MngomaLab/cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Khwezi Mngoma
2026-02-22 16:43:17 +02:00
commit 0410dc3950
94 changed files with 9739 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
k3s-cluster/stacks/CoreDNS.yml Normal file
View File

@@ -0,0 +1,46 @@
apiVersion: v1
data:
Corefile: |
mngoma.lab:53 {
forward . dns.mngoma.lab
}
.:53 {
errors
health
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
}
hosts /etc/coredns/NodeHosts {
ttl 60
reload 15s
fallthrough
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
import /etc/coredns/custom/*.override
}
import /etc/coredns/custom/*.server
NodeHosts: |
192.168.1.155 lead
192.168.1.157 worker1
kind: ConfigMap
metadata:
annotations:
objectset.rio.cattle.io/applied: H4sIAAAAAAAA/4yQwWrzMBCEX0Xs2fEf20nsX9BDybH02lMva2kdq1Z2g6SkBJN3L8IUCiVtbyNGOzvfzoAn90IhOmHQcKmgAIsJQc+wl0CD8wQaSr1t1PzKSilFIUiIix4JfRoXHQjtdZHTuafAlCgq488xUSi9wK2AybEFDXvhwR2e8QQFHCnh50ZkloTJCcf8lP6NTIqUyuCkNJiSp9LJP5czoLjryztTWB0uE2iYmvjFuVSFenJsHx6tFf41gvGY6Y0Eshz/9D2e0OSZfIJVvMZExwzusSf/I9SIcQQNvaG6a+r/XVdV7abBddPtsN9W66Eedi0N7aberM22zaHf6t0tcPsIAAD//8Ix+PfoAQAA
objectset.rio.cattle.io/id: ""
objectset.rio.cattle.io/owner-gvk: k3s.cattle.io/v1, Kind=Addon
objectset.rio.cattle.io/owner-name: coredns
objectset.rio.cattle.io/owner-namespace: kube-system
creationTimestamp: "2025-09-29T14:41:54Z"
labels:
objectset.rio.cattle.io/hash: bce283298811743a0386ab510f2f67ef74240c57
name: coredns
namespace: kube-system
resourceVersion: "480"
uid: ed00243e-0e5c-4a6a-9f3c-41e9ba6fa6d8

46
k3s-cluster/stacks/CoreDNS.yml.bak Normal file
View File

@@ -0,0 +1,46 @@
apiVersion: v1
data:
Corefile: |
mngoma.lab:53 {
forward . dns.mngoma.lab
}
.:53 {
errors
health
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
}
hosts /etc/coredns/NodeHosts {
ttl 60
reload 15s
fallthrough
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
import /etc/coredns/custom/*.override
}
import /etc/coredns/custom/*.server
NodeHosts: |
192.168.1.155 lead
192.168.1.157 worker1
kind: ConfigMap
metadata:
annotations:
objectset.rio.cattle.io/applied: H4sIAAAAAAAA/4yQwWrzMBCEX0Xs2fEf20nsX9BDybH02lMva2kdq1Z2g6SkBJN3L8IUCiVtbyNGOzvfzoAn90IhOmHQcKmgAIsJQc+wl0CD8wQaSr1t1PzKSilFIUiIix4JfRoXHQjtdZHTuafAlCgq488xUSi9wK2AybEFDXvhwR2e8QQFHCnh50ZkloTJCcf8lP6NTIqUyuCkNJiSp9LJP5czoLjryztTWB0uE2iYmvjFuVSFenJsHx6tFf41gvGY6Y0Eshz/9D2e0OSZfIJVvMZExwzusSf/I9SIcQQNvaG6a+r/XVdV7abBddPtsN9W66Eedi0N7aberM22zaHf6t0tcPsIAAD//8Ix+PfoAQAA
objectset.rio.cattle.io/id: ""
objectset.rio.cattle.io/owner-gvk: k3s.cattle.io/v1, Kind=Addon
objectset.rio.cattle.io/owner-name: coredns
objectset.rio.cattle.io/owner-namespace: kube-system
creationTimestamp: "2025-09-28T11:07:44Z"
labels:
objectset.rio.cattle.io/hash: bce283298811743a0386ab510f2f67ef74240c57
name: coredns
namespace: kube-system
resourceVersion: "474"
uid: 21a101b3-48c7-4004-918b-e17fbb55fd2f

