├── .gitattributes ├── .github ├── labeler.yaml ├── labels.yaml ├── lint │ ├── .markdownlint.yaml │ └── .yamllint.yaml ├── renovate-bot.json5 ├── renovate.json5 ├── renovate │ ├── autoMerge.json5 │ ├── customManagers.json5 │ ├── grafanaDashboards.json5 │ ├── groups.json5 │ ├── labels.json5 │ ├── packageRules.json5 │ └── semanticCommits.json5 └── workflows │ ├── flux-local.yaml │ ├── helmrepository-sync.yaml │ ├── label-sync.yaml │ ├── labeler.yaml │ ├── publish-schemas.yaml │ ├── publish-terraform-oci.yaml │ └── renovate.yaml ├── .gitignore ├── .sops.yaml ├── .taskfiles ├── bootstrap │ └── Taskfile.yaml ├── rook │ ├── Taskfile.yaml │ └── resources │ │ └── wipe-rook.yaml ├── sops │ └── Taskfile.yaml ├── talos │ └── Taskfile.yaml └── volsync │ ├── Taskfile.yaml │ └── resources │ ├── list-snapshots.yaml.j2 │ └── replicationdestination.yaml.j2 ├── LICENSE ├── README.md ├── Taskfile.yaml ├── hack └── move-pvc.sh ├── infrastructure ├── .gitignore ├── README.md ├── gcp-kms.tf └── terraform │ ├── downloads │ └── prowlarr │ │ ├── .terraform.lock.hcl │ │ ├── applications.tf │ │ ├── download-client.tf │ │ ├── indexer-proxy.tf │ │ ├── main.tf │ │ ├── provider.tf │ │ └── variables.tf │ ├── media │ ├── radarr │ │ ├── .terraform.lock.hcl │ │ ├── download-client.tf │ │ ├── main.tf │ │ ├── media-management.tf │ │ ├── provider.tf │ │ ├── tags.tf │ │ └── variables.tf │ └── sonarr │ │ ├── .terraform.lock.hcl │ │ ├── download-client.tf │ │ ├── main.tf │ │ ├── media-management.tf │ │ ├── provider.tf │ │ ├── tags.tf │ │ └── variables.tf │ ├── security │ └── authentik │ │ ├── .terraform.lock.hcl │ │ ├── applications.tf │ │ ├── brands.tf │ │ ├── flows.tf │ │ ├── groups.tf │ │ ├── main.tf │ │ ├── provider.tf │ │ ├── source.tf │ │ ├── stages.tf │ │ ├── system.tf │ │ ├── users.tf │ │ └── variables.tf │ └── storage │ └── volsync │ ├── .terraform.lock.hcl │ ├── bucket.tf │ ├── main.tf │ ├── provider.tf │ └── vars.tf └── kubernetes └── jsdyb-k8s-001 ├── apps ├── ai │ ├── kustomization.yaml │ ├── namespace.yaml │ └── ollama │ │ ├── app │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── pvc.yaml │ │ └── ks.yaml ├── datastore │ ├── cloudnative-pg │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── prometheusrule.yaml │ │ │ └── secret-cloudnative-pg.sops.yaml │ │ └── ks.yaml │ ├── dragonfly │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── rbac.yaml │ │ ├── cluster │ │ │ ├── cluster.yaml │ │ │ ├── kustomization.yaml │ │ │ └── podmonitor.yaml │ │ └── ks.yaml │ ├── emqx │ │ ├── cluster │ │ │ ├── cluster.yaml │ │ │ ├── config │ │ │ │ ├── init-mqtt.py │ │ │ │ └── init-users.json │ │ │ ├── httproute.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── podmonitor.yaml │ │ │ └── secret-emqx.sops.yaml │ │ ├── ks.yaml │ │ └── operator │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ ├── kustomization.yaml │ └── namespace.yaml ├── dev │ ├── actions-runner │ │ ├── controller │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── runners │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret-github-app-config.sops.yaml │ ├── atuin │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── database │ │ │ ├── kustomization.yaml │ │ │ ├── pgcluster.yaml │ │ │ └── scheduledbackup.yaml │ │ └── ks.yaml │ ├── kubernetes-schemas │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── kustomization.yaml │ ├── namespace.yaml │ └── pulumi-kubernetes-operator │ │ ├── app │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ ├── rbac.yaml │ │ └── secret-pulumi.sops.yaml │ │ └── ks.yaml ├── download │ ├── flaresolverr │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── kustomization.yaml │ ├── namespace.yaml │ ├── networkpolicy.yaml │ ├── prowlarr │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── provision │ │ │ ├── kustomization.yaml │ │ │ └── tf.yaml │ └── rdt-client │ │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ │ └── ks.yaml ├── flux-system │ ├── add-ons │ │ ├── ks.yaml │ │ ├── monitoring │ │ │ ├── dashboard │ │ │ │ └── kustomization.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── podmonitor.yaml │ │ │ └── prometheusrule.yaml │ │ └── notifications │ │ │ ├── alert.yaml │ │ │ └── kustomization.yaml │ ├── flux-operator │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── kustomizeconfig.yaml │ │ │ └── values.yaml │ │ ├── instance │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── kustomizeconfig.yaml │ │ │ ├── values.yaml │ │ │ └── webhook │ │ │ │ ├── httproute.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── receiver.yaml │ │ │ │ └── secret-github-webhook-token.sops.yaml │ │ └── ks.yaml │ ├── kustomization.yaml │ ├── namespace.yaml │ └── tf-controller │ │ ├── app │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── secret-tf-cloud-token.sops.yaml │ │ └── ks.yaml ├── gateway │ ├── envoy │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── gateway │ │ │ ├── external-certificate.yaml │ │ │ ├── gatewayclass.yaml │ │ │ ├── httproute.yaml │ │ │ ├── internal-certificate.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── private-gateway.yaml │ │ │ ├── professional-certificate.yaml │ │ │ └── public-gateway.yaml │ │ └── ks.yaml │ ├── gateway-api │ │ ├── crds │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── kustomization.yaml │ └── namespace.yaml ├── home │ ├── baby-buddy │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret-baby-buddy.sops.yaml │ │ ├── database │ │ │ ├── kustomization.yaml │ │ │ ├── pgcluster.yaml │ │ │ └── scheduledbackup.yaml │ │ └── ks.yaml │ ├── esphome │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── secret-deploy-key.sops.yaml │ │ │ └── secret-esphome.sops.yaml │ │ └── ks.yaml │ ├── hajimari │ │ ├── app │ │ │ ├── clusterrole.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── httproute.yaml │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── policy │ │ │ ├── clusterpolicy.yaml │ │ │ └── kustomization.yaml │ ├── home-assistant │ │ ├── app │ │ │ ├── config │ │ │ │ └── configuration.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── pgcluster.yaml │ │ │ ├── secret-deploy-key.sops.yaml │ │ │ └── secret-home-assistant.sops.yaml │ │ └── ks.yaml │ ├── kustomization.yaml │ ├── mealie │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── database │ │ │ ├── kustomization.yaml │ │ │ ├── pgcluster.yaml │ │ │ └── scheduledbackup.yaml │ │ └── ks.yaml │ ├── namespace.yaml │ ├── wyoming-services │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── resources │ │ │ │ ├── hey_piper.tflite │ │ │ │ ├── pre_process_map.yaml │ │ │ │ └── voice_to_speaker.yaml │ │ └── ks.yaml │ └── zigbee2mqtt │ │ ├── app │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ ├── resources │ │ │ └── lokirule.yaml │ │ └── secret-zigbee2mqtt.sops.yaml │ │ └── ks.yaml ├── media │ ├── bazarr │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── common │ │ ├── ks.yaml │ │ ├── mount │ │ │ ├── kustomization.yaml │ │ │ ├── pv.yaml │ │ │ └── pvc.yaml │ │ └── resource │ │ │ ├── dashboard │ │ │ └── kustomization.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret-starr-apps.sops.yaml │ ├── kustomization.yaml │ ├── lidarr │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── music-assistant │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── namespace.yaml │ ├── overseerr │ │ ├── app │ │ │ ├── dashboard │ │ │ │ └── kustomization.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── resources │ │ │ │ └── settings.json │ │ │ └── secret-overseerr.sops.yaml │ │ └── ks.yaml │ ├── plex-meta-manager │ │ ├── app │ │ │ ├── config │ │ │ │ ├── config.yml │ │ │ │ └── pre-rolls.yml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── pvc.yaml │ │ │ ├── scripts │ │ │ │ └── run.sh │ │ │ └── secret-plex-meta-manager.sops.yaml │ │ └── ks.yaml │ ├── plex │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── pvc.yaml │ │ │ ├── resources │ │ │ │ ├── 41-Plex-Preferences │ │ │ │ ├── lokirule.yaml │ │ │ │ └── preferences.cfg │ │ │ └── secret-plex.sops.yaml │ │ └── ks.yaml │ ├── radarr │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── provision │ │ │ ├── kustomization.yaml │ │ │ └── tf.yaml │ ├── readarr │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── recyclarr │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── resources │ │ │ │ ├── radarr.yml │ │ │ │ └── sonarr.yml │ │ └── ks.yaml │ ├── sonarr │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── provision │ │ │ ├── kustomization.yaml │ │ │ └── tf.yaml │ ├── tautulli │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── teddy-cloud │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── certs │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── unpackerr │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ └── wizarr │ │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ │ └── ks.yaml ├── mesh │ ├── istio │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── podmonitor.yaml │ │ │ └── servicemonitor.yaml │ │ └── ks.yaml │ ├── kustomization.yaml │ └── namespace.yaml ├── monitor │ ├── alertmanager │ │ ├── app │ │ │ ├── config │ │ │ │ └── alertmanager.yml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret-alertmanager.sops.yaml │ │ └── ks.yaml │ ├── grafana │ │ ├── app │ │ │ ├── dashboard │ │ │ │ ├── home.json │ │ │ │ └── kustomization.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── httproute.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret-grafana.sops.yaml │ │ └── ks.yaml │ ├── kiali │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── httproute.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── kube-prometheus-stack │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── httproute.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── rules │ │ │ │ ├── kustomization.yaml │ │ │ │ └── oom-killed.yaml │ │ │ └── scrapeconfigs │ │ │ │ ├── kustomization.yaml │ │ │ │ └── node-exporter.yaml │ │ ├── crds │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── kustomization.yaml │ ├── metrics-server │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── namespace.yaml │ └── unpoller │ │ ├── app │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── secret-unpoller.sops.yaml │ │ └── ks.yaml ├── network │ ├── blocky │ │ ├── app │ │ │ ├── dragonfly.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── pgcluster.yaml │ │ │ ├── podmonitor.yaml │ │ │ ├── resources │ │ │ │ └── config.yaml │ │ │ └── scheduledbackup.yaml │ │ └── ks.yaml │ ├── cilium │ │ ├── app │ │ │ ├── bgpconfig.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── httproute-hubble.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── kustomizeconfig.yaml │ │ │ └── values.yaml │ │ ├── gateway │ │ │ ├── external-certificate.yaml │ │ │ ├── internal-certificate.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── private-gateway.yaml │ │ │ ├── professional-certificate.yaml │ │ │ └── public-gateway.yaml │ │ └── ks.yaml │ ├── dynamic-dns │ │ ├── app │ │ │ ├── cronjob.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── role.yaml │ │ │ ├── rolebinding.yaml │ │ │ └── serviceaccount.yaml │ │ └── ks.yaml │ ├── external-dns │ │ ├── crds │ │ │ ├── crd-dnsendpoint.yaml │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ ├── private │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret-internal-dns.sops.yaml │ │ └── public │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret-external-dns.yaml │ ├── external-services │ │ ├── ks.yaml │ │ └── services │ │ │ ├── kustomization.yaml │ │ │ ├── minio.yaml │ │ │ ├── synology.yaml │ │ │ └── unifi.yaml │ ├── kustomization.yaml │ ├── multus │ │ ├── app │ │ │ ├── crd.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── rbac.yaml │ │ ├── config │ │ │ ├── kustomization.yaml │ │ │ ├── networkattachment-iot.yaml │ │ │ └── networkattachment-not.yaml │ │ └── ks.yaml │ ├── namespace.yaml │ ├── pod-gateway │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── networkpolicy.yaml │ │ │ └── secret-pod-gateway.sops.yaml │ │ └── ks.yaml │ ├── smtp-relay │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── resources │ │ │ │ └── maddy.conf │ │ │ └── secret-smtp-relay.sops.yaml │ │ └── ks.yaml │ └── tetragon │ │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── policies │ │ ├── kustomization.yaml │ │ ├── tracingpolicy-egress-tcp.yaml │ │ └── tracingpolicy-sshd.yaml ├── policy │ ├── kustomization.yaml │ ├── kyverno │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── rbac.yaml │ │ ├── ks.yaml │ │ └── policies │ │ │ ├── clusterpolicy-remove-cpu-limit.yaml │ │ │ └── kustomization.yaml │ └── namespace.yaml ├── print │ ├── kustomization.yaml │ ├── maker-management-platform │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ └── namespace.yaml ├── resume │ ├── kustomization.yaml │ ├── namespace.yaml │ └── resume │ │ ├── cv │ │ ├── certifications │ │ │ └── certs.yaml │ │ ├── experience │ │ │ ├── 20cs-usaf.yaml │ │ │ ├── 691cos-usaf.yaml │ │ │ ├── epic.yaml │ │ │ ├── second-front.yaml │ │ │ └── vmware.yaml │ │ ├── httproute.yaml │ │ ├── kustomization.yaml │ │ └── overview.yaml │ │ ├── ks.yaml │ │ └── operator │ │ ├── crd │ │ ├── bases │ │ │ ├── resumes.jefedavis.dev_certifications.yaml │ │ │ ├── resumes.jefedavis.dev_jobexperiences.yaml │ │ │ └── resumes.jefedavis.dev_profiles.yaml │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ └── patches │ │ │ ├── cainjection_in_profiles.yaml │ │ │ └── webhook_in_profiles.yaml │ │ ├── kustomization.yaml │ │ ├── manager │ │ ├── controller_manager_config.yaml │ │ ├── kustomization.yaml │ │ └── manager.yaml │ │ ├── patches │ │ ├── manager_auth_proxy_patch.yaml │ │ └── manager_config_patch.yaml │ │ ├── prometheus │ │ ├── kustomization.yaml │ │ └── monitor.yaml │ │ └── rbac │ │ ├── auth_proxy_client_clusterrole.yaml │ │ ├── auth_proxy_role.yaml │ │ ├── auth_proxy_role_binding.yaml │ │ ├── auth_proxy_service.yaml │ │ ├── kustomization.yaml │ │ ├── leader_election_role.yaml │ │ ├── leader_election_role_binding.yaml │ │ ├── profile_editor_role.yaml │ │ ├── profile_viewer_role.yaml │ │ ├── role.yaml │ │ ├── role_binding.yaml │ │ └── service_account.yaml ├── security │ ├── authentik │ │ ├── app │ │ │ ├── branding │ │ │ │ ├── davishaus-favicon.png │ │ │ │ └── davishaus-logo.svg │ │ │ ├── clusterpolicy.yaml │ │ │ ├── configmap-authentik-branding.yaml │ │ │ ├── helmrelease.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret-authentik.sops.yaml │ │ ├── database │ │ │ ├── kustomization.yaml │ │ │ ├── pgcluster.yaml │ │ │ └── scheduledbackup.yaml │ │ ├── ks.yaml │ │ └── provision │ │ │ ├── kustomization.yaml │ │ │ └── tf.yaml │ ├── cert-manager │ │ ├── app │ │ │ ├── dashboard │ │ │ │ └── kustomization.yaml │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ ├── issuers │ │ │ ├── clusterissuer-letsencrypt.yaml │ │ │ ├── clusterissuer-local.yaml │ │ │ ├── kustomization.yaml │ │ │ └── secret-cloudflare-api-token.sops.yaml │ │ └── ks.yaml │ ├── kustomization.yaml │ ├── namespace.yaml │ └── vaultwarden │ │ ├── app │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── secret-vaultwarden.sops.yaml │ │ ├── database │ │ ├── kustomization.yaml │ │ ├── pgcluster.yaml │ │ └── scheduledbackup.yaml │ │ └── ks.yaml ├── selfhosted │ ├── kustomization.yaml │ ├── namespace.yaml │ └── theme-park │ │ ├── app │ │ ├── clusterpolicy.yaml │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── resources │ │ │ └── rdt-client │ │ │ └── nord.css │ │ └── ks.yaml ├── storage │ ├── kustomization.yaml │ ├── namespace.yaml │ ├── nfs-subdir │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ ├── rook-ceph │ │ ├── cluster │ │ │ ├── helmrelease.yaml │ │ │ ├── httproute.yaml │ │ │ └── kustomization.yaml │ │ ├── ks.yaml │ │ └── operator │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ ├── snapshot-controller │ │ ├── app │ │ │ ├── helmrelease.yaml │ │ │ └── kustomization.yaml │ │ └── ks.yaml │ └── volsync │ │ ├── app │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ ├── prometheusrule.yaml │ │ └── secret-flux-volsync.sops.yaml │ │ └── ks.yaml └── system │ ├── descheduler │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ ├── generic-device-plugin │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ ├── intel-device-plugins │ ├── gpu │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ └── nodefeaturerule.yaml │ ├── ks.yaml │ └── operator │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ ├── kubelet-csr-approver │ ├── app │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ └── values.yaml │ └── ks.yaml │ ├── kustomization.yaml │ ├── namespace.yaml │ ├── node-feature-discovery │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ ├── ks.yaml │ └── rules │ │ ├── kustomization.yaml │ │ ├── nfr-google-coral.yaml │ │ ├── nfr-zigbee.yaml │ │ └── nfr-zwave.yaml │ ├── reflector │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ ├── reloader │ ├── app │ │ ├── helmrelease.yaml │ │ └── kustomization.yaml │ └── ks.yaml │ ├── spegel │ ├── app │ │ ├── helmrelease.yaml │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ └── values.yaml │ └── ks.yaml │ └── system-upgrade-controller │ ├── app │ ├── clusterpolicy.yaml │ ├── helmrelease.yaml │ ├── kustomization.yaml │ └── rbac.yaml │ ├── ks.yaml │ └── plans │ ├── kubernetes.yaml │ ├── kustomization.yaml │ └── talos.yaml ├── bootstrap ├── README.md ├── apps │ └── helmfile.yaml ├── flux │ ├── kustomization.yaml │ ├── secret-gcp-kms.sops.yaml │ └── secret-github-deploy-key.sops.yaml └── templates │ └── wipe-rook.yaml.gotmpl ├── flux ├── components │ └── volsync │ │ ├── kustomization.yaml │ │ ├── minio │ │ ├── kustomization.yaml │ │ ├── replicationdestination.yaml │ │ ├── replicationsource.yaml │ │ └── secret-minio.tmpl.yaml │ │ └── pvc.yaml ├── config │ └── cluster.yaml ├── repositories │ ├── git │ │ ├── .gitkeep │ │ ├── hajimari.yaml │ │ └── kustomization.yaml │ ├── helm │ │ ├── .gitkeep │ │ ├── actions-runner-controller.yaml │ │ ├── angelnu.yaml │ │ ├── authentik.yaml │ │ ├── backube.yaml │ │ ├── bitnami.yaml │ │ ├── bjw-s.yaml │ │ ├── cilium.yaml │ │ ├── cloudnative-pg.yaml │ │ ├── controlplaneio.yaml │ │ ├── dmahmalat.yaml │ │ ├── emberstack.yaml │ │ ├── emqx.yaml │ │ ├── envoy.yaml │ │ ├── external-secrets.yaml │ │ ├── grafana.yaml │ │ ├── hajimari.yaml │ │ ├── hashicorp.yaml │ │ ├── influxdata.yaml │ │ ├── ingress-nginx.yaml │ │ ├── intel.yaml │ │ ├── istio.yaml │ │ ├── jetstack.yaml │ │ ├── kiali.yaml │ │ ├── kubereboot.yaml │ │ ├── kubernetes-sigs-descheduler.yaml │ │ ├── kubernetes-sigs-external-dns.yaml │ │ ├── kubernetes-sigs-metrics-server.yaml │ │ ├── kubernetes-sigs-nfd.yaml │ │ ├── kubernetes-sigs-nfs-subdir.yaml │ │ ├── kustomization.yaml │ │ ├── kyverno.yaml │ │ ├── metallb.yaml │ │ ├── piraeus.yaml │ │ ├── postfinance.yaml │ │ ├── prometheus-community.yaml │ │ ├── pulumi.yaml │ │ ├── ricoberger.yaml │ │ ├── rook-ceph.yaml │ │ ├── spegel.yaml │ │ ├── stakater.yaml │ │ ├── stevehipwell.yaml │ │ ├── synology-csi.yaml │ │ ├── tofu-controller.yaml │ │ ├── weave-gitops.yaml │ │ └── zalando-postgres-operator.yaml │ ├── kustomization.yaml │ └── oci │ │ ├── .gitkeep │ │ ├── jefedavis-terraform-authentik.yaml │ │ ├── jefedavis-terraform-prowlarr.yaml │ │ ├── jefedavis-terraform-radarr.yaml │ │ ├── jefedavis-terraform-sonarr.yaml │ │ ├── jefedavis-terraform-volsync.yaml │ │ └── kustomization.yaml └── settings │ ├── configmap-cluster-settings.yaml │ ├── kustomization.yaml │ └── secret-cluster-secrets.sops.yaml ├── talos ├── README.md ├── clusterconfig │ └── .gitignore ├── talconfig.yaml ├── talenv.sops.yaml └── talsecret.sops.yaml └── templates └── volsync ├── kustomization.yaml ├── minio ├── kustomization.yaml ├── replicationdestination.yaml ├── replicationsource.yaml └── secret-minio.tmpl.yaml └── pvc.yaml /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto eol=lf 2 | *.sops.