initial

blog.yaml

@@ -0,0 +1,101 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: wp-pv-claim
+  labels:
+    app: wordpress
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: blog
+  labels:
+    app: blog
+spec:
+  selector:
+    matchLabels:
+      app: blog
+  template:
+    metadata:
+      labels:
+        app: blog
+    spec:
+      containers:
+      - name: blog-container
+        image: wordpress:6.2.1-apache
+        ports:
+        - containerPort: 80
+        env:
+        - name: WORDPRESS_DB_HOST
+          value: mysql.default
+        - name: WORDPRESS_DB_PASSWORD
+          value: password
+        - name: WORDPRESS_DB_USER
+          value: chyrp
+        - name: WORDPRESS_DB_NAME
+          value: chyrp
+        volumeMounts:
+        - name: wordpress-persistent-storage
+          mountPath: /var/www/html
+      volumes:
+      - name: wordpress-persistent-storage
+        persistentVolumeClaim:
+          claimName: wp-pv-claim
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: blog-svc
+spec:
+  selector:
+    app: blog
+  ports:
+  - port: 80
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: strip-prefix
+spec:
+  stripPrefixRegex:
+    regex:
+    - ^/[^/]+
+
+---
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-issuer
+    kubernetes.io/ingress.class: traefik
+#    traefik.ingress.kubernetes.io/router.middlewares: default-strip-prefix@kubernetescrd
+  name: blog
+spec:
+  rules:
+  - host: swaous.asuscomm.com
+    http:
+      paths:
+      - path: /blog
+        pathType: Prefix
+        backend:
+          service:
+            name: blog-svc
+            port:
+              number: 80
+  tls:
+  - hosts:
+    - swaous.asuscomm.com
+    secretName: swaous-tls

clarkeis.yaml

@@ -0,0 +1,64 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: clarkeis-com
+  annotations:
+    keel.sh/policy: all
+    keel.sh/trigger: poll
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: clarkeis.com
+  template:
+    metadata:
+      labels:
+        app: clarkeis.com
+    spec:
+      containers:
+      - name: clarkeis-container
+        image: swaous.asuscomm.com/clarkeis.com:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 80
+      imagePullSecrets:
+      - name: regcred
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: clarkeis-service
+spec:
+  selector:
+    app: clarkeis.com
+  ports:
+  - port: 80
+    targetPort: 80
+
+---
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-issuer
+    kubernetes.io/ingress.class: traefik
+  name: clarkeis
+spec:
+  rules:
+  - host: www.clarkeis.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: clarkeis-service
+            port:
+              number: 80
+  tls:
+  - hosts:
+    - www.clarkeis.com
+    secretName: clarkeis-tls

deadlyboringmath.yaml

@@ -0,0 +1,64 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: deadlyboringmath-com
+  annotations:
+    keel.sh/policy: all
+    keel.sh/trigger: poll
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: deadlyboringmath.us
+  template:
+    metadata:
+      labels:
+        app: deadlyboringmath.us
+    spec:
+      containers:
+      - name: dbmus-container
+        image: swaous.asuscomm.com/deadlyboringmath.us:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 80
+      imagePullSecrets:
+      - name: regcred
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: dbmus-service
+spec:
+  selector:
+    app: deadlyboringmath.us
+  ports:
+  - port: 80
+    targetPort: 80
+
+---
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-issuer
+    kubernetes.io/ingress.class: traefik
+  name: deadlyboringmath
+spec:
+  rules:
+  - host: deadlyboringmath.us
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: dbmus-service
+            port:
+              number: 80
+  tls:
+  - hosts:
+    - deadlyboringmath.us
+    secretName: dbmus-tls