152
k3s-cluster/stacks/dashy.yaml Normal file
View File

@@ -0,0 +1,152 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: dashy
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashy-sa
namespace: dashy
---
apiVersion: v1
kind: ConfigMap
metadata:
name: dashy-config
namespace: dashy
data:
config.yaml: |
appConfig:
title: "Mngoma"
description: "Welcome to mngoma lab, click where you may"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: dashy-role
namespace: dashy
rules:
- apiGroups: [""]
resources: ["pods", "services", "endpoints", "configmaps"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: dashy-rolebinding
namespace: dashy
subjects:
- kind: ServiceAccount
name: dashy-sa
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dashy-role
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: dashy-pv
labels:
type: local
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
local:
path: /home/ansible/k3s/makhiwane/dashy
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- lead
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: dashy-pvc
namespace: dashy
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: dashy
namespace: dashy
spec:
replicas: 1
selector:
matchLabels:
app: dashy
template:
metadata:
labels:
app: dashy
spec:
serviceAccountName: dashy-sa
containers:
- name: dashy
image: lissy93/dashy:latest
ports:
- containerPort: 8080
volumeMounts:
- name: dashy-data
mountPath: /app/public
- name: dashy-config
mountPath: /app/public/conf.yml
subPath: config.yaml
volumes:
- name: dashy-data
persistentVolumeClaim:
claimName: dashy-pvc
- name: dashy-config
configMap:
name: dashy-config
items:
- key: config.yaml
path: config.yaml
---
apiVersion: v1
kind: Service
metadata:
name: dashy
namespace: dashy
spec:
type: ClusterIP
selector:
app: dashy
ports:
- name: web
protocol: TCP
port: 80
targetPort: 8080
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: dashy-web
namespace: dashy
spec:
entryPoints:
- websecure
routes:
- match: Host(`dashboard.apps.mngoma.lab`)
kind: Rule
services:
- name: dashy
port: 80
scheme: http
tls: {}

321
k3s-cluster/stacks/droneci.yml Normal file
View File

@@ -0,0 +1,321 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: droneci
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: droneci-sa
namespace: droneci
---
apiVersion: v1
kind: ConfigMap
metadata:
name: droneci-config
namespace: droneci
data:
server.domain: "droneci.apps.mngoma.lab"
server.proto: "https"
server.runnername: "drone_runner"
server.runnernetworks: "default"
server.runnercapacity: "2"
database.type: "postgres"
database.host: "192.168.1.137:5432"
database.name: "dronecim"
gitea.server: "https://gitea.apps.mngoma.lab"
---
apiVersion: v1
kind: Secret
metadata:
name: droneci-secret
namespace: droneci
type: Opaque
data:
server.rpctoken: MDFLNlFHTkE4VEMxQjJGVzNGV0JSWDJFNE4=
database.username: YXBwX3VzZXI=
database.password: MTIzNDU=
database.connectstring: cG9zdGdyZXM6Ly9hcHBfdXNlcjoxMjM0NUAxOTIuMTY4LjEuMTM3OjU0MzIvZHJvbmVjaW0/c3NsbW9kZT1kaXNhYmxl
gitea.clientid: MGRiNTliZDAtMGI3Ni00ODgxLThhODQtNjI0N2ZlYTExOTcz
gitea.clientsecret: Z3RvX3l6bXB6NmJvZG52cmRnMnM1MmVmNWF1c3ozZTYzNGdyeTc0MjJqZ2hwd3ZnbGc2M2JtcnE=
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: droneci-role
namespace: droneci
rules:
- apiGroups: [""]
resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "configmaps", "secrets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: droneci-rolebinding
namespace: droneci
subjects:
- kind: ServiceAccount
name: droneci-sa
namespace: droneci
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: droneci-role
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: drone-runner-role
namespace: droneci
rules:
- apiGroups: [""]
resources: ["pods", "pods/exec", "services", "endpoints", "configmaps", "secrets", "persistentvolumeclaims"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["apps"]
resources: ["deployments", "replicasets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: drone-runner-rolebinding
namespace: droneci
subjects:
- kind: ServiceAccount
name: droneci-sa
namespace: droneci
roleRef:
kind: Role
name: drone-runner-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: droneci-pv
labels:
type: local
spec:
capacity:
storage: 10Gi
accessModes: ["ReadWriteOnce"]
storageClassName: local-pvs
local:
path: /home/ansible/k3s/makhiwane/droneci
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values: ["lead"]
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: droneci-pvc
namespace: droneci
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: local-pvs
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone
namespace: droneci
labels:
app.kubernetes.io/name: drone
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: drone
template:
metadata:
labels:
app.kubernetes.io/name: drone
spec:
hostAliases:
- ip: "192.168.1.160"
hostnames:
- "gitea.apps.mngoma.lab"
- "droneci.apps.mngoma.lab"
serviceAccountName: droneci-sa
containers:
- name: drone
image: drone/drone:latest
ports:
- containerPort: 80
name: http
env:
- name: DRONE_SERVER_HOST
valueFrom:
configMapKeyRef:
name: droneci-config
key: server.domain
- name: DRONE_SERVER_PROTO
valueFrom:
configMapKeyRef:
name: droneci-config
key: server.proto
- name: DRONE_SERVER_PORT
value: ":80"
- name: DRONE_TLS_AUTOCERT
value: "false"
- name: DRONE_LOGS_DEBUG
value: "true"
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: droneci-secret
key: server.rpctoken
- name: DRONE_DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: droneci-config
key: database.type
- name: DRONE_DATABASE_DATASOURCE
valueFrom:
secretKeyRef:
name: droneci-secret
key: database.connectstring
- name: DRONE_DB_USER
valueFrom:
secretKeyRef:
name: droneci-secret
key: database.username
- name: DRONE_DB_PASS
valueFrom:
secretKeyRef:
name: droneci-secret
key: database.password
- name: DRONE_GITEA_SERVER
valueFrom:
configMapKeyRef:
name: droneci-config
key: gitea.server
- name: DRONE_GITEA_CLIENT_ID
valueFrom:
secretKeyRef:
name: droneci-secret
key: gitea.clientid
- name: DRONE_GITEA_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: droneci-secret
key: gitea.clientsecret
- name: DRONE_GITEA_SKIP_VERIFY
value: "true"
readinessProbe:
httpGet:
path: /healthz
port: 80
initialDelaySeconds: 20
periodSeconds: 10
failureThreshold: 3
livenessProbe:
httpGet:
path: /healthz
port: 80
initialDelaySeconds: 30
periodSeconds: 20
failureThreshold: 3
volumeMounts:
- name: drone-storage
mountPath: /data
volumes:
- name: drone-storage
persistentVolumeClaim:
claimName: droneci-pvc
---
apiVersion: v1
kind: Service
metadata:
name: drone-server
namespace: droneci
spec:
selector:
app.kubernetes.io/name: drone
ports:
- name: http
port: 80
targetPort: 80
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: drone-runner
namespace: droneci
labels:
app.kubernetes.io/name: drone-runner
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: drone-runner
template:
metadata:
labels:
app.kubernetes.io/name: drone-runner
spec:
hostAliases:
- ip: "192.168.1.160"
hostnames:
- "gitea.apps.mngoma.lab"
- "droneci.apps.mngoma.lab"
serviceAccountName: droneci-sa
containers:
- name: runner
image: drone/drone-runner-kube:latest
ports:
- containerPort: 3000
env:
- name: DRONE_RPC_HOST
value: drone-server.droneci.svc.cluster.local
- name: DRONE_RPC_PROTO
value: "http"
- name: DRONE_RPC_SECRET
valueFrom:
secretKeyRef:
name: droneci-secret
key: server.rpctoken
- name: DRONE_RUNNER_NAME
valueFrom:
configMapKeyRef:
name: droneci-config
key: server.runnername
- name: DRONE_RUNNER_CAPACITY
valueFrom:
configMapKeyRef:
name: droneci-config
key: server.runnercapacity
- name: DRONE_RUNNER_NETWORKS
valueFrom:
configMapKeyRef:
name: droneci-config
key: server.runnernetworks
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: droneci-web
namespace: droneci
spec:
entryPoints:
- websecure
routes:
- match: Host(`droneci.apps.mngoma.lab`)
kind: Rule
services:
- name: drone-server
port: 80
scheme: http
tls: {}