* diff=sopsdiffer 3 | *.sops.toml linguist-language=JSON 4 | -------------------------------------------------------------------------------- /.github/labeler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Areas 3 | area/docs: 4 | - changed-files: 5 | - any-glob-to-any-file: 6 | - "docs/**/*" 7 | - "README.md" 8 | area/github: 9 | - changed-files: 10 | - any-glob-to-any-file: ".github/**/*" 11 | area/kubernetes: 12 | - changed-files: 13 | - any-glob-to-any-file: "kubernetes/**/*" 14 | area/infrastructure: 15 | - changed-files: 16 | - any-glob-to-any-file: "infrastructure/**/*" 17 | area/taskfile: 18 | - changed-files: 19 | - any-glob-to-any-file: 20 | - ".taskfiles/**/*" 21 | - "Taskfile.yaml" -------------------------------------------------------------------------------- /.github/labels.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Areas 3 | - name: area/docs 4 | color: "0e8a16" 5 | - name: area/github 6 | color: "0e8a16" 7 | - name: area/kubernetes 8 | color: "0e8a16" 9 | - name: area/infrastructure 10 | color: "72ccf3" 11 | - name: area/taskfile 12 | color: "0e8a16" 13 | # Renovate Types 14 | - name: renovate/container 15 | color: "027fa0" 16 | - name: renovate/github-action 17 | color: "027fa0" 18 | - name: renovate/grafana-dashboard 19 | color: "027fa0" 20 | - name: renovate/github-release 21 | color: "027fa0" 22 | - name: renovate/helm 23 | color: "027fa0" 24 | # Semantic Types 25 | - name: type/digest 26 | color: "ffeC19" 27 | - name: type/patch 28 | color: "ffeC19" 29 | - name: type/minor 30 | color: "ff9800" 31 | - name: type/major 32 | color: "f6412d" 33 | # Uncategorized 34 | - name: community 35 | color: "370fb2" 36 | - name: hold 37 | color: "ee0701" -------------------------------------------------------------------------------- /.github/lint/.markdownlint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | default: true 3 | 4 | # MD013/line-length - Line length 5 | MD013: 6 | # Number of characters 7 | line_length: 120 8 | # Number of characters for headings 9 | heading_line_length: 80 10 | # Number of characters for code blocks 11 | code_block_line_length: 80 12 | # Include code blocks 13 | code_blocks: true 14 | # Include tables 15 | tables: true 16 | # Include headings 17 | headings: true 18 | # Include headings 19 | headers: true 20 | # Strict length checking 21 | strict: false 22 | # Stern length checking 23 | stern: false 24 | -------------------------------------------------------------------------------- /.github/lint/.yamllint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ignore: | 3 | .private/ 4 | .vscode/ 5 | *.enc.yaml 6 | *.sops.yml 7 | gotk-components.yaml 8 | extends: default 9 | rules: 10 | truthy: 11 | allowed-values: ["true", "false", "on"] 12 | comments: 13 | min-spaces-from-content: 1 14 | line-length: disable 15 | braces: 16 | min-spaces-inside: 0 17 | max-spaces-inside: 1 18 | brackets: 19 | min-spaces-inside: 0 20 | max-spaces-inside: 0 21 | indentation: enable 22 | -------------------------------------------------------------------------------- /.github/renovate-bot.json5: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "repositories": ["JefeDavis/k8s-HomeOps"] 4 | } 5 | -------------------------------------------------------------------------------- /.github/renovate/packageRules.json5: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "packageRules": [ 4 | { 5 | "description": ["Loose versioning for non-semver containers"], 6 | "matchDatasources": ["docker"], 7 | "matchPackagePatterns": ["plex"], 8 | "versioning": "loose" 9 | } 10 | ] 11 | } -------------------------------------------------------------------------------- /.github/workflows/label-sync.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json 3 | name: "Label Sync" 4 | 5 | on: 6 | workflow_dispatch: 7 | push: 8 | branches: ["main"] 9 | paths: [".github/labels.yaml"] 10 | schedule: 11 | - cron: "0 0 * * *" # Every day at midnight 12 | 13 | permissions: 14 | issues: write 15 | 16 | jobs: 17 | label-sync: 18 | name: Label Sync 19 | runs-on: ubuntu-latest 20 | steps: 21 | - name: Checkout 22 | uses: actions/checkout@v4 23 | with: 24 | sparse-checkout: .github/labels.yaml 25 | 26 | - name: Sync Labels 27 | uses: EndBug/label-sync@v2 28 | with: 29 | config-file: .github/labels.yaml 30 | delete-other-labels: true -------------------------------------------------------------------------------- /.github/workflows/labeler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json 3 | name: "Labeler" 4 | 5 | on: 6 | workflow_dispatch: 7 | pull_request_target: 8 | branches: ["main"] 9 | 10 | jobs: 11 | labeler: 12 | name: Labeler 13 | runs-on: ubuntu-latest 14 | if: ${{ github.event.pull_request.head.repo.full_name == github.repository }} 15 | steps: 16 | - name: Generate Token 17 | uses: actions/create-github-app-token@v2 18 | id: app-token 19 | with: 20 | app-id: "${{ secrets.BOT_APP_ID }}" 21 | private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" 22 | 23 | - name: Labeler 24 | uses: actions/labeler@v5 25 | with: 26 | repo-token: "${{ steps.app-token.outputs.token }}" 27 | configuration-path: .github/labeler.yaml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Editors 2 | .vscode/ 3 | 4 | # Folders 5 | ignore/ 6 | logs/ 7 | testing/ 8 | 9 | # Trash 10 | .DS_Store 11 | Thumbs.db 12 | 13 | # Binaries 14 | bin 15 | *.iso 16 | 17 | # Sops 18 | .decrypted~* 19 | 20 | # Terraform 21 | ## Local .terraform directories 22 | **/.terraform/* 23 | 24 | ## .tfstate files 25 | *.tfstate 26 | *.tfstate.* 27 | 28 | ## terraform plan output 29 | *tfplan* 30 | 31 | ## terraform variable files 32 | *.tfvars 33 | 34 | # Other files 35 | kubeconfig 36 | 37 | # Talos clusterconfigs 38 | infrastructure/talos/**/clusterconfig 39 | 40 | # Other 41 | .env 42 | *.snap 43 | setup/cluster/*cluster.yml 44 | -------------------------------------------------------------------------------- /.taskfiles/volsync/resources/list-snapshots.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: list-snapshots-{{ ENV.APP }} 6 | namespace: {{ ENV.NS }} 7 | spec: 8 | ttlSecondsAfterFinished: 3600 9 | template: 10 | metadata: 11 | labels: 12 | app.kubernetes.io/created-by: volsync 13 | spec: 14 | automountServiceAccountToken: false 15 | restartPolicy: OnFailure 16 | containers: 17 | - name: list 18 | image: docker.io/restic/restic:0.16.2 19 | args: 20 | - snapshots 21 | envFrom: 22 | - secretRef: 23 | name: {{ ENV.APP }}-volsync-minio -------------------------------------------------------------------------------- /.taskfiles/volsync/resources/replicationdestination.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: volsync.backube/v1alpha1 3 | kind: ReplicationDestination 4 | metadata: 5 | name: {{ ENV.APP }}-manual 6 | namespace: {{ ENV.NS }} 7 | spec: 8 | trigger: 9 | manual: restore-once 10 | restic: 11 | repository: {{ ENV.APP }}-volsync-secret 12 | destinationPVC: {{ ENV.CLAIM }} 13 | copyMethod: Direct 14 | storageClassName: {{ ENV.STORAGE_CLASS_NAME }} 15 | accessModes: {{ ENV.ACCESS_MODES }} 16 | previous: {{ ENV.PREVIOUS }} 17 | moverSecurityContext: 18 | runAsUser: {{ ENV.PUID }} 19 | runAsGroup: {{ ENV.PGID }} 20 | fsGroup: {{ ENV.PGID }} 21 | enableFileDeletion: true 22 | cleanupCachePVC: true 23 | cleanupTempPVC: true -------------------------------------------------------------------------------- /Taskfile.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://taskfile.dev/schema.json 3 | version: "3" 4 | 5 | set: 6 | - pipefail 7 | shopt: 8 | - globstar 9 | 10 | vars: 11 | CLUSTER: '{{.CLUSTER | default "jsdyb-k8s-001"}}' 12 | CLUSTER_DIR: "{{.ROOT_DIR}}/kubernetes/{{.CLUSTER}}" 13 | 14 | env: 15 | KUBECONFIG: "{{.CLUSTER_DIR}}/kubeconfig" 16 | # MINIJINJA_CONFIG_FILE: "{{.ROOT_DIR}}/.minijinja.toml" 17 | TALOSCONFIG: "{{.CLUSTER_DIR}}/talos/clusterconfig/talosconfig" 18 | 19 | includes: 20 | # flux: .taskfiles/flux 21 | # k8s: .taskfiles/k8s 22 | bootstrap: .taskfiles/bootstrap 23 | # postgres: .taskfiles/postgres 24 | rook: .taskfiles/rook 25 | sops: .taskfiles/sops 26 | talos: .taskfiles/talos 27 | # volsync: .taskfiles/volsync 28 | 29 | tasks: 30 | default: 31 | silent: true 32 | cmd: task --list 33 | 34 | noop: 35 | internal: true 36 | silent: true 37 | cmd: noop() { :; } 38 | -------------------------------------------------------------------------------- /infrastructure/.gitignore: -------------------------------------------------------------------------------- 1 | jsdyb-k8s-001-jsdyb-nuc-001.internal.davishaus.dev.yaml 2 | talosconfig 3 | jsdyb-k8s-001-jsdyb-nuc-002.internal.davishaus.dev.yaml 4 | jsdyb-k8s-001-jsdyb-nuc-003.internal.davishaus.dev.yaml 5 | -------------------------------------------------------------------------------- /infrastructure/terraform/downloads/prowlarr/download-client.tf: -------------------------------------------------------------------------------- 1 | resource "prowlarr_download_client_qbittorrent" "rdt-client" { 2 | name = "rdt-client" 3 | enable = true 4 | host = "rdt-client.download.svc.cluster.local" 5 | port = 6500 6 | category = "misc" 7 | } 8 | -------------------------------------------------------------------------------- /infrastructure/terraform/downloads/prowlarr/indexer-proxy.tf: -------------------------------------------------------------------------------- 1 | resource "prowlarr_tag" "flaresolverr" { 2 | label = "flaresolverr" 3 | } 4 | 5 | resource "prowlarr_indexer_proxy_flaresolverr" "flaresolverr" { 6 | host = "http://flaresolverr.download.svc.cluster.local:8191" 7 | name = "Flaresolverr" 8 | request_timeout = 60 9 | tags = [prowlarr_tag.flaresolverr.id] 10 | } 11 | -------------------------------------------------------------------------------- /infrastructure/terraform/downloads/prowlarr/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | prowlarr = { 4 | source = "devopsarr/prowlarr" 5 | version = "3.0.2" 6 | } 7 | } 8 | 9 | cloud { 10 | organization = "davishaus" 11 | workspaces { 12 | name = "prowlarr-provisioner" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /infrastructure/terraform/downloads/prowlarr/provider.tf: -------------------------------------------------------------------------------- 1 | provider "prowlarr" { 2 | url = var.prowlarr_url 3 | api_key = var.PROWLARR_API_KEY 4 | } 5 | 6 | -------------------------------------------------------------------------------- /infrastructure/terraform/media/radarr/download-client.tf: -------------------------------------------------------------------------------- 1 | resource "radarr_download_client_qbittorrent" "rdt-client" { 2 | name = "rdt-client" 3 | enable = true 4 | host = "rdt-client.download.svc.cluster.local" 5 | port = 6500 6 | movie_category = "movies" 7 | remove_completed_downloads = true 8 | } 9 | 10 | resource "radarr_remote_path_mapping" "downloads-path" { 11 | host = radarr_download_client_qbittorrent.rdt-client.host 12 | remote_path = "/data/downloads/torrents/" 13 | local_path = "/media/downloads/torrents/" 14 | } 15 | -------------------------------------------------------------------------------- /infrastructure/terraform/media/radarr/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | radarr = { 4 | source = "devopsarr/radarr" 5 | version = "2.3.2" 6 | } 7 | } 8 | 9 | cloud { 10 | organization = "davishaus" 11 | workspaces { 12 | name = "radarr-provisioner" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /infrastructure/terraform/media/radarr/provider.tf: -------------------------------------------------------------------------------- 1 | provider "radarr" { 2 | url = var.radarr_url 3 | api_key = var.RADARR_API_KEY 4 | } 5 | -------------------------------------------------------------------------------- /infrastructure/terraform/media/radarr/tags.tf: -------------------------------------------------------------------------------- 1 | resource "radarr_tag" "movie" { 2 | label = "movie" 3 | } 4 | -------------------------------------------------------------------------------- /infrastructure/terraform/media/radarr/variables.tf: -------------------------------------------------------------------------------- 1 | variable "RADARR_API_KEY" { 2 | type = string 3 | sensitive = true 4 | } 5 | 6 | variable "radarr_url" { 7 | type = string 8 | default = "http://radarr.media.svc.cluster.local:7878" 9 | } 10 | 11 | 12 | -------------------------------------------------------------------------------- /infrastructure/terraform/media/sonarr/download-client.tf: -------------------------------------------------------------------------------- 1 | resource "sonarr_download_client_qbittorrent" "rdt-client" { 2 | name = "rdt-client" 3 | enable = true 4 | host = "rdt-client.download.svc.cluster.local" 5 | port = 6500 6 | tv_category = "series" 7 | remove_completed_downloads = true 8 | } 9 | 10 | resource "sonarr_remote_path_mapping" "downloads-path" { 11 | host = sonarr_download_client_qbittorrent.rdt-client.host 12 | remote_path = "/data/downloads/torrents/" 13 | local_path = "/media/downloads/torrents/" 14 | } 15 | -------------------------------------------------------------------------------- /infrastructure/terraform/media/sonarr/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | sonarr = { 4 | source = "devopsarr/sonarr" 5 | version = "3.4.0" 6 | } 7 | } 8 | 9 | cloud { 10 | organization = "davishaus" 11 | workspaces { 12 | name = "sonarr-provisioner" 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /infrastructure/terraform/media/sonarr/provider.tf: -------------------------------------------------------------------------------- 1 | provider "sonarr" { 2 | url = var.sonarr_url 3 | api_key = var.SONARR_API_KEY 4 | } 5 | -------------------------------------------------------------------------------- /infrastructure/terraform/media/sonarr/variables.tf: -------------------------------------------------------------------------------- 1 | variable "SONARR_API_KEY" { 2 | type = string 3 | sensitive = true 4 | } 5 | 6 | variable "sonarr_url" { 7 | type = string 8 | default = "http://sonarr.media.svc.cluster.local:8989" 9 | } 10 | 11 | 12 | -------------------------------------------------------------------------------- /infrastructure/terraform/security/authentik/brands.tf: -------------------------------------------------------------------------------- 1 | data "authentik_brand" "authentik-default" { 2 | domain = "authentik-default" 3 | } 4 | 5 | resource "authentik_brand" "davishaus" { 6 | domain = var.external_domain 7 | default = false 8 | branding_title = "Davishaus" 9 | flow_authentication = authentik_flow.davishaus-authentication.uuid 10 | flow_invalidation = data.authentik_flow.default-invalidation-flow.id 11 | flow_user_settings = data.authentik_flow.default-user-settings-flow.id 12 | branding_logo = "/media/branding/davishaus-logo.svg" 13 | branding_favicon = "/media/branding/davishaus-favicon.png" 14 | } 15 | -------------------------------------------------------------------------------- /infrastructure/terraform/security/authentik/groups.tf: -------------------------------------------------------------------------------- 1 | data "authentik_group" "authentik-admins" { 2 | name = "authentik Admins" 3 | } 4 | 5 | resource "authentik_group" "groups" { 6 | for_each = var.groups 7 | name = each.value.name 8 | # parent = authentik_group.groups[each.value.parent].id 9 | is_superuser = each.value.superuser 10 | } 11 | -------------------------------------------------------------------------------- /infrastructure/terraform/security/authentik/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | authentik = { 4 | source = "goauthentik/authentik" 5 | version = "2025.2.0" 6 | } 7 | } 8 | cloud { 9 | organization = "davishaus" 10 | workspaces { 11 | name = "authentik-provisioner" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /infrastructure/terraform/security/authentik/provider.tf: -------------------------------------------------------------------------------- 1 | provider "authentik" { 2 | url = var.authentik_url 3 | token = var.AUTHENTIK_BOOTSTRAP_TOKEN 4 | insecure = true 5 | } 6 | 7 | -------------------------------------------------------------------------------- /infrastructure/terraform/security/authentik/source.tf: -------------------------------------------------------------------------------- 1 | resource "authentik_source_plex" "plex" { 2 | name = "Plex" 3 | slug = "plex" 4 | client_id = var.AUTHENTIK_PLEX_CLIENT_ID 5 | plex_token = var.AUTHENTIK_PLEX_TOKEN 6 | authentication_flow = data.authentik_flow.default-source-authentication.id 7 | enrollment_flow = data.authentik_flow.default-enrollment-flow.id 8 | user_matching_mode = "email_link" 9 | allow_friends = false 10 | allowed_servers = [ 11 | var.PLEX_SERVER_ID 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /infrastructure/terraform/security/authentik/stages.tf: -------------------------------------------------------------------------------- 1 | resource "authentik_stage_identification" "davishaus-identity-stage" { 2 | name = "davishaus-identification" 3 | user_fields = [ 4 | "username", 5 | "email" 6 | ] 7 | sources = [authentik_source_plex.plex.uuid] 8 | password_stage = data.authentik_stage.password-stage.id 9 | } 10 | 11 | data "authentik_stage" "password-stage" { 12 | name = "default-authentication-password" 13 | } 14 | 15 | data "authentik_stage" "mfa-validation-stage" { 16 | name = "default-authentication-mfa-validation" 17 | } 18 | 19 | data "authentik_stage" "user-login-stage" { 20 | name = "default-authentication-login" 21 | } 22 | -------------------------------------------------------------------------------- /infrastructure/terraform/security/authentik/system.tf: -------------------------------------------------------------------------------- 1 | data "authentik_certificate_key_pair" "default-certificate" { 2 | name = "authentik Self-signed Certificate" 3 | } 4 | 5 | data "authentik_property_mapping_provider_scope" "oauth2-scopes" { 6 | managed_list = [ 7 | "goauthentik.io/providers/oauth2/scope-email", 8 | "goauthentik.io/providers/oauth2/scope-openid", 9 | "goauthentik.io/providers/oauth2/scope-profile" 10 | ] 11 | } 12 | 13 | -------------------------------------------------------------------------------- /infrastructure/terraform/security/authentik/users.tf: -------------------------------------------------------------------------------- 1 | resource "authentik_user" "users" { 2 | for_each = var.users 3 | name = each.value.name 4 | username = each.key 5 | email = each.value.email 6 | groups = [ 7 | for desired_groups in each.value.groups : 8 | authentik_group.groups[ 9 | lookup({ 10 | for group_key, group_val in var.groups : 11 | group_key => group_key 12 | }, desired_groups, null) 13 | ].id 14 | if contains(keys(var.groups), desired_groups) 15 | ] 16 | depends_on = [authentik_group.groups] 17 | } 18 | -------------------------------------------------------------------------------- /infrastructure/terraform/storage/volsync/bucket.tf: -------------------------------------------------------------------------------- 1 | resource "b2_bucket" "volsync" { 2 | bucket_name = var.B2_BUCKET_NAME 3 | bucket_type = "allPrivate" 4 | } 5 | -------------------------------------------------------------------------------- /infrastructure/terraform/storage/volsync/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | b2 = { 4 | source = "Backblaze/b2" 5 | version = "~> 0.10.0" 6 | } 7 | } 8 | cloud { 9 | organization = "davishaus" 10 | workspaces { 11 | name = "volsync-provisioner" 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /infrastructure/terraform/storage/volsync/provider.tf: -------------------------------------------------------------------------------- 1 | provider "b2" { 2 | application_key = var.B2_APPLICATION_KEY 3 | application_key_id = var.B2_APPLICATION_KEY_ID 4 | } 5 | -------------------------------------------------------------------------------- /infrastructure/terraform/storage/volsync/vars.tf: -------------------------------------------------------------------------------- 1 | variable "B2_APPLICATION_KEY_ID" { 2 | type = string 3 | sensitive = true 4 | } 5 | 6 | variable "B2_APPLICATION_KEY" { 7 | type = string 8 | sensitive = true 9 | } 10 | 11 | variable "B2_BUCKET_NAME" { 12 | type = string 13 | } 14 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/ai/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./ollama/ks.yaml 10 | 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/ai/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: ai 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | networking.kubernetes.io/shared-gateway-access: "true" 9 | istio.io/dataplane-mode: ambient 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/ai/ollama/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: ai 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./pvc.yaml 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/ai/ollama/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: ollama-models 6 | namespace: ai 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 100Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/datastore/cloudnative-pg/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: datastore 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./secret-cloudnative-pg.sops.yaml 9 | - ./prometheusrule.yaml 10 | 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/datastore/cloudnative-pg/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: cloudnative-pg 7 | namespace: flux-system 8 | spec: 9 | interval: 10m 10 | path: "./kubernetes/${CLUSTER}/apps/datastore/cloudnative-pg/app" 11 | prune: true 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | wait: true 16 | decryption: 17 | provider: sops 18 | postBuild: 19 | substituteFrom: [] 20 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/datastore/dragonfly/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # renovate: depName=dragonflydb/dragonfly-operator datasource=github-releases 7 | - https://raw.githubusercontent.com/dragonflydb/dragonfly-operator/v1.1.8/manifests/crd.yaml 8 | - ./helmrelease.yaml 9 | - ./rbac.