diff --git a/clusters/cl01tl/manifests/yubal/-.yaml b/clusters/cl01tl/manifests/yubal/-.yaml deleted file mode 100644 index 8b1378917..000000000 --- a/clusters/cl01tl/manifests/yubal/-.yaml +++ /dev/null @@ -1 +0,0 @@ - diff --git a/clusters/cl01tl/manifests/yubal/Deployment-yubal.yaml b/clusters/cl01tl/manifests/yubal/Deployment-yubal.yaml new file mode 100644 index 000000000..a26e72196 --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/Deployment-yubal.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: yubal + labels: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: yubal + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: yubal + helm.sh/chart: yubal-4.6.2 + namespace: yubal +spec: + revisionHistoryLimit: 3 + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/controller: main + app.kubernetes.io/name: yubal + app.kubernetes.io/instance: yubal + template: + metadata: + labels: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: yubal + app.kubernetes.io/name: yubal + spec: + enableServiceLinks: false + serviceAccountName: default + automountServiceAccountToken: true + securityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsUser: 1000 + hostIPC: false + hostNetwork: false + hostPID: false + dnsPolicy: ClusterFirst + containers: + - env: + - name: YUBAL_TZ + value: America/Chicago + - name: YUBAL_HOST + value: 0.0.0.0 + - name: YUBAL_PORT + value: "8000" + - name: YUBAL_LOG_LEVEL + value: INFO + image: ghcr.io/guillevc/yubal:0.7.2@sha256:906b7c90b738e77ad140178f6a5145f98c12af36e8321d427148c092836c37be + imagePullPolicy: IfNotPresent + name: main + resources: + requests: + cpu: 10m + memory: 128Mi + volumeMounts: + - mountPath: /app/config + name: config + - mountPath: /app/data + name: music + volumes: + - name: config + persistentVolumeClaim: + claimName: yubal + - name: music + persistentVolumeClaim: + claimName: yubal-nfs-storage diff --git a/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-backup-secret-external.yaml b/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-backup-secret-external.yaml new file mode 100644 index 000000000..bc8b1b066 --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-backup-secret-external.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: yubal-backup-secret-external + namespace: yubal + labels: + helm.sh/chart: volsync-target-config-0.8.0 + app.kubernetes.io/instance: yubal + app.kubernetes.io/part-of: yubal + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: yubal-backup-secret-external +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/yubal/yubal" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/digital-ocean + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/digital-ocean + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: AWS_DEFAULT_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: AWS_ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/volsync-backups + metadataPolicy: None + property: AWS_SECRET_ACCESS_KEY diff --git a/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-backup-secret-local.yaml b/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-backup-secret-local.yaml new file mode 100644 index 000000000..3b0d83969 --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-backup-secret-local.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: yubal-backup-secret-local + namespace: yubal + labels: + helm.sh/chart: volsync-target-config-0.8.0 + app.kubernetes.io/instance: yubal + app.kubernetes.io/part-of: yubal + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: yubal-backup-secret-local +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/yubal/yubal" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-local + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-backup-secret-remote.yaml b/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-backup-secret-remote.yaml new file mode 100644 index 000000000..fdebcba80 --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-backup-secret-remote.yaml @@ -0,0 +1,58 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: yubal-backup-secret-remote + namespace: yubal + labels: + helm.sh/chart: volsync-target-config-0.8.0 + app.kubernetes.io/instance: yubal + app.kubernetes.io/part-of: yubal + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: yubal-backup-secret-remote +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/yubal/yubal" + data: + - secretKey: BUCKET_ENDPOINT + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: BUCKET_ENDPOINT + - secretKey: RESTIC_PASSWORD + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /volsync/restic/garage-remote + metadataPolicy: None + property: RESTIC_PASSWORD + - secretKey: AWS_DEFAULT_REGION + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_REGION + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /garage/home-infra/volsync-backups + metadataPolicy: None + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-wireguard-conf.yaml b/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-wireguard-conf.yaml new file mode 100644 index 000000000..ff099a205 --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-wireguard-conf.yaml @@ -0,0 +1,42 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: yubal-wireguard-conf + namespace: yubal + labels: + app.kubernetes.io/name: yubal-wireguard-conf + app.kubernetes.io/instance: yubal + app.kubernetes.io/part-of: yubal +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: private-key + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /airvpn/conf/cl01tl + metadataPolicy: None + property: private-key + - secretKey: preshared-key + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /airvpn/conf/cl01tl + metadataPolicy: None + property: preshared-key + - secretKey: addresses + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /airvpn/conf/cl01tl + metadataPolicy: None + property: addresses + - secretKey: input-ports + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /airvpn/conf/cl01tl + metadataPolicy: None + property: input-ports diff --git a/clusters/cl01tl/manifests/yubal/HTTPRoute-yubal.yaml b/clusters/cl01tl/manifests/yubal/HTTPRoute-yubal.yaml new file mode 100644 index 000000000..2e29e337a --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/HTTPRoute-yubal.yaml @@ -0,0 +1,30 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: yubal + labels: + app.kubernetes.io/instance: yubal + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: yubal + helm.sh/chart: yubal-4.6.2 + namespace: yubal +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - "yubal.alexlebens.net" + rules: + - backendRefs: + - group: "" + kind: Service + name: yubal + namespace: yubal + port: 80 + weight: 100 + matches: + - path: + type: PathPrefix + value: / diff --git a/clusters/cl01tl/manifests/yubal/Namespace-yubal.yaml b/clusters/cl01tl/manifests/yubal/Namespace-yubal.yaml new file mode 100644 index 000000000..fc638f502 --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/Namespace-yubal.