201
k3s-cluster/stacks/gitea.yml Normal file
View File

@@ -0,0 +1,201 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: gitea
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitea-sa
namespace: gitea
---
apiVersion: v1
kind: ConfigMap
metadata:
name: gitea-config
namespace: gitea
data:
server.domain: "gitea.apps.mngoma.lab"
server.rooturl: "https://gitea.apps.mngoma.lab"
database.type: "postgres"
database.host: "192.168.1.137:5432"
database.name: "giteam"
---
apiVersion: v1
kind: Secret
metadata:
name: gitea-secret
namespace: gitea
type: Opaque
data:
database.username: YXBwX3VzZXI=
database.password: MTIzNDU=
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: gitea-role
namespace: gitea
rules:
- apiGroups: [""]
resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "configmaps", "secrets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: gitea-rolebinding
namespace: gitea
subjects:
- kind: ServiceAccount
name: gitea-sa
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: gitea-role
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: gitea-pv
labels:
type: local
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
local:
path: /home/ansible/k3s/makhiwane/gitea
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- lead
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gitea-pvc
namespace: gitea
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea
namespace: gitea
labels:
app.kubernetes.io/name: gitea-server
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: gitea-server
template:
metadata:
labels:
app.kubernetes.io/name: gitea-server
spec:
serviceAccountName: gitea-sa
containers:
- name: gitea
image: gitea/gitea:1.21.4
ports:
- containerPort: 3000
- containerPort: 22
volumeMounts:
- name: gitea-data
mountPath: /data
env:
- name: USER_UID
value: "1000"
- name: USER_GID
value: "1000"
- name: GITEA_SERVER_ROOT_URL
valueFrom:
configMapKeyRef:
name: gitea-config
key: server.rooturl
- name: GITEA_SERVER_DOMAIN
valueFrom:
configMapKeyRef:
name: gitea-config
key: server.domain
- name: GITEA__database__TYPE
valueFrom:
configMapKeyRef:
name: gitea-config
key: database.type
- name: GITEA__database__HOST
valueFrom:
configMapKeyRef:
name: gitea-config
key: database.host
- name: GITEA__database__USER
valueFrom:
secretKeyRef:
name: gitea-secret
key: database.username
- name: GITEA__database__PASSWD
valueFrom:
secretKeyRef:
name: gitea-secret
key: database.password
- name: GITEA__database__NAME
valueFrom:
configMapKeyRef:
name: gitea-config
key: database.name
volumes:
- name: gitea-data
persistentVolumeClaim:
claimName: gitea-pvc
---
apiVersion: v1
kind: Service
metadata:
name: gitea-server
namespace: gitea
spec:
selector:
app.kubernetes.io/name: gitea-server
ports:
- name: http
protocol: TCP
port: 3000
targetPort: 3000
- name: ssh
protocol: TCP
port: 22
targetPort: 22
type: ClusterIP
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: gitea-web
namespace: gitea
spec:
entryPoints:
- websecure
routes:
- match: Host(`gitea.apps.mngoma.lab`)
kind: Rule
services:
- name: gitea-server
port: 3000
scheme: http
tls: {}