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/datastore/dragonfly/cluster/cluster.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: dragonflydb.io/v1alpha1 3 | kind: Dragonfly 4 | metadata: 5 | name: dragonfly 6 | spec: 7 | image: ghcr.io/dragonflydb/dragonfly:v1.28.1 8 | replicas: 3 9 | env: 10 | - name: MAX_MEMORY 11 | valueFrom: 12 | resourceFieldRef: 13 | resource: limits.memory 14 | divisor: 1Mi 15 | args: 16 | - --maxmemory=$(MAX_MEMORY)Mi 17 | - --proactor_threads=2 18 | - --cluster_mode=emulated 19 | - --lock_on_hashtags 20 | resources: 21 | requests: 22 | cpu: 100m 23 | limits: 24 | memory: 512Mi 25 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/datastore/dragonfly/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./cluster.yaml 7 | - ./podmonitor.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/datastore/dragonfly/cluster/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: dragonfly 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: dragonfly 10 | podTargetLabels: ["app"] 11 | podMetricsEndpoints: 12 | - port: admin 13 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/datastore/emqx/cluster/config/init-users.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JefeDavis/k8s-HomeOps/360a8b1a8c9e01c344042ec36aa8751c8262403d/kubernetes/jsdyb-k8s-001/apps/datastore/emqx/cluster/config/init-users.json -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/datastore/emqx/cluster/httproute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gateway.networking.k8s.io/v1 3 | kind: HTTPRoute 4 | metadata: 5 | annotations: 6 | hajimari.io/enable: "true" 7 | hajimari.io/icon: "simple-icons:mqtt" 8 | labels: 9 | app.kubernetes.io/name: &app emqx 10 | app.kubernetes.io/instance: *app 11 | app.kubernetes.io/part-of: *app 12 | name: *app 13 | namespace: datastore 14 | spec: 15 | hostnames: 16 | - emqx.${INTERNAL_DOMAIN} 17 | parentRefs: 18 | - kind: Gateway 19 | name: private-gateway 20 | namespace: gateway 21 | rules: 22 | - backendRefs: 23 | - kind: Service 24 | name: emqx-dashboard 25 | port: 18083 26 | weight: 1 27 | matches: 28 | - path: 29 | type: PathPrefix 30 | value: / 31 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/datastore/emqx/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./secret-emqx.sops.yaml 7 | - ./cluster.yaml 8 | - ./httproute.yaml 9 | - ./podmonitor.yaml 10 | configMapGenerator: 11 | - name: emqx-init-mqtt-configmap 12 | files: 13 | - ./config/init-mqtt.py 14 | generatorOptions: 15 | disableNameSuffixHash: true 16 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/datastore/emqx/cluster/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: emqx 6 | spec: 7 | selector: 8 | matchLabels: 9 | apps.emqx.io/instance: emqx 10 | apps.emqx.io/managed-by: emqx-operator 11 | podMetricsEndpoints: 12 | - port: dashboard 13 | path: /api/v5/prometheus/stats 14 | relabelings: 15 | - action: replace 16 | # user-defined cluster name, requires unique 17 | replacement: emqx5 18 | targetLabel: cluster 19 | - action: replace 20 | # fix value, don't modify 21 | replacement: emqx 22 | targetLabel: from 23 | - action: replace 24 | # fix value, don't modify 25 | sourceLabels: 26 | - pod 27 | targetLabel: instance 28 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/datastore/emqx/operator/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: emqx 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: emqx-operator 12 | version: 2.2.28 13 | sourceRef: 14 | kind: HelmRepository 15 | name: emqx 16 | namespace: flux-system 17 | install: 18 | remediation: 19 | retries: 3 20 | upgrade: 21 | cleanupOnFail: true 22 | remediation: 23 | strategy: rollback 24 | retries: 3 25 | values: 26 | fullnameOverride: emqx-operator 27 | image: 28 | repository: ghcr.io/emqx/emqx-operator 29 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/datastore/emqx/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/datastore/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./cloudnative-pg/ks.yaml 10 | - ./dragonfly/ks.yaml 11 | - ./emqx/ks.yaml 12 | 13 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/datastore/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: datastore 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | networking.kubernetes.io/shared-gateway-access: "true" 9 | istio.io/dataplane-mode: ambient -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/dev/actions-runner/controller/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: dev 6 | resources: 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/dev/actions-runner/runners/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: dev 6 | resources: 7 | - ./secret-github-app-config.sops.yaml 8 | - ./helmrelease.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/dev/atuin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/dev/atuin/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./pgcluster.yaml 7 | - ./scheduledbackup.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/dev/atuin/database/scheduledbackup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json 3 | apiVersion: postgresql.cnpg.io/v1 4 | kind: ScheduledBackup 5 | metadata: 6 | name: pg-atuin-backup 7 | spec: 8 | schedule: "@weekly" 9 | immediate: true 10 | backupOwnerReference: self 11 | cluster: 12 | name: pg-atuin 13 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/dev/kubernetes-schemas/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/dev/kubernetes-schemas/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: kubernetes-schemas 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: dev 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: &app kubernetes-schemas 13 | app.kubernetes.io/instance: *app 14 | path: ./kubernetes/${CLUSTER}/apps/dev/kubernetes-schemas/app 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | wait: true 20 | interval: 30m 21 | retryInterval: 1m 22 | timeout: 5m 23 | postBuild: 24 | substituteFrom: [] 25 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/dev/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | 6 | resources: 7 | # Pre Flux-Kustomizations 8 | - ./namespace.yaml 9 | # Flux-Kustomizations 10 | - ./actions-runner/ks.yaml 11 | - ./atuin/ks.yaml 12 | - ./kubernetes-schemas/ks.yaml 13 | - ./pulumi-kubernetes-operator/ks.yaml 14 | 15 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/dev/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: dev 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | networking.kubernetes.io/shared-gateway-access: "true" 9 | istio.io/dataplane-mode: ambient 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/dev/pulumi-kubernetes-operator/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: pulumi-kubernetes-operator 7 | spec: 8 | interval: 15m 9 | chart: 10 | spec: 11 | chart: pulumi-kubernetes-operator 12 | version: 2.0.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: pulumi-charts 16 | namespace: flux-system 17 | interval: 15m 18 | install: 19 | createNamespace: true 20 | crds: CreateReplace 21 | remediation: 22 | retries: 5 23 | upgrade: 24 | crds: CreateReplace 25 | remediation: 26 | retries: 5 27 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/dev/pulumi-kubernetes-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: dev 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./rbac.yaml 9 | - ./secret-pulumi.sops.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/dev/pulumi-kubernetes-operator/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: pulumi-flux-source-access 6 | labels: 7 | app.kubernetes.io/name: pulumi-kubernetes-operator 8 | rules: 9 | - apiGroups: 10 | - source.toolkit.fluxcd.io 11 | resources: 12 | - "*" 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | 18 | --- 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | kind: RoleBinding 21 | metadata: 22 | name: pulumi-flux-source-access 23 | labels: 24 | app.kubernetes.io/name: pulumi-kubernetes-operator 25 | roleRef: 26 | apiGroup: rbac.authorization.k8s.io 27 | kind: Role 28 | name: pulumi-flux-source-access 29 | subjects: 30 | - kind: ServiceAccount 31 | name: pulumi-kubernetes-operator 32 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/dev/pulumi-kubernetes-operator/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: pulumi-operator 7 | namespace: flux-system 8 | spec: 9 | path: ./kubernetes/${CLUSTER}/apps/dev/pulumi-kubernetes-operator/app 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: flux-system 14 | wait: true 15 | postBuild: 16 | substituteFrom: [] 17 | interval: 30m 18 | retryInterval: 1m 19 | timeout: 5m 20 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/download/flaresolverr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/download/flaresolverr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: flaresolverr 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: download 10 | path: "./kubernetes/${CLUSTER}/apps/download/flaresolverr/app" 11 | prune: true 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | wait: true 16 | interval: 30m 17 | retryInterval: 1m 18 | timeout: 5m 19 | postBuild: 20 | substituteFrom: [] 21 | dependsOn: 22 | - name: pod-gateway 23 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/download/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # - ./networkpolicy.yaml 9 | # Flux-Kustomizations 10 | - ./flaresolverr/ks.yaml 11 | - ./prowlarr/ks.yaml 12 | - ./rdt-client/ks.yaml 13 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/download/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: download 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | networking.kubernetes.io/shared-gateway-access: "true" 9 | vpn.home.arpa/routed-gateway: "true" 10 | istio.io/dataplane-mode: ambient 11 | 12 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/download/prowlarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: download 6 | resources: 7 | - ./helmrelease.yaml 8 | - ../../../../templates/volsync 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/download/prowlarr/provision/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: download 6 | resources: 7 | - ./tf.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/download/prowlarr/provision/tf.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: infra.contrib.fluxcd.io/v1alpha1 3 | kind: Terraform 4 | metadata: 5 | name: prowlarr-provisioner 6 | namespace: download 7 | spec: 8 | path: "./" 9 | interval: 10m 10 | approvePlan: auto 11 | sourceRef: 12 | kind: OCIRepository 13 | name: oci-terraform-prowlarr 14 | namespace: flux-system 15 | varsFrom: 16 | - kind: Secret 17 | name: starr-apps-secret 18 | runnerPodTemplate: 19 | metadata: 20 | labels: 21 | vpn.home.arpa/enabled: "false" 22 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/download/rdt-client/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/volsync 8 | 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/flux-system/add-ons/monitoring/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: 7 | - ./podmonitor.yaml 8 | - ./prometheusrule.yaml 9 | - ./dashboard 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/flux-system/add-ons/notifications/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./alert.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/flux-system/flux-operator/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: flux-operator 7 | spec: 8 | chart: 9 | spec: 10 | chart: flux-operator 11 | version: 0.19.0 12 | sourceRef: 13 | kind: HelmRepository 14 | name: controlplaneio 15 | namespace: flux-system 16 | interval: 30m 17 | valuesFrom: 18 | - kind: ConfigMap 19 | name: flux-operator-helm-values 20 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/flux-system/flux-operator/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: flux-operator-helm-values 9 | files: 10 | - values.yaml=./values.yaml 11 | 12 | configurations: 13 | - ./kustomizeconfig.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/flux-system/flux-operator/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/flux-system/flux-operator/app/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | serviceMonitor: 3 | create: true -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/flux-system/flux-operator/instance/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: flux-instance 7 | spec: 8 | chart: 9 | spec: 10 | chart: flux-instance 11 | version: 0.19.0 12 | sourceRef: 13 | kind: HelmRepository 14 | name: controlplaneio 15 | namespace: flux-system 16 | interval: 30m 17 | valuesFrom: 18 | - kind: ConfigMap 19 | name: flux-instance-helm-values 20 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/flux-system/flux-operator/instance/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./webhook/ 8 | 9 | configMapGenerator: 10 | - name: flux-instance-helm-values 11 | files: 12 | - values.yaml=./values.yaml 13 | 14 | configurations: 15 | - ./kustomizeconfig.yaml 16 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/flux-system/flux-operator/instance/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/flux-system/flux-operator/instance/webhook/httproute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gateway.networking.k8s.io/v1 3 | kind: HTTPRoute 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: &app webhook-receiver 7 | app.kubernetes.io/instance: *app 8 | app.kubernetes.io/part-of: flux 9 | name: *app 10 | namespace: monitor 11 | spec: 12 | hostnames: 13 | - flux-webhook.${EXTERNAL_DOMAIN} 14 | parentRefs: 15 | - kind: Gateway 16 | name: public-gateway 17 | namespace: gateway 18 | rules: 19 | - backendRefs: 20 | - kind: Service 21 | name: *app 22 | port: 80 23 | weight: 1 24 | matches: 25 | - path: 26 | type: PathPrefix 27 | value: /hook/ 28 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/flux-system/flux-operator/instance/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./secret-github-webhook-token.sops.yaml 7 | - ./httproute.yaml 8 | - ./receiver.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/flux-system/flux-operator/instance/webhook/receiver.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: notification.toolkit.fluxcd.io/v1 3 | kind: Receiver 4 | metadata: 5 | name: flux-system 6 | namespace: flux-system 7 | spec: 8 | type: github 9 | events: 10 | - ping 11 | - push 12 | secretRef: 13 | name: github-webhook-token 14 | resources: 15 | - apiVersion: source.toolkit.fluxcd.io/v1 16 | kind: GitRepository 17 | name: flux-system 18 | namespace: flux-system 19 | - apiVersion: kustomize.toolkit.fluxcd.io/v1 20 | kind: Kustomization 21 | name: cluster-apps 22 | namespace: flux-system 23 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/flux-system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./flux-operator/ks.yaml 10 | - ./add-ons/ks.yaml 11 | - ./tf-controller/ks.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/flux-system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: flux-system 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | networking.kubernetes.io/shared-gateway-access: "true" 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/flux-system/tf-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./secret-tf-cloud-token.sops.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/flux-system/tf-controller/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: tf-controller 7 | namespace: flux-system 8 | spec: 9 | path: ./kubernetes/${CLUSTER}/apps/flux-system/tf-controller/app 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: flux-system 14 | wait: true 15 | postBuild: 16 | substituteFrom: [] 17 | interval: 30m 18 | retryInterval: 1m 19 | timeout: 5m 20 | dependsOn: 21 | - name: kube-prometheus-stack-crds 22 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/gateway/envoy/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: envoy-gateway 7 | namespace: gateway 8 | spec: 9 | chart: 10 | spec: 11 | chart: gateway-helm 12 | interval: 30m 13 | sourceRef: 14 | kind: HelmRepository 15 | name: envoy 16 | namespace: flux-system 17 | version: 1.3.2 18 | interval: 30m 19 | values: 20 | deployment: 21 | envoyGateway: 22 | rbac: 23 | cluster: true 24 | replicas: 2 25 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/gateway/envoy/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/gateway/envoy/gateway/external-certificate.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: "wildcard-external" 6 | spec: 7 | secretName: "wildcard-tls-external" 8 | issuerRef: 9 | name: letsencrypt-prod 10 | kind: ClusterIssuer 11 | dnsNames: 12 | - "*.${EXTERNAL_DOMAIN}" 13 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/gateway/envoy/gateway/gatewayclass.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gateway.networking.k8s.io/v1 3 | kind: GatewayClass 4 | metadata: 5 | name: envoy 6 | spec: 7 | controllerName: gateway.envoyproxy.io/gatewayclass-controller 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/gateway/envoy/gateway/httproute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gateway.networking.k8s.io/v1 3 | kind: HTTPRoute 4 | metadata: 5 | name: https-redirect 6 | spec: 7 | parentRefs: 8 | - name: internal-gateway 9 | namespace: gateway 10 | sectionName: internal-http 11 | rules: 12 | - filters: 13 | - requestRedirect: 14 | scheme: https 15 | statusCode: 301 16 | type: RequestRedirect 17 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/gateway/envoy/gateway/internal-certificate.