diff --git a/docker/compose/gitea/docker-compose.yml b/docker/compose/gitea/docker-compose.yml index 2571857..8854caf 100644 --- a/docker/compose/gitea/docker-compose.yml +++ b/docker/compose/gitea/docker-compose.yml @@ -9,6 +9,7 @@ networks: services: gitea: image: docker.io/gitea/gitea:1.23.1 + container_name: gitea environment: - USER_UID=1002 - USER_GID=1002 diff --git a/docker/compose/media/docker-compose.yml b/docker/compose/media/docker-compose.yml index d8c51aa..1450ab3 100644 --- a/docker/compose/media/docker-compose.yml +++ b/docker/compose/media/docker-compose.yml @@ -16,6 +16,7 @@ volumes: services: transmission-openvpn: image: haugene/transmission-openvpn:5.3.1 + container_name: transmission-openvpn cap_add: - NET_ADMIN networks: @@ -63,6 +64,7 @@ services: prowlarr: image: lscr.io/linuxserver/prowlarr:1.30.2 + container_name: prowlarr environment: - PUID=${PUID:-8796} - PGID=${PGID:-3005} @@ -91,6 +93,7 @@ services: radarr: image: lscr.io/linuxserver/radarr:5.18.4 + container_name: radarr environment: - PUID=${PUID:-8796} - PGID=${PGID:-3005} @@ -124,6 +127,7 @@ services: sonarr: image: lscr.io/linuxserver/sonarr:4.0.12 + container_name: sonarr environment: - PUID=${PUID:-8796} - PGID=${PGID:-3005} @@ -156,6 +160,7 @@ services: flaresolverr: image: ghcr.io/flaresolverr/flaresolverr:v3.3.21 + container_name: flaresolverr environment: - LOG_LEVEL=${FLARESOLVERR_LOG_LEVEL:-info} - LOG_HTML=${FLARESOLVERR_LOG_HTML:-false} @@ -177,6 +182,7 @@ services: jellyseerr: image: fallenbagel/jellyseerr:2.3.0 + container_name: jellyseerr environment: # - LOG_LEVEL=debug - TZ=America/Vancouver @@ -212,6 +218,7 @@ services: wizarr: image: tonyd33/wizarr + container_name: wizarr environment: # This is intentionally not WIZARR_HOST. I'm still in the process of # migrating everything into mnke.org domain. diff --git a/docker/compose/portainer/docker-compose.yml b/docker/compose/portainer/docker-compose.yml index acb292c..2341d7b 100644 --- a/docker/compose/portainer/docker-compose.yml +++ b/docker/compose/portainer/docker-compose.yml @@ -7,6 +7,7 @@ networks: services: agent: image: portainer/agent:2.16.2 + container_name: agent volumes: - /var/run/docker.sock:/var/run/docker.sock - /mnt/docker/docker-root/volumes:/var/lib/docker/volumes @@ -20,6 +21,7 @@ services: portainer: image: portainer/portainer-ce:2.21.5 + container_name: portainer command: -H tcp://agent:9001 --tlsskipverify --bind :9000 --tunnel-port 8000 --admin-password ${PORTAINER_HTPASSWD} ports: - "9000:9000" diff --git a/docker/compose/traefik/docker-compose.yml b/docker/compose/traefik/docker-compose.yml index 84d347a..4ccbe0f 100644 --- a/docker/compose/traefik/docker-compose.yml +++ b/docker/compose/traefik/docker-compose.yml @@ -7,6 +7,7 @@ networks: services: traefik: image: traefik:v3.3 + container_name: traefik # This seems to be needed to solve the DNS challenge. Otherwise our own # DNS server is used, which isn't correctly configured to allow checking # the DNS entries have been propagated diff --git a/k8s/apps/external-reverse-proxies/codegen/config/config.yaml b/k8s/apps/external-reverse-proxies/codegen/config/config.yaml new file mode 100644 index 0000000..ec5eff6 --- /dev/null +++ b/k8s/apps/external-reverse-proxies/codegen/config/config.yaml @@ -0,0 +1,17 @@ +x-jellyfin: &jellyfin + upstream_host: jellyfin.home.mnke.org + upstream_port: 8096 + pass_host_header: false + +proxies: + - <<: *jellyfin + service_name: jellyfin-mnke + tls_secret_name: wildcard-mnke-org-tls + listen_hosts: + - media.mnke.org + - jellyfin.mnke.org + + - <<: *jellyfin + service_name: jellyfin-tonydu + tls_secret_name: wildcard-tonydu-me-tls + listen_host: media.tonydu.me diff --git a/k8s/apps/external-reverse-proxies/codegen/generator.py b/k8s/apps/external-reverse-proxies/codegen/generator.py new file mode 100644 index 0000000..f2bec2b --- /dev/null +++ b/k8s/apps/external-reverse-proxies/codegen/generator.py @@ -0,0 +1,89 @@ +from argparse import ArgumentParser +from sys import stderr +from jinja2 import Template +from os import path +from yaml import safe_load + +def load_config(config_path): + file = open(config_path, 'r') + config = safe_load(file.read()) + file.close() + return config + +def load_proxy_template(template_path): + file = open(template_path, 'r') + template = Template(file.read()) + file.close() + return template + +def write_file(filename, content, dry_run): + if dry_run: + print(f'### Would generate {filename} ###', file=stderr) + print(content, file=stderr) + else: + with open(filename, 'w') as f: + f.write(content) + +kustomize_template = Template('''--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + {%- for filename in filenames %} + - {{ filename }} + {%- endfor %} +''') + +def main(args): + dry_run = args.dry_run + config_path = args.config + template_path = args.template + output_path = args.output + + template = load_proxy_template(template_path) + + config = load_config(config_path) + + if config is None: + print(f'Config at {config_path} is invalid', file=stderr) + exit(1) + + filenames = [] + for proxy in config['proxies']: + listen_hosts = proxy.get('listen_hosts', [proxy.get('listen_host', None)]) + content = template.render(proxy, listen_hosts=listen_hosts) + + generated_filename = path.join(output_path, proxy['service_name']) + ".yaml" + filenames.append(path.basename(generated_filename)) + write_file(generated_filename, content, dry_run) + + kustomize_filename = path.join(output_path, 'kustomize.yaml') + kustomize_content = kustomize_template.render(filenames=filenames) + write_file(kustomize_filename, kustomize_content, dry_run) + +if __name__ == '__main__': + default_config_path = path.join(path.dirname(__file__), 'config', 'config.yaml') + default_template_path = path.join(path.dirname(__file__), 'templates', 'proxy.yaml.j2') + default_output_path = path.normpath(path.join(path.dirname(__file__), '..', 'generated')) + + parser = ArgumentParser( + prog='External Reverse Proxy Generator', + description='Generate reverse proxy manifests', + ) + parser.add_argument( + '-n', + '--dry-run', + action='store_true', + help='Print generated manifests instead of writing them to disk' + ) + parser.add_argument( + '-k', + '--skip-kustomize', + action='store_true', + help='Skip generation of kustomization.yaml file' + ) + parser.add_argument('-c', '--config', help='Path to config file', default=default_config_path) + parser.add_argument('-t', '--template', help='Path to proxy template file', default=default_template_path) + parser.add_argument('-o', '--output', help='Output directory', default=default_output_path) + + args=parser.parse_args() + main(args) diff --git a/k8s/apps/external-reverse-proxies/codegen/templates/proxy.yaml.j2 b/k8s/apps/external-reverse-proxies/codegen/templates/proxy.yaml.j2 new file mode 100644 index 0000000..9638361 --- /dev/null +++ b/k8s/apps/external-reverse-proxies/codegen/templates/proxy.yaml.j2 @@ -0,0 +1,38 @@ +--- +# This file was automatically generated. Do not modify. +apiVersion: v1 +kind: Service +metadata: + name: {{ service_name }}-external + namespace: default +spec: + type: ExternalName + externalName: {{ upstream_host }} + ports: + - name: {{ service_name }}-external + port: {{ upstream_port }} + targetPort: {{ upstream_port }} + +--- +# This file was automatically generated. Do not modify. +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: {{ service_name }}-external + namespace: default +spec: + entryPoints: + - websecure + routes: + {%- for listen_host in listen_hosts %} + - match: Host(`{{ listen_host }}`) + kind: Rule + services: + - kind: Service + name: {{ service_name }}-external + port: {{ upstream_port }} + passHostHeader: {{ pass_host_header }} + {%- endfor %} + tls: + secretName: {{ tls_secret_name }} + diff --git a/k8s/apps/external-reverse-proxies/generated/jellyfin-mnke.yaml b/k8s/apps/external-reverse-proxies/generated/jellyfin-mnke.yaml new file mode 100644 index 0000000..7b0e90b --- /dev/null +++ b/k8s/apps/external-reverse-proxies/generated/jellyfin-mnke.