156
k3s-cluster/stacks/mariadb.yml Normal file
View File

@@ -0,0 +1,156 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: mariadb
---
apiVersion: v1
kind: Secret
metadata:
name: mariadb-secret
namespace: mariadb
type: Opaque
data:
root.password: UDRvMzBB
database.username: cm9vdA==
database.password: NXBFMjZa
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: mariadb-sa
namespace: mariadb
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: mariadb-role
namespace: mariadb
rules:
- apiGroups: [""]
resources: ["pods", "services", "persistentvolumeclaims", "configmaps", "secrets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: mariadb-rolebinding
namespace: mariadb
subjects:
- kind: ServiceAccount
name: mariadb-sa
namespace: mariadb
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: mariadb-role
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: mariadb-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
local:
path: /home/ansible/k3s/makhiwane/mariadb
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- lead
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mariadb-pvc
namespace: mariadb
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mariadb
namespace: mariadb
spec:
replicas: 1
selector:
matchLabels:
app: mariadb
template:
metadata:
labels:
app: mariadb
spec:
serviceAccountName: mariadb-sa
containers:
- name: mariadb
image: mariadb:11
restartPolicy: Always
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mariadb-secret
key: root.password
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: mariadb-secret
key: database.username
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: mariadb-secret
key: database.password
ports:
- containerPort: 3306
volumeMounts:
- mountPath: /var/lib/mysql
name: mariadb-data
volumes:
- name: mariadb-data
persistentVolumeClaim:
claimName: mariadb-pvc
---
apiVersion: v1
kind: Service
metadata:
name: mariadb
namespace: mariadb
spec:
type: ClusterIP
selector:
app: mariadb
ports:
- port: 3306
targetPort: 3306
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mariadb-ingress
namespace: mariadb
spec:
entryPoints:
- websecure
routes:
- match: Host(`mariadb.database.mngoma.lab`)
kind: Rule
services:
- name: mariadb
port: 3306
tls: {}

166
k3s-cluster/stacks/mongodb.yml Normal file
View File

@@ -0,0 +1,166 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: mongodb
---
apiVersion: v1
kind: Secret
metadata:
name: mongodb-secret
namespace: mongodb
type: Opaque
data:
root.username: YWRtaW4=
root.password: bGpUMTkx
username: YXBwdXNlcg==
password: VTNlNzRy
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mongodb-config
namespace: mongodb
data:
database.name: "appdb"
database.replicaset: "primary"
database.port: "27017"
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: mongodb-sa
namespace: mongodb
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: mongodb-role
namespace: mongodb
rules:
- apiGroups: [""]
resources: ["pods", "services", "persistentvolumeclaims", "configmaps", "secrets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: mongodb-rolebinding
namespace: mongodb
subjects:
- kind: ServiceAccount
name: mongodb-sa
namespace: mongodb
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: mongodb-role
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: mongodb-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
local:
path: /home/ansible/k3s/makhiwane/mongodb
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- lead
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mongodb-pvc
namespace: mongodb
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongodb
namespace: mongodb
spec:
replicas: 1
selector:
matchLabels:
app: mongodb
template:
metadata:
labels:
app: mongodb
spec:
serviceAccountName: mongodb-sa
containers:
- name: mongodb
image: mongo:6
env:
- name: MONGO_INITDB_ROOT_USERNAME
valueFrom:
secretKeyRef:
name: mongodb-secret
key: root.username
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mongodb-secret
key: root.password
- name: MONGO_INITDB_DATABASE
valueFrom:
configMapKeyRef:
name: mongodb-config
key: database.name
ports:
- containerPort: 27017
volumeMounts:
- mountPath: /data/db
name: mongodb-data
volumes:
- name: mongodb-data
persistentVolumeClaim:
claimName: mongodb-pvc
---
apiVersion: v1
kind: Service
metadata:
name: mongodb
namespace: mongodb
spec:
type: ClusterIP
selector:
app: mongodb
ports:
- port: 27017
targetPort: 27017
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: mongodb-ingress
namespace: mongodb
spec:
entryPoints:
- websecure
routes:
- match: Host(`mongodb.database.mngoma.lab`)
kind: Rule
services:
- name: mongodb
port: 27017
tls: {}