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: "wildcard-internal" 6 | spec: 7 | secretName: "wildcard-tls-internal" 8 | issuerRef: 9 | name: letsencrypt-prod 10 | kind: ClusterIssuer 11 | dnsNames: 12 | - "*.${INTERNAL_DOMAIN}" 13 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/gateway/envoy/gateway/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network 6 | resources: 7 | - ./external-certificate.yaml 8 | - ./internal-certificate.yaml 9 | - ./professional-certificate.yaml 10 | - ./gatewayclass.yaml 11 | - ./private-gateway.yaml 12 | - ./public-gateway.yaml 13 | - ./httproute.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/gateway/envoy/gateway/professional-certificate.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: "wildcard-professional" 6 | spec: 7 | secretName: "wildcard-tls-professional" 8 | issuerRef: 9 | name: letsencrypt-prod 10 | kind: ClusterIssuer 11 | dnsNames: 12 | - "*.${PROFESSIONAL_DOMAIN}" 13 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/gateway/gateway-api/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: gateway-api-crds 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: gateway 10 | interval: 10m 11 | path: "./kubernetes/${CLUSTER}/apps/gateway/gateway-api/crds" 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | decryption: 17 | provider: sops 18 | wait: true 19 | postBuild: 20 | substituteFrom: [] -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/gateway/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./gateway-api/ks.yaml 10 | - ./envoy/ks.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/gateway/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: gateway 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | networking.kubernetes.io/shared-gateway-access: "true" 9 | istio.io/dataplane-mode: ambient 10 | 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/home/baby-buddy/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret-baby-buddy.sops.yaml 8 | - ../../../../templates/volsync 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/home/baby-buddy/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./pgcluster.yaml 7 | - ./scheduledbackup.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/home/baby-buddy/database/scheduledbackup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json 3 | apiVersion: postgresql.cnpg.io/v1 4 | kind: ScheduledBackup 5 | metadata: 6 | name: pg-baby-buddy-backup 7 | spec: 8 | schedule: "@weekly" 9 | immediate: true 10 | backupOwnerReference: self 11 | cluster: 12 | name: pg-baby-buddy 13 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/home/esphome/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./secret-esphome.sops.yaml 7 | - ./helmrelease.yaml 8 | - ../../../../templates/volsync 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/home/hajimari/app/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: background-controller 6 | app.kubernetes.io/instance: kyverno 7 | app.kubernetes.io/part-of: kyverno 8 | rbac.kyverno.io/aggregate-to-background-controller: 'true' 9 | name: kyverno:create-hajimari-applications 10 | rules: 11 | - apiGroups: 12 | - hajimari.io 13 | resources: 14 | - applications 15 | verbs: 16 | - create 17 | - update 18 | - delete -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/home/hajimari/app/httproute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gateway.networking.k8s.io/v1 3 | kind: HTTPRoute 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: &app hajimari 7 | app.kubernetes.io/instance: *app 8 | app.kubernetes.io/part-of: *app 9 | name: *app 10 | namespace: home 11 | spec: 12 | hostnames: 13 | - portal.${INTERNAL_DOMAIN} 14 | parentRefs: 15 | - kind: Gateway 16 | name: private-gateway 17 | namespace: gateway 18 | rules: 19 | - backendRefs: 20 | - kind: Service 21 | name: hajimari 22 | port: 3000 23 | weight: 1 24 | matches: 25 | - path: 26 | type: PathPrefix 27 | value: / 28 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/home/hajimari/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./httproute.yaml 8 | - ./clusterrole.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/home/hajimari/policy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./clusterpolicy.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/home/home-assistant/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | commonLabels: 6 | app.kubernetes.io/name: home-assistant 7 | app.kubernetes.io/instance: home-assistant 8 | resources: 9 | - ./pgcluster.yaml 10 | - ./secret-home-assistant.sops.yaml 11 | - ./secret-deploy-key.sops.yaml 12 | - ./helmrelease.yaml 13 | - ../../../../templates/volsync 14 | configMapGenerator: 15 | - name: hass-config 16 | files: 17 | - ./config/configuration.yaml 18 | options: 19 | disableNameSuffixHash: true 20 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/home/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./baby-buddy/ks.yaml 10 | - ./esphome/ks.yaml 11 | - ./hajimari/ks.yaml 12 | - ./home-assistant/ks.yaml 13 | - ./mealie/ks.yaml 14 | - ./wyoming-services/ks.yaml 15 | - ./zigbee2mqtt/ks.yaml 16 | 17 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/home/mealie/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/volsync 8 | 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/home/mealie/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./pgcluster.yaml 7 | - ./scheduledbackup.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/home/mealie/database/scheduledbackup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json 3 | apiVersion: postgresql.cnpg.io/v1 4 | kind: ScheduledBackup 5 | metadata: 6 | name: pg-mealie 7 | spec: 8 | schedule: "@weekly" 9 | immediate: true 10 | backupOwnerReference: self 11 | cluster: 12 | name: pg-mealie 13 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/home/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: home 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | networking.kubernetes.io/shared-gateway-access: "true" 9 | istio.io/dataplane-mode: ambient 10 | 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/home/wyoming-services/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | 8 | configMapGenerator: 9 | - name: openwakeword-config 10 | files: 11 | - ./resources/hey_piper.tflite 12 | - name: piper-config 13 | files: 14 | - ./resources/pre_process_map.yaml 15 | - ./resources/voice_to_speaker.yaml 16 | 17 | generatorOptions: 18 | disableNameSuffixHash: true 19 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/home/wyoming-services/app/resources/hey_piper.tflite: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JefeDavis/k8s-HomeOps/360a8b1a8c9e01c344042ec36aa8751c8262403d/kubernetes/jsdyb-k8s-001/apps/home/wyoming-services/app/resources/hey_piper.tflite -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/home/wyoming-services/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: wyoming-services 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: home 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: &app wyoming-services 13 | app.kubernetes.io/part-of: *app 14 | path: "./kubernetes/${CLUSTER}/apps/home/wyoming-services/app" 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | wait: true 20 | interval: 30m 21 | retryInterval: 1m 22 | timeout: 5m 23 | postBuild: 24 | substituteFrom: [] 25 | decryption: 26 | provider: sops 27 | dependsOn: 28 | - name: rook-ceph-cluster 29 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/home/zigbee2mqtt/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: home 6 | resources: 7 | - ./secret-zigbee2mqtt.sops.yaml 8 | - ./helmrelease.yaml 9 | - ../../../../templates/volsync 10 | configMapGenerator: 11 | - name: zigbee2mqtt-loki-rules 12 | files: 13 | - zigbee2mqtt.yaml=./resources/lokirule.yaml 14 | options: 15 | labels: 16 | loki_rule: "true" 17 | generatorOptions: 18 | disableNameSuffixHash: true 19 | 20 | 21 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/home/zigbee2mqtt/app/resources/lokirule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | groups: 3 | - name: zigbee2mqtt 4 | rules: 5 | - alert: ZigbeeMQTTUnreachable 6 | expr: | 7 | sum(count_over_time({app="zigbee2mqtt"} |~ "(?i)not connected to mqtt server"[2m])) > 0 8 | for: 2m 9 | labels: 10 | severity: critical 11 | category: logs 12 | annotations: 13 | app: "{{ $labels.app }}" 14 | summary: "{{ $labels.app }} is unable to reach MQTT" 15 | 16 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/bazarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/volsync 8 | 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/common/mount/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | resources: 7 | - ./pv.yaml 8 | - ./pvc.yaml 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/common/mount/pv.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: nfs-media 5 | spec: 6 | storageClassName: media 7 | capacity: 8 | storage: 1Mi 9 | accessModes: 10 | - ReadWriteMany 11 | persistentVolumeReclaimPolicy: Retain 12 | nfs: 13 | server: ${SYNOLOGY_ADDR} 14 | path: "/volume1/media" 15 | mountOptions: 16 | - nfsvers=3 17 | - tcp 18 | - intr 19 | - hard 20 | - noatime 21 | - nodiratime 22 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/common/mount/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: nfs-media 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteMany 10 | storageClassName: media 11 | resources: 12 | requests: 13 | storage: 1Mi 14 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/common/resource/dashboard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | configMapGenerator: 6 | - name: servarr-dashboard 7 | files: 8 | - servarr.json=https://raw.githubusercontent.com/onedr0p/exportarr/88bf4028243a82cc160ce8f8ed75b76976e4acf5/examples/grafana/dashboard2.json 9 | 10 | generatorOptions: 11 | disableNameSuffixHash: true 12 | annotations: 13 | kustomize.toolkit.fluxcd.io/substitute: disabled 14 | grafana.io/folder: Media 15 | labels: 16 | grafana.io/dashboard: "true" 17 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/common/resource/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | resources: 7 | - ./secret-starr-apps.sops.yaml 8 | - ./dashboard 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # # Flux-Kustomizations 9 | - ./common/ks.yaml 10 | - ./bazarr/ks.yaml 11 | - ./lidarr/ks.yaml 12 | - ./music-assistant/ks.yaml 13 | - ./overseerr/ks.yaml 14 | - ./plex/ks.yaml 15 | - ./plex-meta-manager/ks.yaml 16 | - ./readarr/ks.yaml 17 | - ./recyclarr/ks.yaml 18 | - ./radarr/ks.yaml 19 | - ./sonarr/ks.yaml 20 | - ./teddy-cloud/ks.yaml 21 | - ./tautulli/ks.yaml 22 | - ./unpackerr/ks.yaml 23 | - ./wizarr/ks.yaml 24 | 25 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/lidarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/volsync 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/music-assistant/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/volsync 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: media 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | networking.kubernetes.io/shared-gateway-access: "true" 9 | istio.io/dataplane-mode: ambient 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/overseerr/app/dashboard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | configMapGenerator: 6 | - name: overseerr-dashboard 7 | files: 8 | - overseerr.json=https://raw.githubusercontent.com/WillFantom/overseerr-exporter/main/grafana/dashboard.json 9 | 10 | generatorOptions: 11 | disableNameSuffixHash: true 12 | annotations: 13 | kustomize.toolkit.fluxcd.io/substitute: disabled 14 | grafana.io/folder: Media 15 | labels: 16 | grafana.io/dashboard: "true" 17 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/overseerr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret-overseerr.sops.yaml 8 | - ../../../../templates/volsync 9 | - ./dashboard 10 | configMapGenerator: 11 | - name: overseerr-config-template 12 | files: 13 | - ./resources/settings.json 14 | options: 15 | labels: 16 | kustomize.toolkit.fluxcd.io/substitute: disabled 17 | generatorOptions: 18 | disableNameSuffixHash: true 19 | 20 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/plex-meta-manager/app/config/pre-rolls.yml: -------------------------------------------------------------------------------- 1 | --- 2 | collections: 3 | ############################ 4 | # MONTHS # 5 | ############################ 6 | 7 | Normal: 8 | build_collection: false 9 | server_preroll: /media/library/prerolls/normal/Plex4K.mp4; /media/library/prerolls/normal/LightSpeed-Plex4K.mp4 10 | schedule: 11 | - range(01/01-01/31) # January 12 | - range(02/01-01/28) # February 13 | - range(03/01-03/31) # March 14 | - range(04/01-04/30) # April 15 | - range(05/01-05/31) # May 16 | - range(06/01-06/30) # Jun 17 | - range(07/01-07/31) # July 18 | - range(08/01-08/31) # August 19 | - range(09/01-09/30) # September 20 | - range(10/01-10/31) # October 21 | - range(11/01-11/30) # November 22 | - range(12/01-12/31) # December 23 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/plex-meta-manager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | resources: 7 | - ./pvc.yaml 8 | - ./secret-plex-meta-manager.sops.yaml 9 | - ./helmrelease.yaml 10 | configMapGenerator: 11 | - name: pmm-config-template 12 | files: 13 | - ./config/config.yml 14 | options: 15 | labels: 16 | kustomize.toolkit.fluxcd.io/substitute: disabled 17 | - name: pmm-prerolls 18 | files: 19 | - ./config/pre-rolls.yml 20 | - name: pmm-scripts 21 | files: 22 | - ./scripts/run.sh 23 | generatorOptions: 24 | disableNameSuffixHash: true 25 | labels: 26 | - pairs: 27 | app.kubernetes.io/name: plex-meta-manager 28 | app.kubernetes.io/instance: plex-meta-manager 29 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/plex-meta-manager/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: pmm-config 6 | namespace: media 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 5Gi 13 | storageClassName: ceph-block 14 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/plex-meta-manager/app/scripts/run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | pmm () { 4 | echo "*** pmm: $1 ***" 5 | 6 | python3 plex_meta_manager.py \ 7 | --run \ 8 | --read-only-config \ 9 | --run-libraries "$1" 10 | } 11 | 12 | pmm "Movies" 13 | # pmm "TV Shows" 14 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/plex-meta-manager/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: plex-meta-manager 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | path: ./kubernetes/${CLUSTER}/apps/media/plex-meta-manager/app 11 | postBuild: 12 | substituteFrom: [] 13 | prune: true 14 | retryInterval: 1m 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | timeout: 5m 19 | wait: true 20 | dependsOn: 21 | - name: rook-ceph-cluster 22 | - name: plex 23 | - name: tautulli 24 | - name: radarr 25 | - name: sonarr 26 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/plex/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./secret-plex.sops.yaml 7 | - ./helmrelease.yaml 8 | - ./pvc.yaml 9 | - ../../../../templates/volsync 10 | configMapGenerator: 11 | - name: plex-loki-rules 12 | files: 13 | - plex.yaml=./resources/lokirule.yaml 14 | options: 15 | labels: 16 | loki_rule: "true" 17 | generatorOptions: 18 | disableNameSuffixHash: true 19 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/plex/app/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: plex-cache 6 | spec: 7 | accessModes: ["ReadWriteOnce"] 8 | resources: 9 | requests: 10 | storage: 75Gi 11 | storageClassName: ceph-block 12 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/plex/app/resources/lokirule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | groups: 3 | - name: plex 4 | rules: 5 | - alert: PlexDatabaseBusy 6 | expr: | 7 | sum by (app) (count_over_time({app="plex"} |~ "(?i)retry busy DB"[2m])) > 0 8 | for: 2m 9 | labels: 10 | severity: critical 11 | category: logs 12 | annotations: 13 | app: "{{ $labels.app }}" 14 | summary: "{{ $labels.app }} is experiencing database issues" 15 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/plex/app/resources/preferences.cfg: -------------------------------------------------------------------------------- 1 | allowedNetworks=10.0.0.0/8 2 | FriendlyName=${ORGANIZATION} 3 | DlnaEnabled=1 4 | GdmEnabled=1 5 | ManualPortMappingMode=1 6 | ManualPortMappingPort=443 7 | LanNetworksBandwidth=10.0.0.0/8 8 | HardwareAcceleratedCodecs=1 9 | PreferredNetworkInterface=eth0 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/radarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/volsync 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/radarr/provision/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: media 6 | resources: 7 | - ./tf.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/radarr/provision/tf.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: infra.contrib.fluxcd.io/v1alpha1 3 | kind: Terraform 4 | metadata: 5 | name: radarr-provisioner 6 | namespace: media 7 | spec: 8 | path: "./" 9 | interval: 10m 10 | approvePlan: auto 11 | sourceRef: 12 | kind: OCIRepository 13 | name: oci-terraform-radarr 14 | namespace: flux-system 15 | varsFrom: 16 | - kind: Secret 17 | name: starr-apps-secret 18 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/readarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/volsync 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/recyclarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | configMapGenerator: 8 | - name: recyclarr-configmap 9 | files: 10 | - ./resources/radarr.yml 11 | - ./resources/sonarr.yml 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: disabled 16 | labels: 17 | - pairs: 18 | app.kubernetes.io/name: recyclarr 19 | app.kubernetes.io/instance: recyclarr 20 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/recyclarr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: recyclarr 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | path: "./kubernetes/${CLUSTER}/apps/media/recyclarr/app" 11 | prune: true 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | wait: true 16 | interval: 30m 17 | retryInterval: 1m 18 | timeout: 5m 19 | postBuild: 20 | substituteFrom: [] 21 | decryption: 22 | provider: sops 23 | dependsOn: 24 | - name: media-common 25 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/sonarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/volsync 8 | 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/sonarr/provision/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./tf.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/sonarr/provision/tf.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: infra.contrib.fluxcd.io/v1alpha1 3 | kind: Terraform 4 | metadata: 5 | name: sonarr-provisioner 6 | spec: 7 | path: "./" 8 | interval: 10m 9 | approvePlan: auto 10 | sourceRef: 11 | kind: OCIRepository 12 | name: oci-terraform-sonarr 13 | namespace: flux-system 14 | varsFrom: 15 | - kind: Secret 16 | name: starr-apps-secret 17 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/tautulli/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/volsync 8 | 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/teddy-cloud/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/volsync 8 | 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/teddy-cloud/certs/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ../../../../templates/volsync/ 7 | 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/unpackerr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/unpackerr/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: unpackerr 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: media 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: &app unpackerr 13 | app.kubernetes.io/instance: *app 14 | path: "./kubernetes/${CLUSTER}/apps/media/unpackerr/app" 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | wait: true 20 | interval: 10m 21 | retryInterval: 1m 22 | timeout: 5m 23 | postBuild: 24 | substituteFrom: [] 25 | decryption: 26 | provider: sops 27 | dependsOn: 28 | - name: sonarr 29 | - name: radarr 30 | - name: lidarr 31 | - name: readarr 32 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/media/wizarr/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/volsync 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/mesh/istio/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2.json 3 | apiVersion: helm.toolkit.fluxcd.io/v2 4 | kind: HelmRelease 5 | metadata: 6 | name: istio 7 | namespace: gateway 8 | spec: 9 | chart: 10 | spec: 11 | chart: ambient 12 | interval: 30m 13 | sourceRef: 14 | kind: HelmRepository 15 | name: istio 16 | namespace: flux-system 17 | version: 1.25.1 18 | interval: 30m 19 | values: 20 | global: 21 | istioNamespace: mesh 22 | base: 23 | istioNamespace: mesh 24 | ztunnel: 25 | istioNamespace: mesh 26 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/mesh/istio/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./servicemonitor.yaml 8 | - ./podmonitor.