6
k8s/apps/external-reverse-proxies/kustomization.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- generated
|
||||
- middlewares
|
||||
@ -2,7 +2,6 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- secret.yaml
|
||||
- release.yaml
|
||||
|
||||
|
||||
@ -1,6 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: ghost
|
||||
|
||||
@ -3,9 +3,11 @@ apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: ghost
|
||||
namespace: ghost
|
||||
namespace: default
|
||||
spec:
|
||||
interval: 1m
|
||||
interval: 10m
|
||||
releaseName: ghost
|
||||
targetNamespace: default
|
||||
chart:
|
||||
spec:
|
||||
chart: ghost
|
||||
@ -29,9 +31,18 @@ spec:
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: le-cf-issuer
|
||||
kubernetes.io/ingress.class: traefik
|
||||
# ingressClassName: traefik
|
||||
ingressClassName: traefik
|
||||
hostname: blog.mnke.org
|
||||
# tls: true
|
||||
tls: true
|
||||
# Ugh, this doesn't use the wildcard cert I set up! I don't want to
|
||||
# experiment with this at this point because of how finnicky this chart
|
||||
# has been. I feel like if I touch this chart the wrong way, it'll just
|
||||
# break.
|
||||
# extraTls:
|
||||
# - hosts:
|
||||
# - blog.mnke.org
|
||||
# secretName: wildcard-mnke-org-tls
|
||||
|
||||
|
||||
allowEmptyPassword: false
|
||||
ghostEmail: tonydu121@hotmail.com
|
||||
|
||||
@ -3,7 +3,7 @@ apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: ghost-db-creds
|
||||
namespace: ghost
|
||||
namespace: default
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
@ -22,7 +22,7 @@ apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: ghost-creds
|
||||
namespace: ghost
|
||||
namespace: default
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
|
||||
@ -1,8 +1,7 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- common
|
||||
# - kube-prometheus-stack
|
||||
- uptime-kuma
|
||||
# - rancher
|
||||
- ghost
|
||||
|
||||
@ -2,7 +2,6 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- repository.yaml
|
||||
- release.yaml
|
||||
|
||||
|
||||
@ -1,6 +0,0 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: uptime-kuma
|
||||
|
||||
@ -3,9 +3,11 @@ apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: uptime-kuma
|
||||
namespace: uptime-kuma
|
||||
namespace: default
|
||||
spec:
|
||||
interval: 10m0s
|
||||
releaseName: uptime-kuma
|
||||
targetNamespace: default
|
||||
chart:
|
||||
spec:
|
||||
chart: uptime-kuma
|
||||
@ -13,7 +15,7 @@ spec:
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: uptime-kuma
|
||||
namespace: uptime-kuma
|
||||
namespace: flux-system
|
||||
values:
|
||||
ingress:
|
||||
enabled: true
|
||||
@ -25,6 +27,15 @@ spec:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
- host: uptime.mnke.org
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
tls:
|
||||
- hosts:
|
||||
- uptime.dolo.mnke.org
|
||||
- uptime.mnke.org
|
||||
secretName: wildcard-mnke-org-tls
|
||||
resources:
|
||||
limits:
|
||||
cpu: 200m
|
||||
|
||||
@ -3,7 +3,7 @@ apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: uptime-kuma
|
||||
namespace: uptime-kuma
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 10m0s
|
||||
url: https://helm.irsigler.cloud
|
||||
|
||||
@ -1,18 +1,18 @@
|
||||
# ---
|
||||
# apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
# kind: Kustomization
|
||||
# metadata:
|
||||
# name: apps
|
||||
# namespace: flux-system
|
||||
# spec:
|
||||
# interval: 10m0s
|
||||
# retryInterval: 30s
|
||||
# dependsOn:
|
||||
# - name: infrastructure
|
||||
# sourceRef:
|
||||
# kind: GitRepository
|
||||
# name: flux-system
|
||||
# path: ./k8s/apps
|
||||
# prune: true
|
||||
# wait: true
|
||||
# timeout: 5m0s
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: apps
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 10m0s
|
||||
retryInterval: 30s
|
||||
dependsOn:
|
||||
- name: infrastructure
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: flux-system
|
||||
path: ./k8s/apps
|
||||
prune: true
|
||||
wait: true
|
||||
timeout: 5m0s
|
||||
|
||||
@ -51,7 +51,7 @@ spec:
|
||||
minio:
|
||||
enabled: true
|
||||
persistence:
|
||||
size: 8Gi
|
||||
size: 4Gi
|
||||
rootUser: root
|
||||
# rootPassword: ''
|
||||
|
||||
@ -59,14 +59,24 @@ spec:
|
||||
|
||||
singleBinary:
|
||||
replicas: 1
|
||||
persistence:
|
||||
enabled: true
|
||||
size: 4Gi
|
||||
storageClass: longhorn
|
||||
|
||||
# Zero out replica counts of other deployment modes
|
||||
backend:
|
||||
replicas: 0
|
||||
persistence:
|
||||
size: 1Mi
|
||||
read:
|
||||
replicas: 0
|
||||
persistence:
|
||||
size: 1Mi
|
||||
write:
|
||||
replicas: 0
|
||||
persistence:
|
||||
size: 1Mi
|
||||
|
||||
# Turn this for debugging
|
||||
lokiCanary:
|
||||
|
||||
@ -6,7 +6,7 @@ metadata:
|
||||
name: traefik
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 1m
|
||||
interval: 10m
|
||||
url: https://helm.traefik.io/traefik
|
||||
|
||||
---
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user