196
k3s-cluster/stacks/nextcloud.yml Normal file
View File

@@ -0,0 +1,196 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: nextcloud
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nextcloud-config
namespace: nextcloud
data:
server.trusteddomains: "nextcloud.apps.mngoma.lab"
database.createdbuser: "false"
database.host: "192.168.1.137"
database.name: "nextcloud"
---
apiVersion: v1
kind: Secret
metadata:
name: nextcloud-secret
namespace: nextcloud
type: Opaque
data:
root.username: a2h3ZXpp
root.password: QmxhY2tzdGFyMkBob21l
database.username: YXBwX3VzZXI=
database.password: MTIzNDU=
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nextcloud-sa
namespace: nextcloud
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: nextcloud-role
namespace: nextcloud
rules:
- apiGroups: [""]
resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "configmaps", "secrets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: nextcloud-rolebinding
namespace: nextcloud
subjects:
- kind: ServiceAccount
name: nextcloud-sa
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nextcloud-role
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nextcloud-pv
labels:
type: local
spec:
capacity:
storage: 20Gi
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
local:
path: /home/ansible/k3s/makhiwane/nextcloud
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- lead
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-pvc
namespace: nextcloud
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
resources:
requests:
storage: 20Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud
namespace: nextcloud
spec:
replicas: 1
selector:
matchLabels:
app: nextcloud
template:
metadata:
labels:
app: nextcloud
spec:
serviceAccountName: nextcloud-sa
containers:
- name: nextcloud
image: nextcloud:27.1.7
ports:
- containerPort: 80
volumeMounts:
- name: nextcloud-data
mountPath: /var/www/html
env:
- name: NEXTCLOUD_ADMIN_USER
valueFrom:
secretKeyRef:
name: nextcloud-secret
key: root.username
- name: NEXTCLOUD_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud-secret
key: root.password
- name: NEXTCLOUD_TRUSTED_DOMAINS
valueFrom:
configMapKeyRef:
name: nextcloud-config
key: server.trusteddomains
- name: POSTGRES_HOST
valueFrom:
configMapKeyRef:
name: nextcloud-config
key: database.host
- name: POSTGRES_DB
valueFrom:
configMapKeyRef:
name: nextcloud-config
key: database.name
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: nextcloud-secret
key: database.username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud-secret
key: database.password
- name: NC_SETUP_CREATE_DB_USER
valueFrom:
configMapKeyRef:
name: nextcloud-config
key: database.createdbuser
volumes:
- name: nextcloud-data
persistentVolumeClaim:
claimName: nextcloud-pvc
---
apiVersion: v1
kind: Service
metadata:
name: nextcloud
namespace: nextcloud
spec:
type: ClusterIP
selector:
app: nextcloud
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: nextcloud-web
namespace: nextcloud
spec:
entryPoints:
- websecure
routes:
- match: Host(`nextcloud.apps.mngoma.lab`)
kind: Rule
services:
- name: nextcloud
port: 80
scheme: http
tls: {}

101
k3s-cluster/stacks/nosqlclient.yml Normal file
View File

@@ -0,0 +1,101 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: nosqlclient
---
apiVersion: v1
kind: Secret
metadata:
name: nosqlclient-secret
namespace: nosqlclient
type: Opaque
data:
mongodb-uri: bW9uZ29kYjovL2FkbWluOkJsYWNrc3RhcjIlNDBob21lQGRhdGFiYXNlLm1uZ29tYS5sYWI6MjcwMTcvYWRtaW4=
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nosqlclient-sa
namespace: nosqlclient
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: nosqlclient-role
namespace: nosqlclient
rules:
- apiGroups: [""]
resources: ["pods", "services", "persistentvolumeclaims", "configmaps", "secrets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: nosqlclient-rolebinding
namespace: nosqlclient
subjects:
- kind: ServiceAccount
name: nosqlclient-sa
namespace: nosqlclient
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nosqlclient-role
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nosqlclient
namespace: nosqlclient
spec:
replicas: 1
selector:
matchLabels:
app: nosqlclient
template:
metadata:
labels:
app: nosqlclient
spec:
serviceAccountName: nosqlclient-sa
containers:
- name: nosqlclient
image: mongoclient/mongoclient:latest
env:
- name: MONGO_URL
valueFrom:
secretKeyRef:
name: nosqlclient-secret
key: mongodb-uri
ports:
- containerPort: 3000
---
apiVersion: v1
kind: Service
metadata:
name: nosqlclient
namespace: nosqlclient
spec:
type: ClusterIP
selector:
app: nosqlclient
ports:
- port: 3000
targetPort: 3000
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: nosqlclient-ingress
namespace: nosqlclient
spec:
entryPoints:
- websecure
routes:
- match: Host(`mongodb.apps.mngoma.lab`)
kind: Rule
services:
- name: nosqlclient
port: 3000
tls: {}