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/mesh/istio/app/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: istio-component-monitor 6 | namespace: gateway 7 | labels: 8 | monitoring: istio-components 9 | release: istio 10 | spec: 11 | jobLabel: istio 12 | targetLabels: [app] 13 | selector: 14 | matchExpressions: 15 | - { key: istio, operator: In, values: [pilot] } 16 | namespaceSelector: 17 | any: true 18 | endpoints: 19 | - port: http-monitoring 20 | interval: 15s -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/mesh/istio/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: istio 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: mesh 10 | interval: 10m 11 | path: "./kubernetes/${CLUSTER}/apps/mesh/istio/app" 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | decryption: 17 | provider: sops 18 | wait: true 19 | postBuild: 20 | substituteFrom: [] 21 | dependsOn: 22 | - name: cilium 23 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/mesh/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./istio/ks.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/mesh/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: mesh 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | istio.io/dataplane-mode: ambient 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/alertmanager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret-alertmanager.sops.yaml 8 | configMapGenerator: 9 | - name: alertmanager-config 10 | files: 11 | - config/alertmanager.yml 12 | options: 13 | disableNameSuffixHash: true 14 | annotations: 15 | kustomize.toolkit.fluxcd.io/substitute: disabled -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/alertmanager/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: &appname alertmanager 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: monitor 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: *appname 13 | interval: 30m 14 | timeout: 5m 15 | path: "./kubernetes/${CLUSTER}/apps/monitor/alertmanager/app" 16 | prune: true 17 | sourceRef: 18 | kind: GitRepository 19 | name: flux-system 20 | namespace: flux-system 21 | wait: false 22 | postBuild: 23 | substituteFrom: [] 24 | dependsOn: 25 | - name: gateway-api-crds 26 | - name: kube-prometheus-stack -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/grafana/app/dashboard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | configMapGenerator: 6 | - name: grafana-dashboard 7 | files: 8 | - home.json 9 | generatorOptions: 10 | disableNameSuffixHash: true 11 | annotations: 12 | kustomize.toolkit.fluxcd.io/substitute: disabled 13 | labels: 14 | grafana.io/dashboard: "true" -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/grafana/app/httproute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gateway.networking.k8s.io/v1 3 | kind: HTTPRoute 4 | metadata: 5 | annotations: 6 | hajimari.io/enable: "true" 7 | hajimari.io/icon: "simple-icons:grafana" 8 | labels: 9 | app.kubernetes.io/name: &app grafana 10 | app.kubernetes.io/instance: *app 11 | app.kubernetes.io/part-of: *app 12 | name: *app 13 | namespace: monitor 14 | spec: 15 | hostnames: 16 | - monitor.${INTERNAL_DOMAIN} 17 | parentRefs: 18 | - kind: Gateway 19 | name: private-gateway 20 | namespace: gateway 21 | rules: 22 | - backendRefs: 23 | - kind: Service 24 | name: *app 25 | port: 80 26 | weight: 1 27 | matches: 28 | - path: 29 | type: PathPrefix 30 | value: / 31 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/grafana/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: monitor 6 | resources: 7 | - ./secret-grafana.sops.yaml 8 | - ./helmrelease.yaml 9 | - ./httproute.yaml 10 | - ./dashboard/ 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/grafana/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: grafana 7 | namespace: flux-system 8 | spec: 9 | path: ./kubernetes/${CLUSTER}/apps/monitor/grafana/app 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: flux-system 14 | wait: true 15 | postBuild: 16 | substituteFrom: [] 17 | interval: 30m 18 | retryInterval: 1m 19 | timeout: 5m 20 | dependsOn: 21 | - name: cloudnative-pg 22 | - name: kube-prometheus-stack-crds 23 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/kiali/app/httproute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gateway.networking.k8s.io/v1 3 | kind: HTTPRoute 4 | metadata: 5 | annotations: 6 | hajimari.io/enable: "true" 7 | hajimari.io/icon: "simple-icons:istio" 8 | labels: 9 | app.kubernetes.io/name: &app kiali 10 | app.kubernetes.io/instance: *app 11 | app.kubernetes.io/part-of: *app 12 | name: *app 13 | namespace: monitor 14 | spec: 15 | hostnames: 16 | - kiali.${INTERNAL_DOMAIN} 17 | parentRefs: 18 | - kind: Gateway 19 | name: private-gateway 20 | namespace: gateway 21 | rules: 22 | - backendRefs: 23 | - kind: Service 24 | name: *app 25 | port: 20001 26 | weight: 1 27 | matches: 28 | - path: 29 | type: PathPrefix 30 | value: / 31 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/kiali/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./httproute.yaml -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/kiali/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | # yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json 4 | apiVersion: kustomize.toolkit.fluxcd.io/v1 5 | kind: Kustomization 6 | metadata: 7 | name: kiali 8 | namespace: flux-system 9 | spec: 10 | targetNamespace: monitor 11 | path: ./kubernetes/${CLUSTER}/apps/monitor/kiali/app 12 | prune: true 13 | sourceRef: 14 | kind: GitRepository 15 | name: flux-system 16 | wait: true 17 | postBuild: 18 | substituteFrom: [] 19 | interval: 30m 20 | retryInterval: 1m 21 | timeout: 5m 22 | dependsOn: 23 | - name: istio 24 | - name: cert-manager -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/kube-prometheus-stack/app/httproute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gateway.networking.k8s.io/v1 3 | kind: HTTPRoute 4 | metadata: 5 | annotations: 6 | hajimari.io/enable: "true" 7 | hajimari.io/icon: "simple-icons:prometheus" 8 | labels: 9 | app.kubernetes.io/name: &app prometheus 10 | app.kubernetes.io/instance: *app 11 | app.kubernetes.io/part-of: *app 12 | name: *app 13 | namespace: monitor 14 | spec: 15 | hostnames: 16 | - prometheus.${INTERNAL_DOMAIN} 17 | parentRefs: 18 | - kind: Gateway 19 | name: private-gateway 20 | namespace: gateway 21 | rules: 22 | - backendRefs: 23 | - kind: Service 24 | name: kube-prometheus-stack-prometheus 25 | port: 9090 26 | weight: 1 27 | matches: 28 | - path: 29 | type: PathPrefix 30 | value: / 31 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/kube-prometheus-stack/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./httproute.yaml 8 | - ./rules/ 9 | - ./scrapeconfigs/ 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/kube-prometheus-stack/app/rules/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./oom-killed.yaml -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/kube-prometheus-stack/app/rules/oom-killed.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/monitoring.coreos.com/prometheusrule_v1.json 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: PrometheusRule 5 | metadata: 6 | name: oom-alert 7 | spec: 8 | groups: 9 | - name: oom 10 | rules: 11 | - alert: OOMKilled 12 | annotations: 13 | description: Container {{ $labels.container }} in pod {{ $labels.namespace }}/{{ $labels.pod }} has been OOMKilled {{ $value }} times in the last 10 minutes. 14 | expr: (kube_pod_container_status_restarts_total - kube_pod_container_status_restarts_total offset 10m >= 1) and ignoring (reason) min_over_time(kube_pod_container_status_last_terminated_reason{reason="OOMKilled"}[10m]) == 1 15 | labels: 16 | severity: critical -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/kube-prometheus-stack/app/scrapeconfigs/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./node-exporter.yaml -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/kube-prometheus-stack/app/scrapeconfigs/node-exporter.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/monitoring.coreos.com/scrapeconfig_v1alpha1.json 3 | apiVersion: monitoring.coreos.com/v1alpha1 4 | kind: ScrapeConfig 5 | metadata: 6 | name: &name node-exporter 7 | spec: 8 | staticConfigs: 9 | - targets: 10 | - jsdyb-nas-001.${INTERNAL_DOMAIN}:9100 11 | metricsPath: /metrics 12 | relabelings: 13 | - action: replace 14 | targetLabel: job 15 | replacement: *name 16 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/kube-prometheus-stack/crds/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: helm.toolkit.fluxcd.io/v2 2 | kind: HelmRelease 3 | metadata: 4 | name: prometheus-operator-crds 5 | spec: 6 | interval: 10m0s 7 | chart: 8 | spec: 9 | chart: prometheus-operator-crds 10 | version: "19.1.0" 11 | sourceRef: 12 | kind: HelmRepository 13 | name: prometheus-community 14 | namespace: flux-system 15 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/kube-prometheus-stack/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ./helmrelease.yaml 5 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./alertmanager/ks.yaml 10 | - ./grafana/ks.yaml 11 | - ./kiali/ks.yaml 12 | - ./kube-prometheus-stack/ks.yaml 13 | - ./metrics-server/ks.yaml 14 | # - ./thanos/ks.yaml 15 | - ./unpoller/ks.yaml 16 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/metrics-server/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: metrics-server 6 | spec: 7 | interval: 30m 8 | chart: 9 | spec: 10 | chart: metrics-server 11 | version: 3.12.2 12 | sourceRef: 13 | kind: HelmRepository 14 | name: kubernetes-sigs-metrics-server 15 | namespace: flux-system 16 | interval: 30m 17 | values: 18 | metrics: 19 | enabled: true 20 | serviceMonitor: 21 | enabled: true 22 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/metrics-server/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/metrics-server/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: metrics-server 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: monitor 10 | path: "./kubernetes/${CLUSTER}/apps/monitor/metrics-server/app" 11 | prune: true 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | wait: true 16 | interval: 30m 17 | timeout: 5m 18 | retryInterval: 1m 19 | postBuild: 20 | substituteFrom: [] 21 | dependsOn: 22 | - name: kube-prometheus-stack-crds 23 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: monitor 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | networking.kubernetes.io/shared-gateway-access: "true" 9 | istio.io/dataplane-mode: ambient 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/unpoller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./secret-unpoller.sops.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/monitor/unpoller/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: unpoller 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: monitor 10 | path: ./kubernetes/${CLUSTER}/apps/monitor/unpoller/app 11 | prune: true 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | wait: true 16 | interval: 30m 17 | retryInterval: 1m 18 | timeout: 5m 19 | postBuild: 20 | substituteFrom: [] 21 | dependsOn: 22 | - name: kube-prometheus-stack 23 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/blocky/app/dragonfly.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: dragonflydb.io/v1alpha1 3 | kind: Dragonfly 4 | metadata: 5 | name: dns-dragonfly 6 | labels: 7 | app.kubernetes.io/name: dns-dragonfly 8 | app.kubernetes.io/instance: dns-dragonfly 9 | spec: 10 | image: ghcr.io/dragonflydb/dragonfly:v1.28.1 11 | replicas: 3 12 | env: 13 | - name: MAX_MEMORY 14 | valueFrom: 15 | resourceFieldRef: 16 | resource: limits.memory 17 | divisor: 1Mi 18 | args: 19 | - --maxmemory=$(MAX_MEMORY)Mi 20 | - --proactor_threads=2 21 | - --cluster_mode=emulated 22 | - --lock_on_hashtags 23 | resources: 24 | requests: 25 | cpu: 100m 26 | limits: 27 | memory: 512Mi 28 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/blocky/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./dragonfly.yaml 8 | - ./pgcluster.yaml 9 | - ./scheduledbackup.yaml 10 | - ./podmonitor.yaml 11 | configMapGenerator: 12 | # - name: blocky-datasource 13 | # files: 14 | # - datasource.yaml=./resources/datasource.yaml 15 | # options: 16 | # labels: 17 | # grafana_datasource: "true" 18 | - name: blocky-configmap 19 | files: 20 | - config.yml=./resources/config.yaml 21 | generatorOptions: 22 | disableNameSuffixHash: true 23 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/blocky/app/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PodMonitor 4 | metadata: 5 | name: dns-dragonfly 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: dns-dragonfly 10 | podTargetLabels: ["app"] 11 | podMetricsEndpoints: 12 | - port: admin 13 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/blocky/app/scheduledbackup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: postgresql.cnpg.io/v1 3 | kind: ScheduledBackup 4 | metadata: 5 | name: pg-blocky-backup 6 | spec: 7 | schedule: "@weekly" 8 | immediate: true 9 | backupOwnerReference: self 10 | cluster: 11 | name: pg-blocky 12 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/blocky/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: blocky 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: network 10 | path: "./kubernetes/${CLUSTER}/apps/network/blocky/app" 11 | prune: true 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | wait: true 16 | interval: 30m 17 | retryInterval: 1m 18 | timeout: 5m 19 | postBuild: 20 | substituteFrom: [] 21 | decryption: 22 | provider: sops 23 | dependsOn: 24 | - name: dragonfly 25 | - name: cloudnative-pg 26 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/cilium/app/httproute-hubble.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gateway.networking.k8s.io/v1 3 | kind: HTTPRoute 4 | metadata: 5 | annotations: 6 | hajimari.io/enable: "true" 7 | hajimari.io/icon: "simple-icons:cilium" 8 | labels: 9 | app.kubernetes.io/instance: hubble 10 | app.kubernetes.io/name: hubble 11 | app.kubernetes.io/part-of: cilium 12 | name: hubble 13 | namespace: network 14 | spec: 15 | hostnames: 16 | - hubble.${INTERNAL_DOMAIN} 17 | parentRefs: 18 | - kind: Gateway 19 | name: private-gateway 20 | namespace: gateway 21 | rules: 22 | - backendRefs: 23 | - kind: Service 24 | name: hubble-ui 25 | port: 80 26 | weight: 1 27 | matches: 28 | - path: 29 | type: PathPrefix 30 | value: / 31 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/cilium/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./bgpconfig.yaml 9 | - ./httproute-hubble.yaml 10 | 11 | configMapGenerator: 12 | - name: cilium-values 13 | files: 14 | - values.yaml=./values.yaml 15 | 16 | configurations: 17 | - ./kustomizeconfig.yaml 18 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/cilium/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/cilium/gateway/external-certificate.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: "wildcard-external" 6 | spec: 7 | secretName: "wildcard-tls-external" 8 | issuerRef: 9 | name: letsencrypt-prod 10 | kind: ClusterIssuer 11 | dnsNames: 12 | - "*.${EXTERNAL_DOMAIN}" 13 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/cilium/gateway/internal-certificate.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: "wildcard-internal" 6 | spec: 7 | secretName: "wildcard-tls-internal" 8 | issuerRef: 9 | name: letsencrypt-prod 10 | kind: ClusterIssuer 11 | dnsNames: 12 | - "*.${INTERNAL_DOMAIN}" 13 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/cilium/gateway/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network 6 | resources: 7 | - ./private-gateway.yaml 8 | - ./public-gateway.yaml 9 | - ./external-certificate.yaml 10 | - ./professional-certificate.yaml 11 | - ./internal-certificate.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/cilium/gateway/professional-certificate.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cert-manager.io/v1 3 | kind: Certificate 4 | metadata: 5 | name: "wildcard-professional" 6 | spec: 7 | secretName: "wildcard-tls-professional" 8 | issuerRef: 9 | name: letsencrypt-prod 10 | kind: ClusterIssuer 11 | dnsNames: 12 | - "*.${PROFESSIONAL_DOMAIN}" 13 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/dynamic-dns/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network 6 | resources: 7 | - ./serviceaccount.yaml 8 | - ./role.yaml 9 | - ./rolebinding.yaml 10 | - ./cronjob.yaml 11 | commonLabels: 12 | app.kubernetes.io/name: dynamic-dns 13 | app.kubernetes.io/instance: dynamic-dns 14 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/dynamic-dns/app/role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: Role 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: dynamic-dns 6 | namespace: network 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - configmaps 12 | verbs: 13 | - get 14 | - create 15 | - update 16 | - patch 17 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/dynamic-dns/app/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: RoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: dynamic-dns 6 | namespace: network 7 | subjects: 8 | - kind: ServiceAccount 9 | name: dynamic-dns 10 | namespace: network 11 | roleRef: 12 | kind: Role 13 | name: dynamic-dns 14 | apiGroup: "" 15 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/dynamic-dns/app/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: dynamic-dns 6 | namespace: network 7 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/dynamic-dns/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: dynamic-dns 7 | namespace: flux-system 8 | spec: 9 | interval: 10m 10 | path: "./kubernetes/${CLUSTER}/apps/network/dynamic-dns/app" 11 | prune: true 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | decryption: 16 | provider: sops 17 | wait: true 18 | postBuild: 19 | substituteFrom: [] 20 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/external-dns/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network 6 | resources: 7 | - ./crd-dnsendpoint.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/external-dns/private/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./secret-internal-dns.sops.