diff --git a/kubernetes/lianalabs/apps/games/kustomization.yaml b/kubernetes/lianalabs/apps/games/kustomization.yaml new file mode 100644 index 0000000..d55fc8e --- /dev/null +++ b/kubernetes/lianalabs/apps/games/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./namespace.yaml + #- ./minecraft/ks.yaml diff --git a/kubernetes/lianalabs/apps/games/minecraft/app/helmrelease.yaml b/kubernetes/lianalabs/apps/games/minecraft/app/helmrelease.yaml new file mode 100644 index 0000000..11b16fb --- /dev/null +++ b/kubernetes/lianalabs/apps/games/minecraft/app/helmrelease.yaml @@ -0,0 +1,120 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app minecraft +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.5.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + dependsOn: + - name: volsync + namespace: volsync-system + values: + controllers: + minecraft: + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: ghcr.io/itzg/minecraft-server + tag: 2024.10.2@sha256:8bd119f65ef6e65bdb12f756bfb44a305b36b1adf868ade8027014fabc29c755 + env: + TZ: ${TIMEZONE} + AUTOPAUSE_TIMEOUT_EST: 600 + AUTOPAUSE_TIMEOUT_INIT: 300 + DIFFICULTY: normal + ENABLE_AUTOPAUSE: TRUE + ENABLE_WHITELIST: true + EULA: true + FORCE_GAMEMODE: true + ICON: https://i.ibb.co/q7PkGt4/shoujomagical.png + JVM_XX_OPTS: "-XX:MaxRAMPercentage=75" + MAX_BUILD_HEIGHT: 320 + MAX_TICK_TIME: -1 + MAX_WORLD_SIZE: 29999984 + MEMORY: 8192M + MODE: survival + MOTD: "Minecraft Server" + OVERRIDE_ICON: TRUE + PAPER_CHANNEL: experimental + SERVER_NAME: Shoujo Magical Gamers + SKIP_SUDO: true + SPAWN_PROTECTION: 0 + SPIGET_RESOURCES: 36618 + TYPE: PAPER + VERSION: "1.21" + VIEW_DISTANCE: 12 + envFrom: + - secretRef: + name: minecraft-secret + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + memory: 8192Mi + securityContext: + allowPrivilegeEscalation: true + readOnlyRootFilesystem: true + capabilities: + add: ["NET_RAW"] + drop: ["ALL"] + probes: + liveness: &probe + enabled: true + custom: true + spec: + periodSeconds: 60 + exec: &probeexec { command: ["mc-health"] } + readiness: *probe + startup: + <<: *probe + spec: + initialDelaySeconds: 30 + periodSeconds: 1 + failureThreshold: 300 + exec: *probeexec + pod: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + runAsNonRoot: true + fsGroup: 1000 + fsGroupChangePolicy: Always + service: + app: + controller: minecraft + annotations: + external-dns.alpha.kubernetes.io/hostname: "minecraft.${SECRET_EXTERNAL_DOMAIN}" + external-dns.alpha.kubernetes.io/target: "mc-router.${SECRET_EXTERNAL_DOMAIN}" + mc-router.itzg.me/externalServerName: minecraft.${SECRET_EXTERNAL_DOMAIN} + ports: + minecraft: + port: 25565 + persistence: + data: + existingClaim: minecraft + globalMounts: + - path: /data + tmp: + type: emptyDir + medium: Memory + globalMounts: + - path: /tmp diff --git a/kubernetes/lianalabs/apps/games/minecraft/app/kustomization.yaml b/kubernetes/lianalabs/apps/games/minecraft/app/kustomization.yaml new file mode 100644 index 0000000..16a6ce3 --- /dev/null +++ b/kubernetes/lianalabs/apps/games/minecraft/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./secret.sops.yaml + - ./helmrelease.yaml diff --git a/kubernetes/lianalabs/apps/games/minecraft/app/resources/shoujomagical.png b/kubernetes/lianalabs/apps/games/minecraft/app/resources/shoujomagical.png new file mode 100644 index 0000000..c115bfe Binary files /dev/null and b/kubernetes/lianalabs/apps/games/minecraft/app/resources/shoujomagical.png differ diff --git a/kubernetes/lianalabs/apps/games/minecraft/app/secret.sops.yaml b/kubernetes/lianalabs/apps/games/minecraft/app/secret.sops.yaml new file mode 100644 index 0000000..0619109 --- /dev/null +++ b/kubernetes/lianalabs/apps/games/minecraft/app/secret.sops.yaml @@ -0,0 +1,29 @@ +# yamllint disable +kind: Secret +apiVersion: v1 +type: Opaque +metadata: + name: minecraft-secret +stringData: + OPS: null + WHITELIST: null +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzY003SDgrU0JpcGxvaVZZ + OTdXcTgyVitmYk5tMGF3cVpsNkNsRHhyR2tzCmJUNWRYM2V6SG5VNU1seFovZEs0 + UnJ4K2o4ejBtL01KUnRRVW1udWRLblUKLS0tIGVWUUtnL2kxOThtcnA0VW5WSk9P + R2dOOXozc2ZFZm9DOGVqNnNlTWh3amsKx0xCZTnekhyPX6hqGBPe2iNkKGPMPWCq + vFnuh4T1EKl3ckU0yhU4cxk1KrBuFCaboPYLgTJ5kkjvtgUV2rg+9A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-24T19:27:41Z" + mac: ENC[AES256_GCM,data:kxWbQtrVby8Nj1X1nHoS86RcL5O8x4tikbcJSLpnSoN1UXjXo3QqoHQ1eYVXMuQu58s+SgPkSF6XSTfVRDwLIGia0fzJ87c7QxGvlQsdkzXwtP0SqrSyEIhnge/rOsRhfm7B89cwhmIxISHXIIORBh3RNEdrDQBHIUFhEhUj5j8=,iv:OYnkzOkVWr8DTUyhbWinrVhe6pL8W/zKW0ufkMe8Vfk=,tag:1/Ud7OHz09QEl/CtaoMSmg==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.1 diff --git a/kubernetes/lianalabs/apps/games/minecraft/ks.yaml b/kubernetes/lianalabs/apps/games/minecraft/ks.yaml new file mode 100644 index 0000000..028634e --- /dev/null +++ b/kubernetes/lianalabs/apps/games/minecraft/ks.yaml @@ -0,0 +1,52 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app minecraft + namespace: flux-system +spec: + targetNamespace: games + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: traefik + path: ./kubernetes/lianalabs/apps/games/minecraft/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-gitops + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substitute: + APP: *app +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app mc-router + namespace: flux-system +spec: + targetNamespace: games + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: traefik + path: ./kubernetes/lianalabs/apps/games/minecraft/mc-router + prune: true + sourceRef: + kind: GitRepository + name: k8s-gitops + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substitute: + APP: *app diff --git a/kubernetes/lianalabs/apps/games/minecraft/mc-router/helmrelease.yaml b/kubernetes/lianalabs/apps/games/minecraft/mc-router/helmrelease.yaml new file mode 100644 index 0000000..8405056 --- /dev/null +++ b/kubernetes/lianalabs/apps/games/minecraft/mc-router/helmrelease.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app mc-router +spec: + interval: 30m + chart: + spec: + chart: mc-router + version: 1.2.3 + sourceRef: + kind: HelmRepository + name: itzg + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + values: + services: + minecraft: + type: LoadBalancer + annotations: + external-dns.alpha.kubernetes.io/hostname: "mc-router.${SECRET_EXTERNAL_DOMAIN}" + lbipam.cilium.io/ips: "${LB_MINECRAFT}" diff --git a/kubernetes/lianalabs/apps/games/minecraft/mc-router/kustomization.yaml b/kubernetes/lianalabs/apps/games/minecraft/mc-router/kustomization.yaml new file mode 100644 index 0000000..17cbc72 --- /dev/null +++ b/kubernetes/lianalabs/apps/games/minecraft/mc-router/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/lianalabs/apps/games/namespace.yaml b/kubernetes/lianalabs/apps/games/namespace.yaml new file mode 100644 index 0000000..c40e183 --- /dev/null +++ b/kubernetes/lianalabs/apps/games/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: games + labels: + kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/kubernetes/lianalabs/apps/home/kustomization.yaml b/kubernetes/lianalabs/apps/home/kustomization.yaml index eb3f61b..3624416 100644 --- a/kubernetes/lianalabs/apps/home/kustomization.yaml +++ b/kubernetes/lianalabs/apps/home/kustomization.yaml @@ -6,3 +6,5 @@ resources: - ./namespace.yaml - ./actual/ks.yaml - ./stirling-pdf/ks.yaml + - ./pairdrop/ks.yaml + - ./pingvin/ks.yaml diff --git a/kubernetes/lianalabs/apps/home/pairdrop/app/helmrelease.yaml b/kubernetes/lianalabs/apps/home/pairdrop/app/helmrelease.yaml new file mode 100644 index 0000000..e1eaf57 --- /dev/null +++ b/kubernetes/lianalabs/apps/home/pairdrop/app/helmrelease.yaml @@ -0,0 +1,84 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app pairdrop +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.5.