159
k3s-cluster/stacks/pgadmin.yml Normal file
View File

@@ -0,0 +1,159 @@
apiVersion: v1
kind: Namespace
metadata:
name: pgadmin
---
apiVersion: v1
kind: ConfigMap
metadata:
name: pgadmin-config
namespace: pgadmin
data:
server.email: "khwezi@mngoma.lab"
---
apiVersion: v1
kind: Secret
metadata:
name: pgadmin-secret
namespace: pgadmin
type: Opaque
data:
server.password: M3pDQTQz
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pgadmin-sa
namespace: pgadmin
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: pgadmin-role
namespace: pgadmin
rules:
- apiGroups: [""]
resources: ["pods", "services", "persistentvolumeclaims", "configmaps", "secrets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: pgadmin-rolebinding
namespace: pgadmin
subjects:
- kind: ServiceAccount
name: pgadmin-sa
namespace: pgadmin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: pgadmin-role
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pgadmin-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
local:
path: /home/ansible/k3s/makhiwane/pgadmin
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- lead
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pgadmin-pvc
namespace: pgadmin
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pgadmin
namespace: pgadmin
spec:
replicas: 1
selector:
matchLabels:
app: pgadmin
template:
metadata:
labels:
app: pgadmin
spec:
serviceAccountName: pgadmin-sa
securityContext:
runAsUser: 5050
runAsGroup: 5050
fsGroup: 5050
containers:
- name: pgadmin
image: dpage/pgadmin4:latest
ports:
- containerPort: 80
volumeMounts:
- name: pgadmin-data
mountPath: /var/lib/pgadmin
env:
- name: PGADMIN_DEFAULT_EMAIL
valueFrom:
configMapKeyRef:
name: pgadmin-config
key: server.email
- name: PGADMIN_DEFAULT_PASSWORD
valueFrom:
secretKeyRef:
name: pgadmin-secret
key: server.password
volumes:
- name: pgadmin-data
persistentVolumeClaim:
claimName: pgadmin-pvc
---
apiVersion: v1
kind: Service
metadata:
name: pgadmin
namespace: pgadmin
spec:
type: ClusterIP
selector:
app: pgadmin
ports:
- port: 80
targetPort: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: pgadmin-ingress
namespace: pgadmin
spec:
entryPoints:
- websecure
routes:
- match: Host(`pgadmin.apps.mngoma.lab`)
kind: Rule
services:
- name: pgadmin
port: 80
tls: {}

126
k3s-cluster/stacks/phpmyadmin.yml Normal file
View File

@@ -0,0 +1,126 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: phpmyadmin
---
apiVersion: v1
kind: ConfigMap
metadata:
name: phpmyadmin-config
namespace: phpmyadmin
data:
database.address: "192.168.1.137"
database.port: "3306"
---
apiVersion: v1
kind: Secret
metadata:
name: mysql-secret
namespace: phpmyadmin
type: Opaque
data:
username: cm9vdA==
password: QmxhY2tzdGFyMkBob21l
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: phpmyadmin-sa
namespace: phpmyadmin
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: phpmyadmin-role
namespace: phpmyadmin
rules:
- apiGroups: [""]
resources: ["pods", "services", "configmaps", "secrets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: phpmyadmin-rolebinding
namespace: phpmyadmin
subjects:
- kind: ServiceAccount
name: phpmyadmin-sa
namespace: phpmyadmin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: phpmyadmin-role
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: phpmyadmin
namespace: phpmyadmin
spec:
replicas: 1
selector:
matchLabels:
app: phpmyadmin
template:
metadata:
labels:
app: phpmyadmin
spec:
serviceAccountName: phpmyadmin-sa
containers:
- name: phpmyadmin
image: phpmyadmin/phpmyadmin:latest
ports:
- containerPort: 80
env:
- name: PMA_HOST
valueFrom:
configMapKeyRef:
name: phpmyadmin-config
key: database.address
- name: PMA_PORT
valueFrom:
configMapKeyRef:
name: phpmyadmin-config
key: database.port
- name: PMA_USER
valueFrom:
secretKeyRef:
name: mysql-secret
key: username
- name: PMA_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-secret
key: password
---
apiVersion: v1
kind: Service
metadata:
name: phpmyadmin
namespace: phpmyadmin
spec:
type: ClusterIP
selector:
app: phpmyadmin
ports:
- port: 80
targetPort: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: phpmyadmin-ingress
namespace: phpmyadmin
spec:
entryPoints:
- websecure
routes:
- match: Host(`phpmyadmin.apps.mngoma.lab`)
kind: Rule
services:
- name: phpmyadmin
port: 80
tls: {}