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/external-dns/public/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./secret-external-dns.yaml 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/external-dns/public/secret-external-dns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: external-dns-secret 5 | namespace: network 6 | annotations: 7 | reflector.v1.k8s.emberstack.com/reflects: "security/cloudflare-api-token-secret" 8 | data: 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/external-services/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: external-services 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: network 10 | interval: 10m 11 | path: "./kubernetes/${CLUSTER}/apps/network/external-services/services" 12 | postBuild: 13 | substituteFrom: [] 14 | prune: true 15 | sourceRef: 16 | kind: GitRepository 17 | name: flux-system 18 | wait: true 19 | dependsOn: 20 | - name: gateway-api-crds 21 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/external-services/services/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network 6 | resources: 7 | - ./minio.yaml 8 | - ./synology.yaml 9 | - ./unifi.yaml 10 | 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./cilium/ks.yaml 10 | - ./blocky/ks.yaml 11 | - ./dynamic-dns/ks.yaml 12 | - ./external-dns/ks.yaml 13 | - ./pod-gateway/ks.yaml 14 | - ./smtp-relay/ks.yaml 15 | - ./tetragon/ks.yaml 16 | - ./multus/ks.yaml 17 | - ./external-services/ks.yaml 18 | 19 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/multus/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network 6 | resources: 7 | - ./crd.yaml 8 | - ./helmrelease.yaml 9 | - ./rbac.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/multus/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: multus 6 | rules: 7 | - apiGroups: ["k8s.cni.cncf.io"] 8 | resources: 9 | - '*' 10 | verbs: 11 | - '*' 12 | - apiGroups: 13 | - "" 14 | resources: 15 | - pods 16 | - pods/status 17 | verbs: 18 | - get 19 | - list 20 | - update 21 | - watch 22 | - apiGroups: 23 | - "" 24 | - events.k8s.io 25 | resources: 26 | - events 27 | verbs: 28 | - create 29 | - patch 30 | - update 31 | --- 32 | apiVersion: rbac.authorization.k8s.io/v1 33 | kind: ClusterRoleBinding 34 | metadata: 35 | name: multus 36 | roleRef: 37 | apiGroup: rbac.authorization.k8s.io 38 | kind: ClusterRole 39 | name: multus 40 | subjects: 41 | - kind: ServiceAccount 42 | name: multus 43 | namespace: network 44 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/multus/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network 6 | resources: 7 | - ./networkattachment-iot.yaml 8 | - ./networkattachment-not.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/multus/config/networkattachment-iot.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: "k8s.cni.cncf.io/v1" 3 | kind: NetworkAttachmentDefinition 4 | metadata: 5 | name: iot-vlan 6 | namespace: network 7 | spec: 8 | config: |- 9 | { 10 | "cniVersion": "0.3.1", 11 | "name": "iot-vlan", 12 | "plugins": [ 13 | { 14 | "type": "macvlan", 15 | "master": "eth0.90", 16 | "mode": "bridge", 17 | "capabilities": { 18 | "ips": true 19 | }, 20 | "ipam": { 21 | "type": "static", 22 | "routes": [ 23 | { "dst": "10.0.0.0/8", "gw": "10.0.90.1" } 24 | ] 25 | } 26 | }, 27 | { 28 | "capabilities": { "mac": true }, 29 | "type": "tuning" 30 | } 31 | ] 32 | } 33 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/multus/config/networkattachment-not.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: "k8s.cni.cncf.io/v1" 3 | kind: NetworkAttachmentDefinition 4 | metadata: 5 | name: not-vlan 6 | namespace: network 7 | spec: 8 | config: |- 9 | { 10 | "cniVersion": "0.3.1", 11 | "name": "not-vlan", 12 | "plugins": [ 13 | { 14 | "type": "macvlan", 15 | "master": "eth0.70", 16 | "mode": "bridge", 17 | "capabilities": { 18 | "ips": true 19 | }, 20 | "ipam": { 21 | "type": "static", 22 | "routes": [ 23 | { "dst": "10.0.0.0/8", "gw": "10.0.70.1" } 24 | ] 25 | } 26 | }, 27 | { 28 | "capabilities": { "mac": true }, 29 | "type": "tuning" 30 | } 31 | ] 32 | } 33 | 34 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: network 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | networking.kubernetes.io/shared-gateway-access: "true" 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/pod-gateway/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network 6 | resources: 7 | - ./secret-pod-gateway.sops.yaml 8 | - ./helmrelease.yaml 9 | - ./networkpolicy.yaml 10 | commonLabels: 11 | app.kubernetes.io/name: pod-gateway 12 | app.kubernetes.io/instance: vpn-gateway 13 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/pod-gateway/app/networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cilium.io/v2 3 | kind: CiliumNetworkPolicy 4 | metadata: 5 | name: vpn-gateway-pod-gateway 6 | namespace: network 7 | labels: 8 | app.kubernetes.io/instance: vpn-gateway 9 | app.kubernetes.io/name: pod-gateway 10 | spec: 11 | endpointSelector: 12 | matchLabels: 13 | app.kubernetes.io/instance: vpn-gateway 14 | app.kubernetes.io/name: pod-gateway 15 | 16 | egress: 17 | - toCIDR: 18 | - 0.0.0.0/0 19 | toPorts: 20 | - ports: 21 | - port: '51820' 22 | protocol: UDP 23 | - toEntities: 24 | - cluster 25 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/pod-gateway/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: pod-gateway 7 | namespace: flux-system 8 | spec: 9 | interval: 10m 10 | path: "./kubernetes/${CLUSTER}/apps/network/pod-gateway/app" 11 | prune: true 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | wait: true 16 | postBuild: 17 | substituteFrom: [] 18 | decryption: 19 | provider: sops 20 | dependsOn: 21 | - name: cert-manager 22 | - name: generic-device-plugin 23 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/smtp-relay/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./secret-smtp-relay.sops.yaml 8 | configMapGenerator: 9 | - name: smtp-relay-config 10 | files: 11 | - ./resources/maddy.conf 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/smtp-relay/app/resources/maddy.conf: -------------------------------------------------------------------------------- 1 | state_dir /cache/state 2 | runtime_dir /cache/run 3 | 4 | openmetrics tcp://0.0.0.0:{env:SMTP_RELAY_METRICS_PORT} { } 5 | 6 | tls off 7 | hostname {env:HOSTNAME} 8 | 9 | smtp tcp://0.0.0.0:{env:SMTP_RELAY_SMTP_PORT} { 10 | default_source { 11 | deliver_to &remote_queue 12 | } 13 | } 14 | 15 | target.queue remote_queue { 16 | target &remote_smtp 17 | } 18 | 19 | target.smtp remote_smtp { 20 | attempt_starttls yes 21 | require_tls yes 22 | auth plain {env:SMTP_RELAY_USERNAME} {env:SMTP_RELAY_PASSWORD} 23 | targets tcp://{env:SMTP_RELAY_SERVER}:{env:SMTP_RELAY_SERVER_PORT} 24 | } 25 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/smtp-relay/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: smtp-relay 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: network 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: &app smtp-relay 13 | app.kubernetes.io/instance: *app 14 | path: "./kubernetes/${CLUSTER}/apps/network/smtp-relay/app" 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | wait: true 20 | interval: 10m 21 | retryInterval: 1m 22 | timeout: 5m 23 | decryption: 24 | provider: sops 25 | postBuild: 26 | substituteFrom: [] 27 | dependsOn: 28 | - name: kube-prometheus-stack-crds 29 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/tetragon/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network 6 | resources: 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/tetragon/policies/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: network 6 | resources: 7 | - ./tracingpolicy-egress-tcp.yaml 8 | - ./tracingpolicy-sshd.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/network/tetragon/policies/tracingpolicy-egress-tcp.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cilium.io/v1alpha1 3 | kind: TracingPolicy 4 | metadata: 5 | name: egress-tcp-tracing 6 | spec: 7 | kprobes: 8 | - call: "tcp_connect" 9 | syscall: false 10 | args: 11 | - index: 0 12 | type: "sock" 13 | selectors: 14 | - matchArgs: 15 | - index: 0 16 | operator: "NotDAddr" 17 | values: 18 | - 127.0.0.1 19 | - ${SERVICE_CIDR} 20 | - ${POD_CIDR} 21 | - ${CLUSTER_APISERVER_ENDPOINT} 22 | - call: "tcp_close" 23 | syscall: false 24 | args: 25 | - index: 0 26 | type: "sock" 27 | selectors: 28 | - matchArgs: 29 | - index: 0 30 | operator: "NotDAddr" 31 | values: 32 | - 127.0.0.1 33 | - ${SERVICE_CIDR} 34 | - ${POD_CIDR} 35 | - ${CLUSTER_APISERVER_ENDPOINT} 36 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/policy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./kyverno/ks.yaml 10 | 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/policy/kyverno/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: policy 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./rbac.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/policy/kyverno/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: kyverno:admin 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: admin 10 | subjects: 11 | - kind: ServiceAccount 12 | name: kyverno 13 | namespace: policy 14 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/policy/kyverno/policies/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./clusterpolicy-remove-cpu-limit.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/policy/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: policy 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/print/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./maker-management-platform/ks.yaml 10 | 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/print/maker-management-platform/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ../../../../templates/volsync 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/print/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: print 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | networking.kubernetes.io/shared-gateway-access: "true" 9 | istio.io/dataplane-mode: ambient 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./namespace.yaml 7 | - ./resume/ks.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: resume 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | networking.kubernetes.io/shared-gateway-access: "true" 9 | istio.io/dataplane-mode: ambient 10 | 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/cv/experience/second-front.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: resumes.jefedavis.dev/v1alpha1 3 | kind: JobExperience 4 | metadata: 5 | name: second-front-jobs 6 | labels: 7 | resume.jefedavis.dev/candidate: jeffdavis 8 | resume.jefedavis.dev/employer: secondFrontSystems 9 | spec: 10 | employer: Second Front Systems 11 | location: Remote 12 | startDate: 2023-11-01 13 | endDate: Present 14 | positions: 15 | - title: Federal Solutions Architect 16 | highlights: [] 17 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/cv/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: resume 6 | resources: 7 | - ./overview.yaml 8 | - ./httproute.yaml 9 | - ./certifications/certs.yaml 10 | - ./experience/20cs-usaf.yaml 11 | - ./experience/691cos-usaf.yaml 12 | - ./experience/epic.yaml 13 | - ./experience/vmware.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - bases/resumes.jefedavis.dev_profiles.yaml 7 | - bases/resumes.jefedavis.dev_jobexperiences.yaml 8 | - bases/resumes.jefedavis.dev_certifications.yaml 9 | 10 | configurations: 11 | - kustomizeconfig.yaml 12 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | version: v1 8 | group: apiextensions.k8s.io 9 | path: spec/conversion/webhook/clientConfig/service/name 10 | 11 | namespace: 12 | - kind: CustomResourceDefinition 13 | version: v1 14 | group: apiextensions.k8s.io 15 | path: spec/conversion/webhook/clientConfig/service/namespace 16 | create: false 17 | 18 | varReference: 19 | - path: metadata/annotations 20 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/crd/patches/cainjection_in_profiles.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # The following patch adds a directive for certmanager to inject CA into the CRD 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: profiles.resumes.jefedavis.dev 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/crd/patches/webhook_in_profiles.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # The following patch enables a conversion webhook for the CRD 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: profiles.resumes.jefedavis.dev 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhook: 11 | clientConfig: 12 | service: 13 | namespace: system 14 | name: webhook-service 15 | path: /convert 16 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: resume 6 | namePrefix: resume-operator- 7 | bases: 8 | - ./crd 9 | - ./rbac 10 | - ./manager 11 | - ./prometheus 12 | patchesStrategicMerge: 13 | - ./patches/manager_auth_proxy_patch.yaml 14 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/manager/controller_manager_config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 3 | kind: ControllerManagerConfig 4 | health: 5 | healthProbeBindAddress: :8081 6 | metrics: 7 | bindAddress: 127.0.0.1:8080 8 | webhook: 9 | port: 9443 10 | leaderElection: 11 | leaderElect: true 12 | resourceName: 0edb8fc4.jefedavis.dev 13 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - manager.yaml 7 | 8 | generatorOptions: 9 | disableNameSuffixHash: true 10 | 11 | configMapGenerator: 12 | - files: 13 | - controller_manager_config.yaml 14 | name: manager-config 15 | images: 16 | - name: controller 17 | newName: jefedavis/resume-operator 18 | newTag: latest 19 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/patches/manager_config_patch.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: controller-manager 6 | namespace: system 7 | spec: 8 | template: 9 | spec: 10 | containers: 11 | - name: manager 12 | args: 13 | - "--config=controller_manager_config.yaml" 14 | volumeMounts: 15 | - name: manager-config 16 | mountPath: /controller_manager_config.yaml 17 | subPath: controller_manager_config.yaml 18 | volumes: 19 | - name: manager-config 20 | configMap: 21 | name: manager-config 22 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - monitor.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | scheme: https 15 | bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 16 | tlsConfig: 17 | insecureSkipVerify: true 18 | selector: 19 | matchLabels: 20 | control-plane: controller-manager 21 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: metrics-reader 6 | rules: 7 | - nonResourceURLs: 8 | - "/metrics" 9 | verbs: 10 | - get 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: proxy-role 6 | rules: 7 | - apiGroups: 8 | - authentication.k8s.io 9 | resources: 10 | - tokenreviews 11 | verbs: 12 | - create 13 | - apiGroups: 14 | - authorization.k8s.io 15 | resources: 16 | - subjectaccessreviews 17 | verbs: 18 | - create 19 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: proxy-rolebinding 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: proxy-role 10 | subjects: 11 | - kind: ServiceAccount 12 | name: controller-manager 13 | namespace: system 14 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | control-plane: controller-manager 7 | name: controller-manager-metrics-service 8 | namespace: system 9 | spec: 10 | ports: 11 | - name: https 12 | port: 8443 13 | targetPort: https 14 | selector: 15 | control-plane: controller-manager 16 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - service_account.yaml 7 | - role.yaml 8 | - role_binding.yaml 9 | - leader_election_role.yaml 10 | - leader_election_role_binding.yaml 11 | - auth_proxy_service.yaml 12 | - auth_proxy_role.yaml 13 | - auth_proxy_role_binding.yaml 14 | - auth_proxy_client_clusterrole.yaml 15 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # permissions to do leader election. 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: Role 5 | metadata: 6 | name: leader-election-role 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - configmaps 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | - create 17 | - update 18 | - patch 19 | - delete 20 | - apiGroups: 21 | - coordination.k8s.io 22 | resources: 23 | - leases 24 | verbs: 25 | - get 26 | - list 27 | - watch 28 | - create 29 | - update 30 | - patch 31 | - delete 32 | - apiGroups: 33 | - "" 34 | resources: 35 | - events 36 | verbs: 37 | - create 38 | - patch 39 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: leader-election-rolebinding 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: leader-election-role 10 | subjects: 11 | - kind: ServiceAccount 12 | name: controller-manager 13 | namespace: system 14 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/rbac/profile_editor_role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # permissions for end users to edit profiles. 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | name: profile-editor-role 7 | rules: 8 | - apiGroups: 9 | - resumes.jefedavis.dev 10 | resources: 11 | - profiles 12 | verbs: 13 | - create 14 | - delete 15 | - get 16 | - list 17 | - patch 18 | - update 19 | - watch 20 | - apiGroups: 21 | - resumes.jefedavis.dev 22 | resources: 23 | - profiles/status 24 | verbs: 25 | - get 26 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/rbac/profile_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # permissions for end users to view profiles. 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | name: profile-viewer-role 7 | rules: 8 | - apiGroups: 9 | - resumes.jefedavis.dev 10 | resources: 11 | - profiles 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | - apiGroups: 17 | - resumes.jefedavis.dev 18 | resources: 19 | - profiles/status 20 | verbs: 21 | - get 22 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: manager-rolebinding 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: manager-role 10 | subjects: 11 | - kind: ServiceAccount 12 | name: controller-manager 13 | namespace: system 14 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/resume/resume/operator/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: controller-manager 6 | namespace: system 7 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/security/authentik/app/branding/davishaus-favicon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JefeDavis/k8s-HomeOps/360a8b1a8c9e01c344042ec36aa8751c8262403d/kubernetes/jsdyb-k8s-001/apps/security/authentik/app/branding/davishaus-favicon.png -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/security/authentik/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: security 6 | resources: 7 | - ./secret-authentik.sops.yaml 8 | - ./helmrelease.yaml 9 | - ./clusterpolicy.yaml 10 | - ./configmap-authentik-branding.yaml -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/security/authentik/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: security 6 | resources: 7 | - ./pgcluster.yaml 8 | - ./scheduledbackup.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/security/authentik/database/scheduledbackup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: postgresql.cnpg.io/v1 3 | kind: ScheduledBackup 4 | metadata: 5 | name: pg-authentik-backup 6 | namespace: security 7 | spec: 8 | schedule: "@weekly" 9 | immediate: true 10 | backupOwnerReference: self 11 | cluster: 12 | name: pg-authentik 13 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/security/authentik/provision/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: security 6 | resources: 7 | - ./tf.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/security/cert-manager/app/dashboard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | configMapGenerator: 6 | - name: cert-manager-dashboard 7 | files: 8 | - cert-manager.json=https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/cert-manager/dashboards/cert-manager.json 9 | 10 | generatorOptions: 11 | disableNameSuffixHash: true 12 | annotations: 13 | kustomize.toolkit.fluxcd.io/substitute: disabled 14 | grafana.io/folder: Security 15 | labels: 16 | grafana.io/dashboard: "true" 17 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/security/cert-manager/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: security 6 | resources: 7 | - ./helmrelease.yaml 8 | # - ./dashboard/ 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/security/cert-manager/issuers/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: security 6 | resources: 7 | - ./secret-cloudflare-api-token.sops.yaml 8 | - ./clusterissuer-letsencrypt.yaml 9 | - ./clusterissuer-local.