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + values: + controllers: + pairdrop: + replicas: 1 + strategy: RollingUpdate + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: ghcr.io/schlagmichdoch/pairdrop + tag: v1.10.10@sha256:89a19e22de00843cb47a81f95bdb68c7fa5c1357b318e571419004b6b3618252 + env: + TZ: ${TIMEZONE} + resources: + requests: + cpu: 5m + memory: 50M + limits: + memory: 250M + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + service: + app: + controller: pairdrop + ports: + http: + port: 3000 + ingress: + app: + className: traefik + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Home + gethomepage.dev/name: Pairdrop + gethomepage.dev/description: File transfers + gethomepage.dev/icon: pairdrop + hosts: + - host: &host "pairdrop.${SECRET_INTERNAL_DOMAIN}" + paths: + - path: / + service: + identifier: app + port: http + tls: + - hosts: + - *host + secretName: "pairdrop-tls" + persistence: + cache: + type: emptyDir + globalMounts: + - path: /root/.npm/_cacache + logs: + type: emptyDir + globalMounts: + - path: /root/.npm/_logs diff --git a/kubernetes/lianalabs/apps/home/pairdrop/app/kustomization.yaml b/kubernetes/lianalabs/apps/home/pairdrop/app/kustomization.yaml new file mode 100644 index 0000000..17cbc72 --- /dev/null +++ b/kubernetes/lianalabs/apps/home/pairdrop/app/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/lianalabs/apps/home/pairdrop/ks.yaml b/kubernetes/lianalabs/apps/home/pairdrop/ks.yaml new file mode 100644 index 0000000..b7e21e5 --- /dev/null +++ b/kubernetes/lianalabs/apps/home/pairdrop/ks.yaml @@ -0,0 +1,26 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app pairdrop + namespace: flux-system +spec: + targetNamespace: home + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: traefik + path: ./kubernetes/lianalabs/apps/home/pairdrop/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-gitops + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substitute: + APP: *app diff --git a/kubernetes/lianalabs/apps/home/pingvin/app/helmrelease.yaml b/kubernetes/lianalabs/apps/home/pingvin/app/helmrelease.yaml new file mode 100644 index 0000000..a54d980 --- /dev/null +++ b/kubernetes/lianalabs/apps/home/pingvin/app/helmrelease.yaml @@ -0,0 +1,98 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app pingvin +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.5.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + values: + controllers: + pingvin: + replicas: 1 + strategy: RollingUpdate + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: stonith404/pingvin-share + tag: v1.5.0@sha256:6ab8c404a24a48767ba73955bc9b4c44e48307a39aab8ea74ddf351de0f2e280 + env: + TZ: ${TIMEZONE} + TRUST_PROXY: true + resources: + requests: + cpu: 5m + memory: 50M + limits: + memory: 250M + service: + app: + controller: pingvin + ports: + http: + port: 3000 + backend: + port: 8080 + ingress: + app: + className: traefik + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Home + gethomepage.dev/name: Pingvin + gethomepage.dev/description: File share + gethomepage.dev/icon: pingvin + hosts: + - host: &host "share.