127
k3s-cluster/stacks/portainer.yml Normal file
View File

@@ -0,0 +1,127 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: portainer
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: portainer-sa
namespace: portainer
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: portainer-admin-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: portainer-sa
namespace: portainer
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: portainer-pv
labels:
type: local
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
local:
path: /home/ansible/k3s/makhiwane/portainer
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- lead
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: portainer-pvc
namespace: portainer
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: portainer
namespace: portainer
spec:
replicas: 1
selector:
matchLabels:
app: portainer
template:
metadata:
labels:
app: portainer
spec:
serviceAccountName: portainer-sa
containers:
- name: portainer
image: portainer/portainer-ce:2.33.2
ports:
- containerPort: 9000
- containerPort: 9443
volumeMounts:
- name: data
mountPath: /data
volumes:
- name: data
persistentVolumeClaim:
claimName: portainer-pvc
---
apiVersion: v1
kind: Service
metadata:
name: portainer
namespace: portainer
spec:
type: ClusterIP
selector:
app: portainer
ports:
- name: http
protocol: TCP
port: 9000
targetPort: 9000
- name: https
protocol: TCP
port: 9443
targetPort: 9443
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: portainer-dashboard
namespace: portainer
spec:
entryPoints:
- websecure
routes:
- match: Host(`portainer.apps.mngoma.lab`)
kind: Rule
services:
- name: portainer
port: 9000
scheme: http
tls: {}

149
k3s-cluster/stacks/postgresql.yml Normal file
View File

@@ -0,0 +1,149 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: postgresql
---
apiVersion: v1
kind: Secret
metadata:
name: postgresql-secret
namespace: postgresql
type: Opaque
data:
username: cm9vdA==
password: Mmh2MTdL
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: postgresql-sa
namespace: postgresql
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: postgresql-role
namespace: postgresql
rules:
- apiGroups: [""]
resources: ["pods", "services", "persistentvolumeclaims", "configmaps", "secrets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: postgresql-rolebinding
namespace: postgresql
subjects:
- kind: ServiceAccount
name: postgresql-sa
namespace: postgresql
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: postgresql-role
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: postgresql-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
local:
path: /home/ansible/k3s/makhiwane/postgresql
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- lead
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgresql-pvc
namespace: postgresql
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgresql
namespace: postgresql
spec:
replicas: 1
selector:
matchLabels:
app: postgresql
template:
metadata:
labels:
app: postgresql
spec:
serviceAccountName: postgresql-sa
containers:
- name: postgresql
image: postgres:16
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: postgresql-secret
key: username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: postgresql-secret
key: password
ports:
- containerPort: 5432
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: postgresql-data
volumes:
- name: postgresql-data
persistentVolumeClaim:
claimName: postgresql-pvc
---
apiVersion: v1
kind: Service
metadata:
name: postgresql
namespace: postgresql
spec:
type: ClusterIP
selector:
app: postgresql
ports:
- port: 5432
targetPort: 5432
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: postgresql-ingress
namespace: postgresql
spec:
entryPoints:
- websecure
routes:
- match: Host(`postgresql.database.mngoma.lab`)
kind: Rule
services:
- name: postgresql
port: 5432
tls: {}

107
k3s-cluster/stacks/redis.yml Normal file
View File

@@ -0,0 +1,107 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: redis
---
apiVersion: v1
kind: Secret
metadata:
name: redis-secret
namespace: redis
type: Opaque
data:
username: YWRtaW4=
password: NjI4akZL
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: redis-sa
namespace: redis
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: redis-role
namespace: redis
rules:
- apiGroups: [""]
resources: ["pods", "services"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: redis-rolebinding
namespace: redis
subjects:
- kind: ServiceAccount
name: redis-sa
namespace: redis
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: redis-role
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
serviceAccountName: redis-sa
containers:
- name: redis
image: redis:7
ports:
- containerPort: 6379
env:
- name: REDIS_USERNAME
valueFrom:
secretKeyRef:
name: redis-secret
key: username
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secret
key: password
---
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: redis
spec:
type: ClusterIP
selector:
app: redis
ports:
- port: 6379
targetPort: 6379
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: redis-ingress
namespace: redis
spec:
entryPoints:
- websecure
routes:
- match: Host(`redis.database.mngoma.lab`)
kind: Rule
services:
- name: redis
port: 6379
tls: {}