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/security/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | # - ./authentik/ks.yaml 10 | - ./cert-manager/ks.yaml 11 | - ./vaultwarden/ks.yaml 12 | 13 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/security/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: security 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | networking.kubernetes.io/shared-gateway-access: "true" 9 | istio.io/dataplane-mode: ambient 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/security/vaultwarden/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./secret-vaultwarden.sops.yaml 7 | - ./helmrelease.yaml 8 | - ../../../../templates/volsync 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/security/vaultwarden/database/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./pgcluster.yaml 7 | - ./scheduledbackup.yaml 8 | 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/security/vaultwarden/database/scheduledbackup.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: postgresql.cnpg.io/v1 3 | kind: ScheduledBackup 4 | metadata: 5 | name: pg-vaultwarden-backup 6 | spec: 7 | schedule: "@weekly" 8 | immediate: true 9 | backupOwnerReference: self 10 | cluster: 11 | name: pg-vaultwarden 12 | 13 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/selfhosted/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | # - ./hajimari/ks.yaml 10 | # - ./theme-park/ks.yaml 11 | 12 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/selfhosted/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: selfhosted 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | networking.kubernetes.io/shared-gateway-access: "true" 9 | istio.io/dataplane-mode: ambient 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/selfhosted/theme-park/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./clusterpolicy.yaml 8 | configMapGenerator: 9 | - name: theme-park-rdt-client-config 10 | files: 11 | - resources/rdt-client/nord.css 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/selfhosted/theme-park/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: theme-park 7 | namespace: flux-system 8 | spec: 9 | targetNamespace: selfhosted 10 | commonMetadata: 11 | labels: 12 | app.kubernetes.io/name: &app theme-park 13 | app.kubernetes.io/instance: *app 14 | path: "./kubernetes/${CLUSTER}/apps/selfhosted/theme-park/app" 15 | prune: true 16 | sourceRef: 17 | kind: GitRepository 18 | name: flux-system 19 | wait: true 20 | interval: 30m 21 | retryInterval: 1m 22 | timeout: 5m 23 | postBuild: 24 | substituteFrom: [] 25 | dependsOn: 26 | - name: kyverno 27 | 28 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/storage/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./rook-ceph/ks.yaml 10 | - ./nfs-subdir/ks.yaml 11 | - ./snapshot-controller/ks.yaml 12 | - ./volsync/ks.yaml 13 | 14 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/storage/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: storage 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | networking.kubernetes.io/shared-gateway-access: "true" 9 | 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/storage/nfs-subdir/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: nfs-subdir-external-provisioner 6 | namespace: storage 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: nfs-subdir-external-provisioner 12 | version: 4.0.18 13 | sourceRef: 14 | kind: HelmRepository 15 | name: kubernetes-sigs-nfs-subdir 16 | namespace: flux-system 17 | interval: 30m 18 | values: 19 | nfs: 20 | server: ${SYNOLOGY_ADDR} 21 | path: /volume1/cloudnative1 22 | mountOptions: 23 | - "nfsvers=3" 24 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/storage/nfs-subdir/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: storage 6 | resources: 7 | - ./helmrelease.yaml 8 | 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/storage/nfs-subdir/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: nfs-subdir 7 | namespace: flux-system 8 | spec: 9 | interval: 10m 10 | path: "./kubernetes/${CLUSTER}/apps/storage/nfs-subdir/app" 11 | prune: true 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | wait: true 16 | postBuild: 17 | substituteFrom: [] 18 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/storage/rook-ceph/cluster/httproute.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: gateway.networking.k8s.io/v1 3 | kind: HTTPRoute 4 | metadata: 5 | annotations: 6 | hajimari.io/enable: "true" 7 | hajimari.io/icon: "simple-icons:rook" 8 | labels: 9 | app.kubernetes.io/name: &app rook-ceph 10 | app.kubernetes.io/instance: *app 11 | app.kubernetes.io/part-of: *app 12 | name: *app 13 | namespace: storage 14 | spec: 15 | hostnames: 16 | - rook.${INTERNAL_DOMAIN} 17 | parentRefs: 18 | - kind: Gateway 19 | name: private-gateway 20 | namespace: gateway 21 | rules: 22 | - backendRefs: 23 | - kind: Service 24 | name: rook-ceph-mgr-dashboard 25 | port: 7000 26 | weight: 1 27 | matches: 28 | - path: 29 | type: PathPrefix 30 | value: / 31 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/storage/rook-ceph/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: storage 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./httproute.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/storage/rook-ceph/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: storage 6 | resources: 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/storage/snapshot-controller/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: snapshot-controller 6 | namespace: storage 7 | spec: 8 | interval: 15m 9 | chart: 10 | spec: 11 | chart: snapshot-controller 12 | version: 4.0.2 13 | sourceRef: 14 | kind: HelmRepository 15 | name: piraeus 16 | namespace: flux-system 17 | maxHistory: 2 18 | install: 19 | createNamespace: true 20 | crds: CreateReplace 21 | remediation: 22 | retries: 3 23 | upgrade: 24 | cleanupOnFail: true 25 | crds: CreateReplace 26 | remediation: 27 | retries: 3 28 | uninstall: 29 | keepHistory: false 30 | values: 31 | serviceMonitor: 32 | create: true 33 | webhook: 34 | enabled: false 35 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/storage/snapshot-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/storage/snapshot-controller/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: snapshot-controller 7 | namespace: flux-system 8 | spec: 9 | path: ./kubernetes/${CLUSTER}/apps/storage/snapshot-controller/app 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: flux-system 14 | wait: true 15 | postBuild: 16 | substituteFrom: [] 17 | interval: 30m 18 | retryInterval: 1m 19 | timeout: 5m 20 | dependsOn: 21 | - name: kube-prometheus-stack-crds 22 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/storage/volsync/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: volsync 6 | namespace: storage 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: volsync 12 | version: 0.12.1 13 | sourceRef: 14 | kind: HelmRepository 15 | name: backube 16 | namespace: flux-system 17 | interval: 30m 18 | values: 19 | manageCRDs: true 20 | metrics: 21 | disableAuth: true 22 | 23 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/storage/volsync/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | - ./prometheusrule.yaml 8 | - ./secret-flux-volsync.sops.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/storage/volsync/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: volsync 7 | namespace: flux-system 8 | spec: 9 | path: "./kubernetes/${CLUSTER}/apps/storage/volsync/app" 10 | prune: true 11 | sourceRef: 12 | kind: GitRepository 13 | name: flux-system 14 | wait: true 15 | interval: 30m 16 | timeout: 5m 17 | retryInterval: 1m 18 | postBuild: 19 | substituteFrom: [] 20 | dependsOn: 21 | - name: snapshot-controller 22 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/descheduler/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: system 6 | resources: 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/descheduler/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: descheduler 7 | namespace: flux-system 8 | spec: 9 | interval: 10m 10 | path: "./kubernetes/${CLUSTER}/apps/system/descheduler/app" 11 | prune: true 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | wait: true 16 | postBuild: 17 | substituteFrom: [] 18 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/generic-device-plugin/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./helmrelease.yaml 7 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/generic-device-plugin/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.toolkit.fluxcd.io/v1 3 | kind: Kustomization 4 | metadata: 5 | name: generic-device-plugin 6 | namespace: flux-system 7 | spec: 8 | targetNamespace: system 9 | commonMetadata: 10 | labels: 11 | app.kubernetes.io/name: &app generic-device-plugin 12 | path: ./kubernetes/${CLUSTER}/apps/system/generic-device-plugin/app 13 | prune: true 14 | sourceRef: 15 | kind: GitRepository 16 | name: flux-system 17 | wait: false # no flux ks dependents 18 | interval: 10m 19 | retryInterval: 1m 20 | timeout: 5m 21 | postBuild: 22 | substitute: 23 | APP: *app 24 | substituteFrom: [] 25 | dependsOn: [] 26 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/intel-device-plugins/gpu/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: intel-device-plugins-gpu 6 | namespace: system 7 | spec: 8 | interval: 30m 9 | chart: 10 | # renovate: registryUrl=https://intel.github.io/helm-charts 11 | spec: 12 | chart: intel-device-plugins-gpu 13 | version: 0.32.0 14 | interval: 30m 15 | sourceRef: 16 | kind: HelmRepository 17 | name: intel 18 | namespace: flux-system 19 | values: 20 | name: intel-gpu-plugin 21 | sharedDevNum: 2 22 | nodeFeatureRule: false 23 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/intel-device-plugins/gpu/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: system 6 | resources: 7 | - ./helmrelease.yaml 8 | - ./nodefeaturerule.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/intel-device-plugins/gpu/nodefeaturerule.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: nfd.k8s-sigs.io/v1alpha1 3 | kind: NodeFeatureRule 4 | metadata: 5 | name: intel-gpu-plugin 6 | spec: 7 | rules: 8 | - name: intel.gpu 9 | labels: 10 | intel.feature.node.kubernetes.io/gpu: "true" 11 | matchFeatures: 12 | - feature: pci.device 13 | matchExpressions: 14 | vendor: {op: In, value: ["8086"]} 15 | class: {op: In, value: ["0300", "0380"]} 16 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/intel-device-plugins/operator/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: intel-device-plugins-operator 6 | namespace: system 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | # renovate: registryUrl=https://intel.github.io/helm-charts 12 | chart: intel-device-plugins-operator 13 | version: 0.32.0 14 | interval: 30m 15 | sourceRef: 16 | kind: HelmRepository 17 | name: intel 18 | namespace: flux-system 19 | install: 20 | crds: CreateReplace 21 | upgrade: 22 | crds: CreateReplace 23 | 24 | 25 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/intel-device-plugins/operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: system 6 | resources: 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/kubelet-csr-approver/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: kubelet-csr-approver 6 | namespace: system 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: kubelet-csr-approver 12 | version: 1.2.6 13 | sourceRef: 14 | kind: HelmRepository 15 | name: postfinance 16 | namespace: flux-system 17 | interval: 30m 18 | valuesFrom: 19 | - kind: ConfigMap 20 | name: kubelet-csr-approver-values 21 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/kubelet-csr-approver/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: system 6 | resources: 7 | - ./helmrelease.yaml 8 | 9 | configMapGenerator: 10 | - name: kubelet-csr-approver-values 11 | files: 12 | - values.yaml=./values.yaml 13 | 14 | configurations: 15 | - ./kustomizeconfig.yaml 16 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/kubelet-csr-approver/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/kubelet-csr-approver/app/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | providerRegex: | 3 | ^(jsdyb-nuc-00[1-3])$ 4 | 5 | bypassDnsResolution: true 6 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/kubelet-csr-approver/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: kubelet-csr-approver 7 | namespace: flux-system 8 | spec: 9 | interval: 10m 10 | path: "./kubernetes/${CLUSTER}/apps/system/kubelet-csr-approver/app" 11 | prune: true 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | wait: true 16 | postBuild: 17 | substituteFrom: [] 18 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # Pre Flux-Kustomizations 7 | - ./namespace.yaml 8 | # Flux-Kustomizations 9 | - ./descheduler/ks.yaml 10 | - ./intel-device-plugins/ks.yaml 11 | - ./kubelet-csr-approver/ks.yaml 12 | - ./node-feature-discovery/ks.yaml 13 | - ./reloader/ks.yaml 14 | - ./reflector/ks.yaml 15 | - ./generic-device-plugin/ks.yaml 16 | - ./spegel/ks.yaml 17 | - ./system-upgrade-controller/ks.yaml 18 | 19 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: system 6 | labels: 7 | kustomize.toolkit.fluxcd.io/prune: disabled 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/node-feature-discovery/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: node-feature-discovery 6 | namespace: system 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: node-feature-discovery 12 | version: 0.17.2 13 | sourceRef: 14 | kind: HelmRepository 15 | name: kubernetes-sigs-nfd 16 | namespace: flux-system 17 | interval: 30m 18 | install: 19 | crds: CreateReplace 20 | upgrade: 21 | crds: CreateReplace 22 | values: 23 | master: 24 | resources: 25 | requests: 26 | cpu: 11m 27 | memory: 51Mi 28 | limits: 29 | memory: 51Mi 30 | 31 | worker: 32 | resources: 33 | requests: 34 | cpu: 15m 35 | memory: 48Mi 36 | limits: 37 | memory: 48Mi 38 | 39 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/node-feature-discovery/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: system 6 | resources: 7 | - ./helmrelease.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/node-feature-discovery/rules/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: system 6 | resources: 7 | - ./nfr-google-coral.yaml 8 | - ./nfr-zigbee.yaml 9 | - ./nfr-zwave.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/node-feature-discovery/rules/nfr-google-coral.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: nfd.k8s-sigs.io/v1alpha1 3 | kind: NodeFeatureRule 4 | metadata: 5 | name: google-coral-device 6 | spec: 7 | rules: 8 | - # Google Coral USB Accelerator 9 | name: google.coral 10 | labels: 11 | google.feature.node.kubernetes.io/coral: "true" 12 | matchFeatures: 13 | - feature: usb.device 14 | matchExpressions: 15 | vendor: { op: In, value: ["1a6e", "18d1"] } 16 | 17 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/node-feature-discovery/rules/nfr-zigbee.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: nfd.k8s-sigs.io/v1alpha1 3 | kind: NodeFeatureRule 4 | metadata: 5 | name: husbzb-01-zigbee 6 | spec: 7 | rules: 8 | - # HUSBZB-01 Zigbee Stick 9 | name: zigbee 10 | labels: 11 | feature.node.kubernetes.io/zigbee: "true" 12 | matchFeatures: 13 | - feature: usb.device 14 | matchExpressions: 15 | vendor: { op: In, value: ["10c4"] } 16 | device: { op: In, value: ["8a2a"] } 17 | - # Nabu Casa SkyConnect Zigbee Stick 18 | name: zigbee 19 | labels: 20 | feature.node.kubernetes.io/zigbee: "true" 21 | matchFeatures: 22 | - feature: usb.device 23 | matchExpressions: 24 | vendor: { op: In, value: ["10c4"] } 25 | device: { op: In, value: ["ea60"] } 26 | 27 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/node-feature-discovery/rules/nfr-zwave.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: nfd.k8s-sigs.io/v1alpha1 3 | kind: NodeFeatureRule 4 | metadata: 5 | name: husbzb-01-zwave 6 | spec: 7 | rules: 8 | - # HUSBZB-01 Zwave Stick 9 | name: zwave 10 | labels: 11 | feature.node.kubernetes.io/zwave: "true" 12 | matchFeatures: 13 | - feature: usb.device 14 | matchExpressions: 15 | vendor: { op: In, value: ["10c4"] } 16 | device: { op: In, value: ["8a2a"] } 17 | 18 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/reflector/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: reflector 6 | namespace: system 7 | spec: 8 | interval: 15m 9 | chart: 10 | spec: 11 | chart: reflector 12 | version: 9.0.322 13 | sourceRef: 14 | kind: HelmRepository 15 | name: emberstack 16 | namespace: flux-system 17 | interval: 15m 18 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/reflector/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: system 6 | resources: 7 | - ./helmrelease.yaml 8 | 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/reflector/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: reflector 7 | namespace: flux-system 8 | spec: 9 | interval: 10m 10 | path: "./kubernetes/${CLUSTER}/apps/system/reflector/app" 11 | prune: true 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | wait: true 16 | postBuild: 17 | substituteFrom: [] 18 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/reloader/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: reloader 6 | namespace: system 7 | spec: 8 | interval: 30m 9 | chart: 10 | spec: 11 | chart: reloader 12 | version: 2.0.0 13 | sourceRef: 14 | kind: HelmRepository 15 | name: stakater 16 | namespace: flux-system 17 | interval: 30m 18 | values: 19 | reloader: 20 | podMonitor: 21 | enabled: true 22 | 23 | reloadStrategy: annotations 24 | 25 | deployment: 26 | resources: 27 | requests: 28 | cpu: 5m 29 | memory: 96M 30 | 31 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/reloader/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: system 6 | resources: 7 | - ./helmrelease.yaml 8 | 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/reloader/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: reloader 7 | namespace: flux-system 8 | spec: 9 | interval: 10m 10 | path: "./kubernetes/${CLUSTER}/apps/system/reloader/app" 11 | prune: true 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | wait: true 16 | postBuild: 17 | substituteFrom: [] 18 | dependsOn: 19 | - name: kube-prometheus-stack-crds 20 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/spegel/app/helmrelease.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: helm.toolkit.fluxcd.io/v2 3 | kind: HelmRelease 4 | metadata: 5 | name: spegel 6 | spec: 7 | interval: 30m 8 | chart: 9 | spec: 10 | chart: spegel 11 | version: 0.1.1 12 | sourceRef: 13 | kind: HelmRepository 14 | name: spegel 15 | namespace: flux-system 16 | install: 17 | remediation: 18 | retries: 3 19 | upgrade: 20 | cleanupOnFail: true 21 | remediation: 22 | strategy: rollback 23 | retries: 3 24 | valuesFrom: 25 | - kind: ConfigMap 26 | name: spegel-values 27 | values: 28 | grafanaDashboard: 29 | enabled: true 30 | serviceMonitor: 31 | enabled: true 32 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/spegel/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: system 6 | resources: 7 | - ./helmrelease.yaml 8 | 9 | configMapGenerator: 10 | - name: spegel-values 11 | files: 12 | - values.yaml=./values.yaml 13 | 14 | configurations: 15 | - ./kustomizeconfig.yaml 16 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/spegel/app/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | nameReference: 3 | - kind: ConfigMap 4 | version: v1 5 | fieldSpecs: 6 | - path: spec/valuesFrom/name 7 | kind: HelmRelease 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/spegel/app/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | spegel: 3 | containerdSock: /run/containerd/containerd.sock 4 | containerdRegistryConfigPath: /etc/cri/conf.d/hosts 5 | service: 6 | registry: 7 | hostPort: 29999 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/spegel/ks.