From 0af7d263a05432fad260ab0cbe91d2e4445e4398 Mon Sep 17 00:00:00 2001 From: Khwezi Date: Thu, 16 Apr 2026 08:35:13 +0200 Subject: [PATCH] Removed old templates, refactored whoami template --- kubernetes-templates/dashy.yaml | 168 ---------------------- kubernetes-templates/flame.yml | 170 ---------------------- kubernetes-templates/gitea.yml | 208 --------------------------- kubernetes-templates/mongodb.yml | 166 --------------------- kubernetes-templates/portainer.yml | 127 ---------------- kubernetes-templates/postgresql.yml | 149 ------------------- kubernetes-templates/redis.yml | 107 -------------- kubernetes-templates/registry-ui.yml | 163 --------------------- kubernetes-templates/registry.yml | 170 ---------------------- kubernetes-templates/whoami.yml | 54 ++----- 10 files changed, 11 insertions(+), 1471 deletions(-) delete mode 100644 kubernetes-templates/dashy.yaml delete mode 100644 kubernetes-templates/flame.yml delete mode 100644 kubernetes-templates/gitea.yml delete mode 100644 kubernetes-templates/mongodb.yml delete mode 100644 kubernetes-templates/portainer.yml delete mode 100644 kubernetes-templates/postgresql.yml delete mode 100644 kubernetes-templates/redis.yml delete mode 100644 kubernetes-templates/registry-ui.yml delete mode 100644 kubernetes-templates/registry.yml diff --git a/kubernetes-templates/dashy.yaml b/kubernetes-templates/dashy.yaml deleted file mode 100644 index 1b84b03..0000000 --- a/kubernetes-templates/dashy.yaml +++ /dev/null @@ -1,168 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: dashy ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: dashy-sa - namespace: dashy ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: dashy-role - namespace: dashy -rules: -- apiGroups: [""] - resources: ["pods", "services", "endpoints"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: dashy-rolebinding - namespace: dashy -subjects: -- kind: ServiceAccount - name: dashy-sa -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: dashy-role ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: dashy-config-pv - labels: - type: local -spec: - capacity: - storage: 1Gi - accessModes: - - ReadWriteOnce - storageClassName: local-pvs - local: - path: /home/ansible/k3s/makhiwane/dashy - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - lead - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: dashy-config-pvc - namespace: dashy -spec: - accessModes: - - ReadWriteOnce - storageClassName: local-pvs - resources: - requests: - storage: 1Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: dashy-pvc - namespace: dashy -spec: - accessModes: - - ReadWriteOnce - storageClassName: local-pvs - resources: - requests: - storage: 1Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: dashy - namespace: dashy -spec: - replicas: 1 - selector: - matchLabels: - app: dashy - template: - metadata: - labels: - app: dashy - spec: - serviceAccountName: dashy-sa - containers: - - name: dashy - image: lissy93/dashy:latest - ports: - - containerPort: 8080 - resources: - requests: - cpu: "100m" - memory: "128Mi" - limits: - cpu: "250m" - memory: "256Mi" - volumeMounts: - - name: dashy-config - mountPath: /app/data - startupProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 300 - periodSeconds: 10 - failureThreshold: 18 - timeoutSeconds: 10 - readinessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 300 - periodSeconds: 10 - failureThreshold: 18 - timeoutSeconds: 10 - volumes: - - name: dashy-config - persistentVolumeClaim: - claimName: dashy-config-pvc ---- -apiVersion: v1 -kind: Service -metadata: - name: dashy - namespace: dashy -spec: - type: ClusterIP - selector: - app: dashy - ports: - - name: web - protocol: TCP - port: 80 - targetPort: 8080 ---- -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: dashy-web - namespace: dashy -spec: - entryPoints: - - websecure - routes: - - match: Host(`dashboard.apps.mngoma.lab`) - kind: Rule - services: - - name: dashy - port: 80 - scheme: http - tls: {} diff --git a/kubernetes-templates/flame.yml b/kubernetes-templates/flame.yml deleted file mode 100644 index d0af4b6..0000000 --- a/kubernetes-templates/flame.yml +++ /dev/null @@ -1,170 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: flame ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: flame-sa - namespace: flame ---- -apiVersion: v1 -kind: Secret -metadata: - name: flame-secret - namespace: flame -type: Opaque -data: - app.password: MTIzNDU= ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: flame-role - namespace: flame -rules: -- apiGroups: [""] - resources: ["pods", "services", "endpoints"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: flame-rolebinding - namespace: flame -subjects: -- kind: ServiceAccount - name: flame-sa -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: flame-role ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: flame-config-pv - labels: - type: local -spec: - capacity: - storage: 1Gi - accessModes: - - ReadWriteOnce - storageClassName: local-pvs - local: - path: /home/ansible/k3s/makhiwane/flame - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - lead - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: flame-config-pvc - namespace: flame -spec: - accessModes: - - ReadWriteOnce - storageClassName: local-pvs - resources: - requests: - storage: 1Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: flame - namespace: flame -spec: - replicas: 1 - selector: - matchLabels: - app: flame - template: - metadata: - labels: - app: flame - spec: - serviceAccountName: flame-sa - containers: - - name: flame - image: pawelmalak/flame - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: flame-secret - key: app.password - ports: - - containerPort: 5005 - resources: - requests: - cpu: "100m" - memory: "128Mi" - limits: - cpu: "250m" - memory: "256Mi" - volumeMounts: - - name: flame-config - mountPath: /app/data - startupProbe: - httpGet: - path: / - port: 5005 - initialDelaySeconds: 60 - periodSeconds: 10 - failureThreshold: 10 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: 5005 - initialDelaySeconds: 60 - periodSeconds: 10 - failureThreshold: 10 - timeoutSeconds: 5 - volumes: - - name: flame-config - persistentVolumeClaim: - claimName: flame-config-pvc ---- -apiVersion: v1 -kind: Service -metadata: - name: flame - namespace: flame -spec: - type: ClusterIP - selector: - app: flame - ports: - - name: web - protocol: TCP - port: 80 - targetPort: 5005 ---- -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: flame-web - namespace: flame -spec: - entryPoints: - - websecure - routes: - - match: Host(`dashboard.apps.mngoma.lab`) - kind: Rule - services: - - name: flame - port: 80 - scheme: http - tls: {} diff --git a/kubernetes-templates/gitea.yml b/kubernetes-templates/gitea.yml deleted file mode 100644 index 4ad45e9..0000000 --- a/kubernetes-templates/gitea.yml +++ /dev/null @@ -1,208 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: gitea ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: gitea-sa - namespace: gitea ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: gitea-config - namespace: gitea -data: - server.domain: "gitea.apps.mngoma.lab" - server.rooturl: "https://gitea.apps.mngoma.lab" - database.type: "postgres" - database.host: "192.168.1.137:5432" - database.name: "giteam" ---- -apiVersion: v1 -kind: Secret -metadata: - name: gitea-secret - namespace: gitea -type: Opaque -data: - database.username: YXBwX3VzZXI= - database.password: MTIzNDU= ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: gitea-role - namespace: gitea -rules: -- apiGroups: [""] - resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "configmaps", "secrets"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: gitea-rolebinding - namespace: gitea -subjects: -- kind: ServiceAccount - name: gitea-sa -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: gitea-role ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: gitea-pv - labels: - type: local -spec: - capacity: - storage: 5Gi - accessModes: - - ReadWriteOnce - storageClassName: local-pvs - local: - path: /home/ansible/k3s/makhiwane/gitea - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - lead - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: gitea-pvc - namespace: gitea -spec: - accessModes: - - ReadWriteOnce - storageClassName: local-pvs - resources: - requests: - storage: 5Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: gitea - namespace: gitea - labels: - app.kubernetes.io/name: gitea-server -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: gitea-server - template: - metadata: - labels: - app.kubernetes.io/name: gitea-server - spec: - serviceAccountName: gitea-sa - containers: - - name: gitea - image: gitea/gitea:latest - ports: - - containerPort: 3000 - - containerPort: 22 - volumeMounts: - - name: gitea-data - mountPath: /data - env: - - name: USER_UID - value: "1000" - - name: USER_GID - value: "1000" - - name: GITEA_SERVER_ROOT_URL - valueFrom: - configMapKeyRef: - name: gitea-config - key: server.rooturl - - name: GITEA_SERVER_DOMAIN - valueFrom: - configMapKeyRef: - name: gitea-config - key: server.domain - - name: GITEA__database__TYPE - valueFrom: - configMapKeyRef: - name: gitea-config - key: database.type - - name: GITEA__database__HOST - valueFrom: - configMapKeyRef: - name: gitea-config - key: database.host - - name: GITEA__database__USER - valueFrom: - secretKeyRef: - name: gitea-secret - key: database.username - - name: GITEA__database__PASSWD - valueFrom: - secretKeyRef: - name: gitea-secret - key: database.password - - name: GITEA__database__NAME - valueFrom: - configMapKeyRef: - name: gitea-config - key: database.name - resources: - requests: - memory: "512Mi" - cpu: "250m" - limits: - memory: "2Gi" - cpu: "500m" - volumes: - - name: gitea-data - persistentVolumeClaim: - claimName: gitea-pvc ---- -apiVersion: v1 -kind: Service -metadata: - name: gitea-server - namespace: gitea -spec: - selector: - app.kubernetes.io/name: gitea-server - ports: - - name: http - protocol: TCP - port: 3000 - targetPort: 3000 - - name: ssh - protocol: TCP - port: 22 - targetPort: 22 - type: ClusterIP ---- -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: gitea-web - namespace: gitea -spec: - entryPoints: - - websecure - routes: - - match: Host(`gitea.apps.mngoma.lab`) - kind: Rule - services: - - name: gitea-server - port: 3000 - scheme: http - tls: {} diff --git a/kubernetes-templates/mongodb.yml b/kubernetes-templates/mongodb.yml deleted file mode 100644 index aa73a27..0000000 --- a/kubernetes-templates/mongodb.yml +++ /dev/null @@ -1,166 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: mongodb ---- -apiVersion: v1 -kind: Secret -metadata: - name: mongodb-secret - namespace: mongodb -type: Opaque -data: - root.username: YWRtaW4= - root.password: bGpUMTkx - username: YXBwdXNlcg== - password: VTNlNzRy ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: mongodb-config - namespace: mongodb -data: - database.name: "appdb" - database.replicaset: "primary" - database.port: "27017" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: mongodb-sa - namespace: mongodb ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: mongodb-role - namespace: mongodb -rules: -- apiGroups: [""] - resources: ["pods", "services", "persistentvolumeclaims", "configmaps", "secrets"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: mongodb-rolebinding - namespace: mongodb -subjects: -- kind: ServiceAccount - name: mongodb-sa - namespace: mongodb -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: mongodb-role ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: mongodb-pv -spec: - capacity: - storage: 10Gi - accessModes: - - ReadWriteOnce - storageClassName: local-pvs - local: - path: /home/ansible/k3s/makhiwane/mongodb - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - lead - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: mongodb-pvc - namespace: mongodb -spec: - accessModes: - - ReadWriteOnce - storageClassName: local-pvs - resources: - requests: - storage: 10Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mongodb - namespace: mongodb -spec: - replicas: 1 - selector: - matchLabels: - app: mongodb - template: - metadata: - labels: - app: mongodb - spec: - serviceAccountName: mongodb-sa - containers: - - name: mongodb - image: mongo:6 - env: - - name: MONGO_INITDB_ROOT_USERNAME - valueFrom: - secretKeyRef: - name: mongodb-secret - key: root.username - - name: MONGO_INITDB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: mongodb-secret - key: root.password - - name: MONGO_INITDB_DATABASE - valueFrom: - configMapKeyRef: - name: mongodb-config - key: database.name - ports: - - containerPort: 27017 - volumeMounts: - - mountPath: /data/db - name: mongodb-data - volumes: - - name: mongodb-data - persistentVolumeClaim: - claimName: mongodb-pvc ---- -apiVersion: v1 -kind: Service -metadata: - name: mongodb - namespace: mongodb -spec: - type: ClusterIP - selector: - app: mongodb - ports: - - port: 27017 - targetPort: 27017 ---- -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: mongodb-ingress - namespace: mongodb -spec: - entryPoints: - - websecure - routes: - - match: Host(`mongodb.database.mngoma.lab`) - kind: Rule - services: - - name: mongodb - port: 27017 - tls: {} \ No newline at end of file diff --git a/kubernetes-templates/portainer.yml b/kubernetes-templates/portainer.yml deleted file mode 100644 index f021f54..0000000 --- a/kubernetes-templates/portainer.yml +++ /dev/null @@ -1,127 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: portainer ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: portainer-sa - namespace: portainer ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: portainer-admin-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: portainer-sa - namespace: portainer ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: portainer-pv - labels: - type: local -spec: - capacity: - storage: 10Gi - accessModes: - - ReadWriteOnce - storageClassName: local-pvs - local: - path: /home/ansible/k3s/makhiwane/portainer - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - lead - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: portainer-pvc - namespace: portainer -spec: - accessModes: - - ReadWriteOnce - storageClassName: local-pvs - resources: - requests: - storage: 10Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: portainer - namespace: portainer -spec: - replicas: 1 - selector: - matchLabels: - app: portainer - template: - metadata: - labels: - app: portainer - spec: - serviceAccountName: portainer-sa - containers: - - name: portainer - image: portainer/portainer-ce:2.33.2 - ports: - - containerPort: 9000 - - containerPort: 9443 - volumeMounts: - - name: data - mountPath: /data - volumes: - - name: data - persistentVolumeClaim: - claimName: portainer-pvc ---- -apiVersion: v1 -kind: Service -metadata: - name: portainer - namespace: portainer -spec: - type: ClusterIP - selector: - app: portainer - ports: - - name: http - protocol: TCP - port: 9000 - targetPort: 9000 - - name: https - protocol: TCP - port: 9443 - targetPort: 9443 ---- -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: portainer-dashboard - namespace: portainer -spec: - entryPoints: - - websecure - routes: - - match: Host(`portainer.apps.mngoma.lab`) - kind: Rule - services: - - name: portainer - port: 9000 - scheme: http - tls: {} diff --git a/kubernetes-templates/postgresql.yml b/kubernetes-templates/postgresql.yml deleted file mode 100644 index 58dc952..0000000 --- a/kubernetes-templates/postgresql.yml +++ /dev/null @@ -1,149 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: postgresql ---- -apiVersion: v1 -kind: Secret -metadata: - name: postgresql-secret - namespace: postgresql -type: Opaque -data: - username: cm9vdA== - password: Mmh2MTdL ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: postgresql-sa - namespace: postgresql ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: postgresql-role - namespace: postgresql -rules: -- apiGroups: [""] - resources: ["pods", "services", "persistentvolumeclaims", "configmaps", "secrets"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: postgresql-rolebinding - namespace: postgresql -subjects: -- kind: ServiceAccount - name: postgresql-sa - namespace: postgresql -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: postgresql-role ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: postgresql-pv -spec: - capacity: - storage: 10Gi - accessModes: - - ReadWriteOnce - storageClassName: local-pvs - local: - path: /home/ansible/k3s/makhiwane/postgresql - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - lead - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: postgresql-pvc - namespace: postgresql -spec: - accessModes: - - ReadWriteOnce - storageClassName: local-pvs - resources: - requests: - storage: 10Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: postgresql - namespace: postgresql -spec: - replicas: 1 - selector: - matchLabels: - app: postgresql - template: - metadata: - labels: - app: postgresql - spec: - serviceAccountName: postgresql-sa - containers: - - name: postgresql - image: postgres:16 - env: - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: postgresql-secret - key: username - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: postgresql-secret - key: password - ports: - - containerPort: 5432 - volumeMounts: - - mountPath: /var/lib/postgresql/data - name: postgresql-data - volumes: - - name: postgresql-data - persistentVolumeClaim: - claimName: postgresql-pvc ---- -apiVersion: v1 -kind: Service -metadata: - name: postgresql - namespace: postgresql -spec: - type: ClusterIP - selector: - app: postgresql - ports: - - port: 5432 - targetPort: 5432 ---- -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: postgresql-ingress - namespace: postgresql -spec: - entryPoints: - - websecure - routes: - - match: Host(`postgresql.database.mngoma.lab`) - kind: Rule - services: - - name: postgresql - port: 5432 - tls: {} \ No newline at end of file diff --git a/kubernetes-templates/redis.yml b/kubernetes-templates/redis.yml deleted file mode 100644 index 6f64beb..0000000 --- a/kubernetes-templates/redis.yml +++ /dev/null @@ -1,107 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: redis ---- -apiVersion: v1 -kind: Secret -metadata: - name: redis-secret - namespace: redis -type: Opaque -data: - username: YWRtaW4= - password: NjI4akZL ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: redis-sa - namespace: redis ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: redis-role - namespace: redis -rules: -- apiGroups: [""] - resources: ["pods", "services"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: redis-rolebinding - namespace: redis -subjects: -- kind: ServiceAccount - name: redis-sa - namespace: redis -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: redis-role ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: redis - namespace: redis -spec: - replicas: 1 - selector: - matchLabels: - app: redis - template: - metadata: - labels: - app: redis - spec: - serviceAccountName: redis-sa - containers: - - name: redis - image: redis:7 - ports: - - containerPort: 6379 - env: - - name: REDIS_USERNAME - valueFrom: - secretKeyRef: - name: redis-secret - key: username - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-secret - key: password ---- -apiVersion: v1 -kind: Service -metadata: - name: redis - namespace: redis -spec: - type: ClusterIP - selector: - app: redis - ports: - - port: 6379 - targetPort: 6379 ---- -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: redis-ingress - namespace: redis -spec: - entryPoints: - - websecure - routes: - - match: Host(`redis.database.mngoma.lab`) - kind: Rule - services: - - name: redis - port: 6379 - tls: {} \ No newline at end of file diff --git a/kubernetes-templates/registry-ui.yml b/kubernetes-templates/registry-ui.yml deleted file mode 100644 index 5e2e8e5..0000000 --- a/kubernetes-templates/registry-ui.yml +++ /dev/null @@ -1,163 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: registry-ui ---- -apiVersion: v1 -kind: Secret -metadata: - name: registry-credentials - namespace: registry-ui -type: Opaque -data: - username: YXBwX3VzZXI= - password: MTIzNDU= ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: registry-ui-pv - namespace: registry-ui -spec: - capacity: - storage: 2Gi - accessModes: - - ReadWriteOnce - storageClassName: local-pvs - local: - path: /home/ansible/k3s/makhiwane/registry-ui - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - lead - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: registry-ui-pvc - namespace: registry-ui -spec: - accessModes: - - ReadWriteOnce - storageClassName: local-pvs - resources: - requests: - storage: 2Gi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: registry-ui - namespace: registry-ui -spec: - replicas: 1 - selector: - matchLabels: - app: registry-ui - template: - metadata: - labels: - app: registry-ui - spec: - containers: - - name: registry-ui - image: joxit/docker-registry-ui:main - ports: - - containerPort: 80 - env: - - name: SINGLE_REGISTRY - value: "true" - - name: REGISTRY_TITLE - value: "Docker Registry UI" - - name: DELETE_IMAGES - value: "true" - - name: SHOW_CONTENT_DIGEST - value: "true" - - name: SHOW_CATALOG_NB_TAGS - value: "true" - - name: CATALOG_MIN_BRANCHES - value: "1" - - name: CATALOG_MAX_BRANCHES - value: "1" - - name: TAGLIST_PAGE_SIZE - value: "100" - - name: REGISTRY_SECURED - value: "false" - - name: CATALOG_ELEMENTS_LIMIT - value: "1000" - - name: NGINX_PROXY_PASS_URL - value: "http://registry-server.registry.svc.cluster.local:5000" - - name: REGISTRY_AUTH_USER - valueFrom: - secretKeyRef: - name: registry-credentials - key: username - - name: REGISTRY_AUTH_PASS - valueFrom: - secretKeyRef: - name: registry-credentials - key: password - volumeMounts: - - name: registry-ui-data - mountPath: /data - resources: - requests: - memory: "256Mi" - cpu: "250m" - limits: - memory: "512Mi" - cpu: "500m" - volumes: - - name: registry-ui-data - persistentVolumeClaim: - claimName: registry-ui-pvc ---- -apiVersion: v1 -kind: Service -metadata: - name: registry-ui - namespace: registry-ui -spec: - selector: - app: registry-ui - ports: - - port: 80 - targetPort: 80 - type: ClusterIP ---- -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: registry-ui-ingress - namespace: registry-ui -spec: - entryPoints: - - websecure - routes: - - match: Host(`registry-ui.apps.mngoma.lab`) - kind: Rule - services: - - name: registry-ui - port: 80 - tls: {} ---- -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: registry-ui-insecure - namespace: registry-ui -spec: - entryPoints: - - web - routes: - - match: Host(`registry-ui.apps.mngoma.lab`) - kind: Rule - services: - - name: registry-ui - port: 80 diff --git a/kubernetes-templates/registry.yml b/kubernetes-templates/registry.yml deleted file mode 100644 index 7624bfd..0000000 --- a/kubernetes-templates/registry.yml +++ /dev/null @@ -1,170 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: registry ---- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: registry-pv - namespace: registry -spec: - capacity: - storage: 20Gi - accessModes: - - ReadWriteOnce - storageClassName: local-pvs - local: - path: /home/ansible/k3s/makhiwane/registry - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - lead - persistentVolumeReclaimPolicy: Retain ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: registry-pvc - namespace: registry -spec: - accessModes: - - ReadWriteOnce - storageClassName: local-pvs - resources: - requests: - storage: 20Gi ---- -apiVersion: v1 -kind: Secret -metadata: - name: registry-http-secret - namespace: registry -type: Opaque -data: - http-secret: ZDlmOTNjOGEyMmQ2NDMyZWE4YTMwYTBkNDc5ZjBhMWY= ---- -apiVersion: v1 -kind: Secret -metadata: - name: registry-basic-auth - namespace: registry -type: Opaque -data: - users: YXBwX3VzZXI6JGFwcjEkMTIzNDUk ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: registry - namespace: registry -spec: - replicas: 1 - selector: - matchLabels: - app: registry - template: - metadata: - labels: - app: registry - spec: - containers: - - name: registry - image: registry:2.8.2 - ports: - - containerPort: 5000 - name: http - env: - - name: REGISTRY_STORAGE_DELETE_ENABLED - value: "true" - - name: REGISTRY_HTTP_SECRET - valueFrom: - secretKeyRef: - name: registry-http-secret - key: http-secret - - name: REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin - value: '["https://registry-ui.apps.mngoma.lab","https://registry.apps.mngoma.lab"]' - - name: REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods - value: '["HEAD","GET","OPTIONS","DELETE","PUT","POST"]' - - name: REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials - value: '["true"]' - - name: REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers - value: '["Authorization","Accept","Cache-Control","Content-Type","X-Requested-With"]' - - name: REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers - value: '["Docker-Content-Digest"]' - volumeMounts: - - name: registry-data - mountPath: /var/lib/registry - resources: - requests: - memory: "256Mi" - cpu: "250m" - limits: - memory: "512Mi" - cpu: "500m" - volumes: - - name: registry-data - persistentVolumeClaim: - claimName: registry-pvc ---- -apiVersion: v1 -kind: Service -metadata: - name: registry-server - namespace: registry -spec: - selector: - app: registry - ports: - - name: http - port: 5000 - targetPort: 5000 - type: ClusterIP ---- -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: registry-server-ingress - namespace: registry -spec: - entryPoints: - - websecure - routes: - - match: Host(`registry.apps.mngoma.lab`) - kind: Rule - middlewares: - - name: registry-basic-auth - services: - - name: registry-server - port: 5000 - tls: {} ---- -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: registry-server-insecure - namespace: registry -spec: - entryPoints: - - web - routes: - - match: Host(`registry.apps.mngoma.lab`) - kind: Rule - services: - - name: registry-server - port: 5000 ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: registry-basic-auth - namespace: registry -spec: - basicAuth: - secret: registry-basic-auth - removeHeader: true diff --git a/kubernetes-templates/whoami.yml b/kubernetes-templates/whoami.yml index 70b4afd..d6c7f83 100644 --- a/kubernetes-templates/whoami.yml +++ b/kubernetes-templates/whoami.yml @@ -10,29 +10,6 @@ metadata: name: whoami-sa namespace: whoami --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: whoami-role - namespace: whoami -rules: -- apiGroups: [""] - resources: ["pods", "services"] - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: whoami-rolebinding - namespace: whoami -subjects: -- kind: ServiceAccount - name: whoami-sa -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: whoami-role ---- apiVersion: apps/v1 kind: Deployment metadata: @@ -48,10 +25,17 @@ spec: labels: app: whoami spec: - serviceAccountName: whoami-sa - containers: + serviceAccountName: whoami-sa + containers: - name: whoami image: traefik/whoami + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 50m + memory: 64Mi ports: - containerPort: 80 --- @@ -61,7 +45,7 @@ metadata: name: whoami namespace: whoami spec: - type: ClusterIP + type: NodePort selector: app: whoami ports: @@ -69,20 +53,4 @@ spec: protocol: TCP port: 80 targetPort: 80 ---- -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: whoami-web - namespace: whoami -spec: - entryPoints: - - websecure - routes: - - match: Host(`whoami.apps.mngoma.lab`) - kind: Rule - services: - - name: whoami - port: 80 - scheme: http - tls: {} \ No newline at end of file + nodePort: 31002 \ No newline at end of file