189
k3s-cluster/stacks/redisinsight.yml Normal file
View File

@@ -0,0 +1,189 @@
apiVersion: v1
kind: Namespace
metadata:
name: redisinsight
---
apiVersion: v1
kind: ConfigMap
metadata:
name: redisinsight-config
namespace: redisinsight
data:
database.host: "192.168.1.137"
database.port: "6379"
database.instance: "redis"
RI_LOG_LEVEL: "info"
RI_ALLOW_PRIVILEGED: "true"
RI_TELEMETRY: "false"
---
apiVersion: v1
kind: Secret
metadata:
name: redis-secret
namespace: redisinsight
type: Opaque
data:
password: NjI4akZL
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: redisinsight-sa
namespace: redisinsight
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: redisinsight-role
namespace: redisinsight
rules:
- apiGroups: [""]
resources: ["pods", "services", "persistentvolumeclaims", "configmaps", "secrets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: redisinsight-rolebinding
namespace: redisinsight
subjects:
- kind: ServiceAccount
name: redisinsight-sa
namespace: redisinsight
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: redisinsight-role
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: redisinsight-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
local:
path: /home/ansible/k3s/makhiwane/redisinsight
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- lead
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: redisinsight-pvc
namespace: redisinsight
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redisinsight
namespace: redisinsight
spec:
replicas: 1
selector:
matchLabels:
app: redisinsight
template:
metadata:
labels:
app: redisinsight
spec:
serviceAccountName: redisinsight-sa
containers:
- name: redisinsight
image: redislabs/redisinsight:latest
ports:
- containerPort: 8001
volumeMounts:
- name: redisinsight-data
mountPath: /db
env:
- name: RI_APP_HOST
value: "0.0.0.0"
- name: RI_APP_PORT
value: "8001"
- name: RI_LOG_LEVEL
valueFrom:
configMapKeyRef:
name: redisinsight-config
key: RI_LOG_LEVEL
- name: RI_ALLOW_PRIVILEGED
valueFrom:
configMapKeyRef:
name: redisinsight-config
key: RI_ALLOW_PRIVILEGED
- name: RI_TELEMETRY
valueFrom:
configMapKeyRef:
name: redisinsight-config
key: RI_TELEMETRY
- name: RI_DATABASE_0_NAME
valueFrom:
configMapKeyRef:
name: redisinsight-config
key: database.instance
- name: RI_DATABASE_0_HOST
valueFrom:
configMapKeyRef:
name: redisinsight-config
key: database.host
- name: RI_DATABASE_0_PORT
valueFrom:
configMapKeyRef:
name: redisinsight-config
key: database.port
- name: RI_DATABASE_0_PASSWORD
valueFrom:
secretKeyRef:
name: redis-secret
key: password
volumes:
- name: redisinsight-data
persistentVolumeClaim:
claimName: redisinsight-pvc
---
apiVersion: v1
kind: Service
metadata:
name: redisinsight
namespace: redisinsight
spec:
type: ClusterIP
selector:
app: redisinsight
ports:
- port: 8001
targetPort: 8001 # maybe 5540
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: redisinsight-ingress
namespace: redisinsight
spec:
entryPoints:
- websecure
routes:
- match: Host(`redisinsight.apps.mngoma.lab`)
kind: Rule
services:
- name: redisinsight
port: 8001
tls: {}

134
k3s-cluster/stacks/uptime-kuma.yml Normal file
View File

@@ -0,0 +1,134 @@
apiVersion: v1
kind: Namespace
metadata:
name: uptimekuma
---
apiVersion: v1
kind: ConfigMap
metadata:
name: uptimekuma-config
namespace: uptimekuma
data:
server.port: "3001"
server.disableusageanalytics: "true"
---
apiVersion: v1
kind: Secret
metadata:
name: uptimekuma-secret
namespace: uptimekuma
type: Opaque
data:
password: MWhEMjBn
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: uptimekuma-pv
labels:
type: local
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
local:
path: /home/ansible/k3s/makhiwane/uptimekuma
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- lead
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: uptimekuma-data
namespace: uptimekuma
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-pvs
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: uptimekuma
namespace: uptimekuma
spec:
replicas: 1
selector:
matchLabels:
app: uptimekuma
template:
metadata:
labels:
app: uptimekuma
spec:
containers:
- name: uptimekuma
image: louislam/uptime-kuma:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 3001
volumeMounts:
- mountPath: /app/data
name: uptimekuma-data
env:
- name: PORT
valueFrom:
configMapKeyRef:
name: uptimekuma-config
key: server.port
- name: server.disableusageanalytics
valueFrom:
configMapKeyRef:
name: uptimekuma-config
key: server.disableusageanalytics
- name: password
valueFrom:
secretKeyRef:
name: uptimekuma-secret
key: password
volumes:
- name: uptimekuma-data
persistentVolumeClaim:
claimName: uptimekuma-data
---
apiVersion: v1
kind: Service
metadata:
name: uptimekuma
namespace: uptimekuma
spec:
type: ClusterIP
selector:
app: uptimekuma
ports:
- name: http
port: 3001
targetPort: 3001
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: uptimekuma-ingress
namespace: uptimekuma
spec:
entryPoints:
- websecure
routes:
- match: Host(`uptimekuma.apps.mngoma.lab`)
kind: Rule
services:
- name: uptimekuma
port: 3001
tls: {}

88
k3s-cluster/stacks/whoami.yml Normal file
View File

@@ -0,0 +1,88 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: whoami
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: whoami-sa
namespace: whoami
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: whoami-role
namespace: whoami
rules:
- apiGroups: [""]
resources: ["pods", "services"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: whoami-rolebinding
namespace: whoami
subjects:
- kind: ServiceAccount
name: whoami-sa
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: whoami-role
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: whoami
namespace: whoami
spec:
replicas: 1
selector:
matchLabels:
app: whoami
template:
metadata:
labels:
app: whoami
spec:
serviceAccountName: whoami-sa
containers:
- name: whoami
image: traefik/whoami
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: whoami
namespace: whoami
spec:
type: ClusterIP
selector:
app: whoami
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: whoami-web
namespace: whoami
spec:
entryPoints:
- websecure
routes:
- match: Host(`whoami.apps.mngoma.lab`)
kind: Rule
services:
- name: whoami
port: 80
scheme: http
tls: {}