docker-registry.yaml

@@ -0,0 +1,97 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: docker-registry-pv-claim
+  namespace: docker-registry
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 100Gi
+  storageClassName: csi-cinder-classic
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: docker-registry
+  labels:
+    app: docker-registry
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: docker-registry
+  template:
+    metadata:
+      labels:
+        app: docker-registry
+    spec:
+      containers:
+      - name: docker-registry
+        image: registry
+        ports:
+        - containerPort: 5000
+        volumeMounts:
+        - name: storage
+          mountPath: /var/lib/registry
+        - name: htpasswd
+          mountPath: /auth
+          readOnly: true
+        env:
+        - name: REGISTRY_AUTH
+          value: htpasswd
+        - name: REGISTRY_AUTH_HTPASSWD_REALM
+          value: Docker Registry
+        - name: REGISTRY_AUTH_HTPASSWD_PATH
+          value: /auth/htpasswd
+        - name: REGISTRY_STORAGE_DELETE_ENABLED
+          value: "true"
+      volumes:
+      - name: storage
+        emptyDir: {} # FIXME -make this more permanent later
+      - name: htpasswd
+        secret:
+          secretName: docker-registry-htpasswd
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: docker-registry-service
+spec:
+  selector:
+    app: docker-registry
+  ports:
+    - protocol: TCP
+      port: 5000
+
+---
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-issuer
+    kubernetes.io/ingress.class: traefik
+  name: docker-registry
+spec:
+  rules:
+  - host: swaous.asuscomm.com
+    http:
+      paths:
+      - path: /v2
+        pathType: Prefix
+        backend:
+          service:
+            name: docker-registry-service
+            port:
+              number: 5000
+  tls:
+  - hosts:
+    - swaous.asuscomm.com
+    secretName: swaous-tls

gitea-runner.yaml

@@ -0,0 +1,59 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: act-runner-vol
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+---
+apiVersion: v1
+data:
+  token: QU1MV2hMWmYwSVBIV2VJYUtwbmgwdTFnc0VwSUtDN3QxbzI3dTRPQgo=
+kind: Secret
+metadata:
+  name: runner-secret
+type: Opaque
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: act-runner
+  name: act-runner
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: act-runner
+  strategy: {}
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: act-runner
+    spec:
+      restartPolicy: Always
+      volumes:
+      - name: runner-data
+        persistentVolumeClaim:
+          claimName: act-runner-vol
+      containers:
+      - name: runner
+        image: gitea/act_runner:latest-dind-rootless
+        imagePullPolicy: Always
+        # command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- /opt/act/run.sh"]
+        env:
+        - name: DOCKER_HOST
+          value: unix:///var/run/user/1000/docker.sock
+        - name: GITEA_INSTANCE_URL
+          value: http://gitea-service.gitea.svc.cluster.local:3000
+        - name: GITEA_RUNNER_REGISTRATION_TOKEN
+          value: AMLWhLZf0IPHWeIaKpnh0u1gsEpIKC7t1o27u4OB
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: runner-data
+          mountPath: /data

gitea.yaml

@@ -0,0 +1,114 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitea
+  namespace: gitea
+  labels:
+    app: gitea
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gitea
+  template:
+    metadata:
+      labels:
+        app: gitea
+    spec:
+      containers:
+      - name: gitea
+        image: gitea/gitea:latest
+        ports:
+        - containerPort: 3000
+          name: gitea
+        - containerPort: 22
+          name: git-ssh
+        volumeMounts:
+        - mountPath: /data
+          name: git-data
+      volumes:
+      - name: git-data
+        persistentVolumeClaim:
+          claimName: gitea-pvc
+
+---
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: gitea-pvc
+  namespace: gitea
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea-service
+  namespace: gitea
+spec:
+  selector:
+    app: gitea
+  ports:
+  - name: gitea-http
+    port: 3000
+  - name: gitea-ssh
+    port: 22
+
+---
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: gitea-tls
+  namespace: gitea
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-issuer
+    kubernetes.io/ingress.class: traefik
+  name: gitea
+spec:
+  tls:
+  - hosts:
+    - git.clarkeis.com
+    secretName: gitea-tls
+  rules:
+  - host: git.clarkeis.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: gitea-service
+            port:
+              number: 3000
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea-ssh-svc
+  namespace: gitea
+spec:
+  selector:
+    app: gitea
+  ports:
+    - port: 2223
+      targetPort: 22
+      name: ssh
+  type: LoadBalancer
+  loadBalancerIP: 192.168.50.50