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: yubal + labels: + app.kubernetes.io/name: yubal + app.kubernetes.io/instance: yubal + app.kubernetes.io/part-of: yubal + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/manifests/yubal/PersistentVolume-yubal-nfs-storage.yaml b/clusters/cl01tl/manifests/yubal/PersistentVolume-yubal-nfs-storage.yaml new file mode 100644 index 000000000..d4f49e351 --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/PersistentVolume-yubal-nfs-storage.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: yubal-nfs-storage + namespace: yubal + labels: + app.kubernetes.io/name: yubal-nfs-storage + app.kubernetes.io/instance: yubal + app.kubernetes.io/part-of: yubal +spec: + persistentVolumeReclaimPolicy: Retain + storageClassName: nfs-client + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /volume2/Storage/Music Youtube/ + server: synologybond.alexlebens.net + mountOptions: + - vers=4 + - minorversion=1 + - noac diff --git a/clusters/cl01tl/manifests/yubal/PersistentVolumeClaim-yubal-nfs-storage.yaml b/clusters/cl01tl/manifests/yubal/PersistentVolumeClaim-yubal-nfs-storage.yaml new file mode 100644 index 000000000..79ff13145 --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/PersistentVolumeClaim-yubal-nfs-storage.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: yubal-nfs-storage + namespace: yubal + labels: + app.kubernetes.io/name: yubal-nfs-storage + app.kubernetes.io/instance: yubal + app.kubernetes.io/part-of: yubal +spec: + volumeName: yubal-nfs-storage + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/manifests/yubal/PersistentVolumeClaim-yubal.yaml b/clusters/cl01tl/manifests/yubal/PersistentVolumeClaim-yubal.yaml new file mode 100644 index 000000000..d8143807e --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/PersistentVolumeClaim-yubal.yaml @@ -0,0 +1,19 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: yubal + labels: + app.kubernetes.io/instance: yubal + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: yubal + helm.sh/chart: yubal-4.6.2 + annotations: + helm.sh/resource-policy: keep + namespace: yubal +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + storageClassName: "ceph-block" diff --git a/clusters/cl01tl/manifests/yubal/ReplicationSource-yubal-backup-source-external.yaml b/clusters/cl01tl/manifests/yubal/ReplicationSource-yubal-backup-source-external.yaml new file mode 100644 index 000000000..e13f427a7 --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/ReplicationSource-yubal-backup-source-external.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: yubal-backup-source-external + namespace: yubal + labels: + helm.sh/chart: volsync-target-config-0.8.0 + app.kubernetes.io/instance: yubal + app.kubernetes.io/part-of: yubal + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: yubal-backup +spec: + sourcePVC: yubal + trigger: + schedule: 34 14 * * * + restic: + pruneIntervalDays: 7 + repository: yubal-backup-secret-external + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/yubal/ReplicationSource-yubal-backup-source-local.yaml b/clusters/cl01tl/manifests/yubal/ReplicationSource-yubal-backup-source-local.yaml new file mode 100644 index 000000000..b03057686 --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/ReplicationSource-yubal-backup-source-local.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: yubal-backup-source-local + namespace: yubal + labels: + helm.sh/chart: volsync-target-config-0.8.0 + app.kubernetes.io/instance: yubal + app.kubernetes.io/part-of: yubal + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: yubal-backup +spec: + sourcePVC: yubal + trigger: + schedule: 34 11 * * * + restic: + pruneIntervalDays: 7 + repository: yubal-backup-secret-local + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/yubal/ReplicationSource-yubal-backup-source-remote.yaml b/clusters/cl01tl/manifests/yubal/ReplicationSource-yubal-backup-source-remote.yaml new file mode 100644 index 000000000..3f07e4068 --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/ReplicationSource-yubal-backup-source-remote.yaml @@ -0,0 +1,29 @@ +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: yubal-backup-source-remote + namespace: yubal + labels: + helm.sh/chart: volsync-target-config-0.8.0 + app.kubernetes.io/instance: yubal + app.kubernetes.io/part-of: yubal + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: yubal-backup +spec: + sourcePVC: yubal + trigger: + schedule: 34 12 * * * + restic: + pruneIntervalDays: 7 + repository: yubal-backup-secret-remote + retain: + daily: 7 + hourly: 0 + monthly: 3 + weekly: 4 + yearly: 1 + copyMethod: Snapshot + storageClassName: ceph-block + volumeSnapshotClassName: ceph-blockpool-snapshot + cacheCapacity: 1Gi diff --git a/clusters/cl01tl/manifests/yubal/Service-yubal.yaml b/clusters/cl01tl/manifests/yubal/Service-yubal.yaml new file mode 100644 index 000000000..eb433763e --- /dev/null +++ b/clusters/cl01tl/manifests/yubal/Service-yubal.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: yubal + labels: + app.kubernetes.io/instance: yubal + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: yubal + app.kubernetes.io/service: yubal + helm.sh/chart: yubal-4.6.2 + namespace: yubal +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 8000 + protocol: TCP + name: http + selector: + app.kubernetes.io/controller: main + app.kubernetes.io/instance: yubal + app.kubernetes.io/name: yubal