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: jellyfin-mnke-external + namespace: default +spec: + type: ExternalName + externalName: jellyfin.home.mnke.org + ports: + - name: jellyfin-mnke-external + port: 8096 + targetPort: 8096 + +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: jellyfin-mnke-external + namespace: default +spec: + entryPoints: + - websecure + routes: + - match: Host(`media.mnke.org`) + kind: Rule + services: + - kind: Service + name: jellyfin-mnke-external + port: 8096 + passHostHeader: False + - match: Host(`jellyfin.mnke.org`) + kind: Rule + services: + - kind: Service + name: jellyfin-mnke-external + port: 8096 + passHostHeader: False + tls: + secretName: wildcard-mnke-org-tls diff --git a/k8s/apps/external-reverse-proxies/generated/jellyfin-tonydu.yaml b/k8s/apps/external-reverse-proxies/generated/jellyfin-tonydu.yaml new file mode 100644 index 0000000..c4557a8 --- /dev/null +++ b/k8s/apps/external-reverse-proxies/generated/jellyfin-tonydu.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: jellyfin-tonydu-external + namespace: default +spec: + type: ExternalName + externalName: jellyfin.home.mnke.org + ports: + - name: jellyfin-tonydu-external + port: 8096 + targetPort: 8096 + +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: jellyfin-tonydu-external + namespace: default +spec: + entryPoints: + - websecure + routes: + - match: Host(`media.tonydu.me`) + kind: Rule + services: + - kind: Service + name: jellyfin-tonydu-external + port: 8096 + passHostHeader: False + tls: + secretName: wildcard-tonydu-me-tls diff --git a/k8s/apps/external-reverse-proxies/generated/kustomize.yaml b/k8s/apps/external-reverse-proxies/generated/kustomize.yaml new file mode 100644 index 0000000..1fc0325 --- /dev/null +++ b/k8s/apps/external-reverse-proxies/generated/kustomize.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - jellyfin-mnke.yaml + - jellyfin-tonydu.yaml \ No newline at end of file diff --git a/k8s/apps/external-reverse-proxies/kustomization.yaml b/k8s/apps/external-reverse-proxies/kustomization.yaml new file mode 100644 index 0000000..2a9ab7a --- /dev/null +++ b/k8s/apps/external-reverse-proxies/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - generated + - middlewares diff --git a/k8s/apps/ghost/kustomization.yaml b/k8s/apps/ghost/kustomization.yaml index 8136a18..5996246 100644 --- a/k8s/apps/ghost/kustomization.yaml +++ b/k8s/apps/ghost/kustomization.yaml @@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - namespace.yaml - secret.yaml - release.yaml diff --git a/k8s/apps/ghost/namespace.yaml b/k8s/apps/ghost/namespace.yaml deleted file mode 100644 index 281b106..0000000 --- a/k8s/apps/ghost/namespace.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: ghost - diff --git a/k8s/apps/ghost/release.yaml b/k8s/apps/ghost/release.yaml index b1c9df2..d32d581 100644 --- a/k8s/apps/ghost/release.yaml +++ b/k8s/apps/ghost/release.yaml @@ -3,9 +3,11 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: ghost - namespace: ghost + namespace: default spec: - interval: 1m + interval: 10m + releaseName: ghost + targetNamespace: default chart: spec: chart: ghost @@ -29,9 +31,18 @@ spec: annotations: cert-manager.io/cluster-issuer: le-cf-issuer kubernetes.io/ingress.class: traefik - # ingressClassName: traefik + ingressClassName: traefik hostname: blog.mnke.org - # tls: true + tls: true + # Ugh, this doesn't use the wildcard cert I set up! I don't want to + # experiment with this at this point because of how finnicky this chart + # has been. I feel like if I touch this chart the wrong way, it'll just + # break. + # extraTls: + # - hosts: + # - blog.mnke.org + # secretName: wildcard-mnke-org-tls + allowEmptyPassword: false ghostEmail: tonydu121@hotmail.com diff --git a/k8s/apps/ghost/secret.yaml b/k8s/apps/ghost/secret.yaml index 449d10e..0197b9b 100644 --- a/k8s/apps/ghost/secret.yaml +++ b/k8s/apps/ghost/secret.yaml @@ -3,7 +3,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: ghost-db-creds - namespace: ghost + namespace: default spec: secretStoreRef: kind: ClusterSecretStore @@ -22,7 +22,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: ghost-creds - namespace: ghost + namespace: default spec: secretStoreRef: kind: ClusterSecretStore diff --git a/k8s/apps/kustomization.yaml b/k8s/apps/kustomization.yaml index 87a3dc4..acfc41a 100644 --- a/k8s/apps/kustomization.yaml +++ b/k8s/apps/kustomization.yaml @@ -1,8 +1,7 @@ +--- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - common - # - kube-prometheus-stack - uptime-kuma - # - rancher - ghost diff --git a/k8s/apps/uptime-kuma/kustomization.yaml b/k8s/apps/uptime-kuma/kustomization.yaml index 01e8a09..14a9e48 100644 --- a/k8s/apps/uptime-kuma/kustomization.yaml +++ b/k8s/apps/uptime-kuma/kustomization.yaml @@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - namespace.yaml - repository.yaml - release.yaml diff --git a/k8s/apps/uptime-kuma/namespace.yaml b/k8s/apps/uptime-kuma/namespace.yaml deleted file mode 100644 index 78860f6..0000000 --- a/k8s/apps/uptime-kuma/namespace.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: uptime-kuma - diff --git a/k8s/apps/uptime-kuma/release.yaml b/k8s/apps/uptime-kuma/release.yaml index 174ad15..4926e2d 100644 --- a/k8s/apps/uptime-kuma/release.yaml +++ b/k8s/apps/uptime-kuma/release.yaml @@ -3,9 +3,11 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: uptime-kuma - namespace: uptime-kuma + namespace: default spec: interval: 10m0s + releaseName: uptime-kuma + targetNamespace: default chart: spec: chart: uptime-kuma @@ -13,7 +15,7 @@ spec: sourceRef: kind: HelmRepository name: uptime-kuma - namespace: uptime-kuma + namespace: flux-system values: ingress: enabled: true @@ -25,6 +27,15 @@ spec: paths: - path: / pathType: ImplementationSpecific + - host: uptime.mnke.org + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - uptime.dolo.mnke.org + - uptime.mnke.org + secretName: wildcard-mnke-org-tls resources: limits: cpu: 200m diff --git a/k8s/apps/uptime-kuma/repository.yaml b/k8s/apps/uptime-kuma/repository.yaml index 846f3d4..8d7e5b6 100644 --- a/k8s/apps/uptime-kuma/repository.yaml +++ b/k8s/apps/uptime-kuma/repository.yaml @@ -3,7 +3,7 @@ apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: uptime-kuma - namespace: uptime-kuma + namespace: flux-system spec: interval: 10m0s url: https://helm.irsigler.cloud diff --git a/k8s/clusters/dolo/apps.yaml b/k8s/clusters/dolo/apps.yaml index bbcb5e8..557b4ad 100644 --- a/k8s/clusters/dolo/apps.yaml +++ b/k8s/clusters/dolo/apps.yaml @@ -1,18 +1,18 @@ -# --- -# apiVersion: kustomize.toolkit.fluxcd.io/v1 -# kind: Kustomization -# metadata: - # name: apps - # namespace: flux-system -# spec: - # interval: 10m0s - # retryInterval: 30s - # dependsOn: - # - name: infrastructure - # sourceRef: - # kind: GitRepository - # name: flux-system - # path: ./k8s/apps - # prune: true - # wait: true - # timeout: 5m0s +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: apps + namespace: flux-system +spec: + interval: 10m0s + retryInterval: 30s + dependsOn: + - name: infrastructure + sourceRef: + kind: GitRepository + name: flux-system + path: ./k8s/apps + prune: true + wait: true + timeout: 5m0s diff --git a/k8s/infrastructure/controllers/loki/release.yaml b/k8s/infrastructure/controllers/loki/release.yaml index f8e3b53..7e58751 100644 --- a/k8s/infrastructure/controllers/loki/release.yaml +++ b/k8s/infrastructure/controllers/loki/release.yaml @@ -51,7 +51,7 @@ spec: minio: enabled: true persistence: - size: 8Gi + size: 4Gi rootUser: root # rootPassword: '' @@ -59,14 +59,24 @@ spec: singleBinary: replicas: 1 + persistence: + enabled: true + size: 4Gi + storageClass: longhorn # Zero out replica counts of other deployment modes backend: replicas: 0 + persistence: + size: 1Mi read: replicas: 0 + persistence: + size: 1Mi write: replicas: 0 + persistence: + size: 1Mi # Turn this for debugging lokiCanary: diff --git a/k8s/infrastructure/crds/traefik.yaml b/k8s/infrastructure/crds/traefik.yaml index e1bc38e..6c03572 100644 --- a/k8s/infrastructure/crds/traefik.yaml +++ b/k8s/infrastructure/crds/traefik.yaml @@ -6,7 +6,7 @@ metadata: name: traefik namespace: flux-system spec: - interval: 1m + interval: 10m url: https://helm.traefik.io/traefik ---