mysql.yaml

@@ -0,0 +1,85 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mysql-secret
+type: kubernetes.io/basic-auth
+stringData:
+  password: "password"
+
+---
+
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: mysql-pv-volume
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 20Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/mnt/data"
+
+---
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mysql-pv-claim
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mysql
+spec:
+  selector:
+    matchLabels:
+      app: mysql
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: mysql
+    spec:
+      containers:
+      - image: mysql:5.6
+        name: mysql
+        env:
+        - name: MYSQL_ROOT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: mysql-secret
+              key: password
+        ports:
+        - containerPort: 3306
+          name: mysql
+        volumeMounts:
+        - name: mysql-persistent-storage
+          mountPath: /var/lib/mysql
+      volumes:
+      - name: mysql-persistent-storage
+        persistentVolumeClaim:
+          claimName: mysql-pv-claim
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql
+spec:
+  ports:
+  - port: 3306
+  selector:
+    app: mysql

nextcloud.yaml

@@ -0,0 +1,82 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nextcloud
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nextcloud
+  template:
+    metadata:
+      labels:
+        app: nextcloud
+    spec:
+      containers:
+      - name: nc-image
+        image: nextcloud
+        ports:
+        - containerPort: 80
+        volumeMounts:
+        - name: files
+          mountPath: /var/www/html
+      volumes:
+      - name: files
+        persistentVolumeClaim:
+          claimName: office-files
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: office-svc
+spec:
+  selector:
+    app: nextcloud
+  ports:
+  - port: 80
+    targetPort: 80
+
+
+---
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: office-files
+  labels:
+    app: nextcloud
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 15Gi
+
+---
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-issuer
+    kubernetes.io/ingress.class: traefik
+  name: office-ingress
+spec:
+  rules:
+  - host: office.clarkeis.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: office-svc
+            port:
+              number: 80
+  tls:
+  - hosts:
+    - office.clarkeis.com
+    secretName: office-tls
+

swaous.yaml

@@ -0,0 +1,64 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: swaous.asuscomm.com
+  annotations:
+    keel.sh/policy: all
+    keel.sh/trigger: poll
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: swaous.asuscomm.com
+  template:
+    metadata:
+      labels:
+        app: swaous.asuscomm.com
+    spec:
+      containers:
+      - name: swaous-container
+        image: swaous.asuscomm.com/swaous.asuscomm.com:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 80
+      imagePullSecrets:
+      - name: regcred
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: homepage-service
+spec:
+  selector:
+    app: swaous.asuscomm.com
+  ports:
+  - port: 80
+    targetPort: 80
+
+---
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-issuer
+    kubernetes.io/ingress.class: traefik
+  name: homepage
+spec:
+  rules:
+  - host: swaous.asuscomm.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: homepage-service
+            port:
+              number: 80
+  tls:
+  - hosts:
+    - swaous.asuscomm.com
+    secretName: swaous-tls

tardiggas.yaml

@@ -0,0 +1,64 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tardiggas.org
+  annotations:
+    keel.sh/policy: all
+    keel.sh/trigger: poll
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: tardiggas.org
+  template:
+    metadata:
+      labels:
+        app: tardiggas.org
+    spec:
+      containers:
+      - name: tard-container
+        image: swaous.asuscomm.com/tardiggas:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 80
+      imagePullSecrets:
+      - name: regcred
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: retardigrades-http
+spec:
+  selector:
+    app: tardiggas.org
+  ports:
+  - port: 80
+    targetPort: 80
+
+---
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-issuer
+    kubernetes.io/ingress.class: traefik
+  name: tardiggas-ingress
+spec:
+  rules:
+  - host: tardiggas.org
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: retardigrades-http
+            port:
+              number: 80
+  tls:
+  - hosts:
+    - tardiggas.org
+    secretName: tardiggas-tls

tls.yaml

@@ -0,0 +1,30 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-issuer
+spec:
+  acme:
+    email: plupy44@gmail.com
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-issuer-account-key
+    solvers:
+      - http01:
+          ingress:
+            class: traefik
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nginx-cert-staging
+  namespace: default
+spec:
+  commonName: swaous.asuscomm.com
+  secretName: swaous-cert
+  dnsNames:
+    - swaous.asuscomm.com
+  issuerRef:
+    kind: Issuer
+    name: letsencrypt-staging