${SECRET_EXTERNAL_DOMAIN}" + paths: + - path: / + service: + identifier: app + port: http + tls: + - hosts: + - *host + secretName: "pingvin-tls" + external: + className: traefik-external + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + hosts: + - host: &host "share.${SECRET_EXTERNAL_DOMAIN}" + paths: + - path: / + service: + identifier: app + port: 8080 + tls: + - hosts: + - *host + secretName: "pingvin-tls" + persistence: + data: + storageClass: local-nvme + accessMode: ReadWriteOnce + size: 32Gi + retain: true + globalMounts: + - path: /opt/app/backend/data/data + - path: /opt/app/frontend/public/img diff --git a/kubernetes/lianalabs/apps/home/pingvin/app/kustomization.yaml b/kubernetes/lianalabs/apps/home/pingvin/app/kustomization.yaml new file mode 100644 index 0000000..17cbc72 --- /dev/null +++ b/kubernetes/lianalabs/apps/home/pingvin/app/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/lianalabs/apps/home/pingvin/ks.yaml b/kubernetes/lianalabs/apps/home/pingvin/ks.yaml new file mode 100644 index 0000000..6ebfc5d --- /dev/null +++ b/kubernetes/lianalabs/apps/home/pingvin/ks.yaml @@ -0,0 +1,26 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app pingvin + namespace: flux-system +spec: + targetNamespace: home + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: traefik + path: ./kubernetes/lianalabs/apps/home/pingvin/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-gitops + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substitute: + APP: *app diff --git a/kubernetes/lianalabs/apps/labs/homepage/app/helmrelease.yaml b/kubernetes/lianalabs/apps/labs/homepage/app/helmrelease.yaml index 9fd831c..7684ac3 100644 --- a/kubernetes/lianalabs/apps/labs/homepage/app/helmrelease.yaml +++ b/kubernetes/lianalabs/apps/labs/homepage/app/helmrelease.yaml @@ -20,6 +20,7 @@ spec: upgrade: cleanupOnFail: true remediation: + strategy: rollback retries: 3 values: controllers: diff --git a/kubernetes/lianalabs/apps/labs/netbox/app/helmrelease.yaml b/kubernetes/lianalabs/apps/labs/netbox/app/helmrelease.yaml index 08c9ba2..8b709ba 100644 --- a/kubernetes/lianalabs/apps/labs/netbox/app/helmrelease.yaml +++ b/kubernetes/lianalabs/apps/labs/netbox/app/helmrelease.yaml @@ -118,7 +118,7 @@ spec: annotations: cert-manager.io/cluster-issuer: "letsencrypt-production" gethomepage.dev/enabled: "true" - gethomepage.dev/group: Services + gethomepage.dev/group: Observability gethomepage.dev/name: NetBox gethomepage.dev/description: Network documentation gethomepage.dev/icon: netbox diff --git a/kubernetes/lianalabs/flux/repositories/helm/itzg.yaml b/kubernetes/lianalabs/flux/repositories/helm/itzg.yaml new file mode 100644 index 0000000..aa60eda --- /dev/null +++ b/kubernetes/lianalabs/flux/repositories/helm/itzg.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: itzg + namespace: flux-system +spec: + interval: 2h + url: https://itzg.github.io/minecraft-server-charts/ diff --git a/kubernetes/lianalabs/flux/repositories/helm/kustomization.yaml b/kubernetes/lianalabs/flux/repositories/helm/kustomization.yaml index b2f7a08..e466db4 100644 --- a/kubernetes/lianalabs/flux/repositories/helm/kustomization.yaml +++ b/kubernetes/lianalabs/flux/repositories/helm/kustomization.yaml @@ -10,6 +10,7 @@ resources: - ./cloudnative-pg.yaml - ./coredns.yaml - ./grafana.yaml + - ./itzg.yaml - ./jetstack.yaml - ./k8tz.yaml - ./metrics-server.yaml diff --git a/kubernetes/lianalabs/flux/vars/cluster-settings.yaml b/kubernetes/lianalabs/flux/vars/cluster-settings.yaml index 4bd012e..d033dd3 100644 --- a/kubernetes/lianalabs/flux/vars/cluster-settings.yaml +++ b/kubernetes/lianalabs/flux/vars/cluster-settings.yaml @@ -22,3 +22,4 @@ data: LB_TRAEFIK: 10.28.12.100 LB_TRAEFIK_EXTERNAL: 10.28.12.101 LB_POSTGRES: 10.28.12.102 + LB_MINECRAFT: 10.28.12.103