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json 3 | apiVersion: kustomize.toolkit.fluxcd.io/v1 4 | kind: Kustomization 5 | metadata: 6 | name: spegel 7 | namespace: flux-system 8 | spec: 9 | interval: 30m 10 | path: "./kubernetes/${CLUSTER}/apps/system/spegel/app" 11 | prune: true 12 | sourceRef: 13 | kind: GitRepository 14 | name: flux-system 15 | wait: true 16 | postBuild: 17 | substituteFrom: [] 18 | dependsOn: 19 | - name: kube-prometheus-stack-crds 20 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/system-upgrade-controller/app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | # renovate: depName=rancher/system-upgrade-controller datasource=github-releases 7 | - https://github.com/rancher/system-upgrade-controller/releases/download/v0.14.2/crd.yaml 8 | - ./rbac.yaml 9 | - ./helmrelease.yaml 10 | - ./clusterpolicy.yaml 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/system-upgrade-controller/app/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: system-upgrade 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: cluster-admin 10 | subjects: 11 | - kind: ServiceAccount 12 | name: system-upgrade 13 | namespace: system 14 | --- 15 | apiVersion: talos.dev/v1alpha1 16 | kind: ServiceAccount 17 | metadata: 18 | name: talos 19 | spec: 20 | roles: 21 | - os:admin 22 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/apps/system/system-upgrade-controller/plans/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: system 6 | resources: 7 | - ./talos.yaml 8 | - ./kubernetes.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/components/volsync/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Component 5 | resources: 6 | - ./minio 7 | - ./pvc.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/components/volsync/minio/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./secret-minio.tmpl.yaml 7 | - ./replicationdestination.yaml 8 | - ./replicationsource.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/components/volsync/minio/secret-minio.tmpl.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: ${VOLSYNC_CLAIM:-${APP}}-volsync-minio 5 | stringData: 6 | RESTIC_REPOSITORY: s3:http://${S3_BUCKET_URL}/${S3_BUCKET_NAME}/${APP}/${VOLSYNC_CLAIM:-${APP}} 7 | RESTIC_PASSWORD: ${RESTIC_PASSWORD} 8 | AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID} 9 | AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY} 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/components/volsync/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: "${VOLSYNC_CLAIM:-${APP}}" 6 | spec: 7 | accessModes: 8 | - "${VOLSYNC_ACCESSMODES:-ReadWriteOnce}" 9 | dataSourceRef: 10 | kind: ReplicationDestination 11 | apiGroup: volsync.backube 12 | name: "${VOLSYNC_CLAIM:-${APP}}-bootstrap" 13 | resources: 14 | requests: 15 | storage: "${VOLSYNC_CAPACITY:-1Gi}" 16 | storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}" 17 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/git/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JefeDavis/k8s-HomeOps/360a8b1a8c9e01c344042ec36aa8751c8262403d/kubernetes/jsdyb-k8s-001/flux/repositories/git/.gitkeep -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/git/hajimari.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/gitrepository-source-v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: GitRepository 5 | metadata: 6 | name: hajimari 7 | namespace: flux-system 8 | spec: 9 | interval: 60m 10 | ref: 11 | name: refs/heads/main 12 | timeout: 60s 13 | url: https://github.com/toboshii/hajimari.git -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/git/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./hajimari.yaml -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JefeDavis/k8s-HomeOps/360a8b1a8c9e01c344042ec36aa8751c8262403d/kubernetes/jsdyb-k8s-001/flux/repositories/helm/.gitkeep -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/actions-runner-controller.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: actions-runner-controller 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 5m 10 | url: oci://ghcr.io/actions/actions-runner-controller-charts 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/angelnu.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: angelnu 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://angelnu.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/authentik.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: authentik 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://charts.goauthentik.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/backube.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: backube 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://backube.github.io/helm-charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/bitnami.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: bitnami 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://charts.bitnami.com/bitnami 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/bjw-s.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: bjw-s 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://bjw-s-labs.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/cilium.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: cilium 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://helm.cilium.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/cloudnative-pg.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: cloudnative-pg 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://cloudnative-pg.github.io/charts 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/controlplaneio.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/refs/heads/main/helmrepository-source-v1.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: controlplaneio 7 | namespace: flux-system 8 | spec: 9 | type: oci 10 | interval: 5m 11 | url: oci://ghcr.io/controlplaneio-fluxcd/charts 12 | 13 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/dmahmalat.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: dmahmalat 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: oci://ghcr.io/dmahmalat/charts 10 | type: oci 11 | timeout: 3m 12 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/emberstack.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: emberstack 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://emberstack.github.io/helm-charts/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/emqx.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: emqx 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://repos.emqx.io/charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/envoy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: envoy 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 30m 10 | url: oci://docker.io/envoyproxy 11 | timeout: 3m 12 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/external-secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: external-secrets 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://charts.external-secrets.io 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/grafana.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: grafana 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://grafana.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/hajimari.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: hajimari 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://hajimari.io 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/hashicorp.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: hashicorp 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://helm.releases.hashicorp.com 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/influxdata.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: influxdata 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://helm.influxdata.com/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/ingress-nginx.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: ingress-nginx 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://kubernetes.github.io/ingress-nginx 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/intel.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: intel 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://intel.github.io/helm-charts 10 | timeout: 3m 11 | 12 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/istio.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: istio 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://istio-release.storage.googleapis.com/charts -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/jetstack.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: jetstack 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://charts.jetstack.io/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/kiali.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrepository-source-v1beta2.json 3 | apiVersion: source.toolkit.fluxcd.io/v1 4 | kind: HelmRepository 5 | metadata: 6 | name: kiali 7 | namespace: flux-system 8 | spec: 9 | interval: 2h 10 | url: https://kiali.org/helm-charts -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/kubereboot.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: kubereboot 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://kubereboot.github.io/charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/kubernetes-sigs-descheduler.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: kubernetes-sigs-descheduler 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://kubernetes-sigs.github.io/descheduler 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/kubernetes-sigs-external-dns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: kubernetes-sigs-external-dns 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://kubernetes-sigs.github.io/external-dns 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/kubernetes-sigs-metrics-server.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: kubernetes-sigs-metrics-server 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://kubernetes-sigs.github.io/metrics-server/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/kubernetes-sigs-nfd.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: kubernetes-sigs-nfd 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://kubernetes-sigs.github.io/node-feature-discovery/charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/kubernetes-sigs-nfs-subdir.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: kubernetes-sigs-nfs-subdir 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/kyverno.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: kyverno 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://kyverno.github.io/kyverno/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/metallb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: metallb 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://metallb.github.io/metallb 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/piraeus.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: piraeus 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://piraeus.io/helm-charts/ 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/postfinance.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: postfinance 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://postfinance.github.io/kubelet-csr-approver 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/prometheus-community.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: prometheus-community 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://prometheus-community.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/pulumi.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: pulumi-charts 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: oci://ghcr.io/pulumi/helm-charts 10 | type: oci 11 | timeout: 3m 12 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/ricoberger.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: ricoberger 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://ricoberger.github.io/helm-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/rook-ceph.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: rook-ceph 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://charts.rook.io/release 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/spegel.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: spegel 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 5m 10 | url: oci://ghcr.io/spegel-org/helm-charts 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/stakater.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: stakater 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://stakater.github.io/stakater-charts 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/stevehipwell.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: stevehipwell 6 | namespace: flux-system 7 | spec: 8 | type: oci 9 | interval: 5m 10 | url: oci://ghcr.io/stevehipwell/helm-charts 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/synology-csi.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: synology-csi 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://zebernst.github.io/synology-csi-talos 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/tofu-controller.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: tofu-controller 6 | namespace: flux-system 7 | spec: 8 | interval: 2h 9 | url: https://flux-iac.github.io/tofu-controller/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/weave-gitops.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: weave-gitops 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://helm.gitops.weave.works 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/helm/zalando-postgres-operator.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1 3 | kind: HelmRepository 4 | metadata: 5 | name: zalando-postgres-operator 6 | namespace: flux-system 7 | spec: 8 | interval: 30m 9 | url: https://raw.githubusercontent.com/zalando/postgres-operator/master/charts/postgres-operator/ 10 | timeout: 3m 11 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | namespace: flux-system 6 | resources: 7 | - ./git 8 | - ./helm 9 | - ./oci 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/oci/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JefeDavis/k8s-HomeOps/360a8b1a8c9e01c344042ec36aa8751c8262403d/kubernetes/jsdyb-k8s-001/flux/repositories/oci/.gitkeep -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/oci/jefedavis-terraform-authentik.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: OCIRepository 4 | metadata: 5 | name: oci-terraform-authentik 6 | namespace: flux-system 7 | spec: 8 | interval: 1m 9 | url: oci://ghcr.io/jefedavis/terraform/authentik 10 | ref: 11 | tag: main 12 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/oci/jefedavis-terraform-prowlarr.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: OCIRepository 4 | metadata: 5 | name: oci-terraform-prowlarr 6 | namespace: flux-system 7 | spec: 8 | interval: 1m 9 | url: oci://ghcr.io/jefedavis/terraform/prowlarr 10 | ref: 11 | tag: main 12 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/oci/jefedavis-terraform-radarr.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: OCIRepository 4 | metadata: 5 | name: oci-terraform-radarr 6 | namespace: flux-system 7 | spec: 8 | interval: 1m 9 | url: oci://ghcr.io/jefedavis/terraform/radarr 10 | ref: 11 | tag: main 12 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/oci/jefedavis-terraform-sonarr.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: OCIRepository 4 | metadata: 5 | name: oci-terraform-sonarr 6 | namespace: flux-system 7 | spec: 8 | interval: 1m 9 | url: oci://ghcr.io/jefedavis/terraform/sonarr 10 | ref: 11 | tag: main 12 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/oci/jefedavis-terraform-volsync.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: source.toolkit.fluxcd.io/v1beta2 3 | kind: OCIRepository 4 | metadata: 5 | name: oci-terraform-volsync 6 | namespace: flux-system 7 | spec: 8 | interval: 1m 9 | url: oci://ghcr.io/jefedavis/terraform/volsync 10 | ref: 11 | tag: main 12 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/repositories/oci/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - jefedavis-terraform-authentik.yaml 7 | - jefedavis-terraform-prowlarr.yaml 8 | - jefedavis-terraform-radarr.yaml 9 | - jefedavis-terraform-sonarr.yaml 10 | - jefedavis-terraform-volsync.yaml 11 | 12 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/settings/configmap-cluster-settings.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: cluster-settings 6 | namespace: flux-system 7 | data: 8 | CLUSTER: jsdyb-k8s-001 9 | CLUSTER_APISERVER_ENDPOINT: 10.77.0.10 10 | TIMEZONE: America/New_York 11 | SYNOLOGY_ADDR: 10.77.0.2 12 | ZIGBEE_COORDINATOR_ADDR: 10.0.70.92 13 | POD_CIDR: 172.22.0.0/16 14 | SERVICE_CIDR: 172.23.0.0/16 15 | 16 | SVC_PRIVATE_GATEWAY_ADDR: 192.168.77.21 17 | SVC_PUBLIC_GATEWAY_ADDR: 192.168.77.22 18 | SVC_HASS_ADDR: 192.168.77.42 19 | SVC_MASS_ADDR: 192.168.77.62 20 | SVC_MQTT_ADDR: 192.168.77.67 21 | SVC_PLEX_ADDR: 192.168.77.79 22 | SVC_TEDDYCLOUD_ADDR: 192.168.77.82 23 | SVC_VPN_ADDR: 192.168.77.77 24 | SVC_DNS_ADDR: 192.168.77.53 25 | SVC_SMTP_RELAY_ADDR: 192.168.77.25 26 | WHITELIST_IP_RANGE: "10.0.0.0/9, 192.168.77.0/24, 172.22.0.0/15" 27 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/flux/settings/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./configmap-cluster-settings.yaml 7 | - ./secret-cluster-secrets.sops.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/talos/clusterconfig/.gitignore: -------------------------------------------------------------------------------- 1 | jsdyb-k8s-001-jsdyb-nuc-001.internal.davishaus.dev.yaml 2 | jsdyb-k8s-001-jsdyb-nuc-002.internal.davishaus.dev.yaml 3 | jsdyb-k8s-001-jsdyb-nuc-003.internal.davishaus.dev.yaml 4 | talosconfig 5 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/templates/volsync/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./minio 7 | - ./pvc.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/templates/volsync/minio/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # yaml-language-server: $schema=https://json.schemastore.org/kustomization 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | resources: 6 | - ./secret-minio.tmpl.yaml 7 | - ./replicationdestination.yaml 8 | - ./replicationsource.yaml 9 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/templates/volsync/minio/secret-minio.tmpl.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: ${APP}-volsync-minio 5 | stringData: 6 | RESTIC_REPOSITORY: s3:http://${S3_BUCKET_URL}/${S3_BUCKET_NAME}/${APP} 7 | RESTIC_PASSWORD: ${RESTIC_PASSWORD} 8 | AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID} 9 | AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY} 10 | -------------------------------------------------------------------------------- /kubernetes/jsdyb-k8s-001/templates/volsync/pvc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: "${VOLSYNC_CLAIM:-${APP}}" 6 | spec: 7 | accessModes: 8 | - "${VOLSYNC_ACCESSMODES:-ReadWriteOnce}" 9 | dataSourceRef: 10 | kind: ReplicationDestination 11 | apiGroup: volsync.backube 12 | name: "${APP}-bootstrap" 13 | resources: 14 | requests: 15 | storage: "${VOLSYNC_CAPACITY:-1Gi}" 16 | storageClassName: "${VOLSYNC_STORAGECLASS:-ceph-block}" 17 | --------------------------------------------------------------------------------