berries -> cluster-01

infra/kubernetes/cluster-01/apps/default/beancount/deployment.yaml

@@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: beancount-deployment
+  namespace: default
+  labels:
+    app: beancount
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: beancount
+  template:
+    metadata:
+      labels:
+        app: beancount
+    spec:
+      containers:
+        - name: beancount
+          image: yegle/fava:v1.27 # {"$imagepolicy": "flux-system:fava"}
+          env:
+            - name: BEANCOUNT_FILE
+              value: /bean/amrik.beancount
+          ports:
+            - name: web
+              containerPort: 5000
+          volumeMounts:
+            - mountPath: /bean
+              name: beancount-data-storage
+      volumes:
+        - name: beancount-data-storage
+          persistentVolumeClaim:
+            claimName: beancount-data-claim

infra/kubernetes/cluster-01/apps/default/beancount/ingress.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: beancount
+  namespace: default
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+    hajimari.io/enable: "true"
+    hajimari.io/icon: "weather-sunset"
+    traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+    kubernetes.io/ingress.class: "traefik"
+spec:
+  tls:
+    - hosts:
+        - "fava.${SECRET_DOMAIN}"
+      secretName: "fava.${SECRET_DOMAIN}"
+  rules:
+    - host: "fava.${SECRET_DOMAIN}"
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: beancount-svc
+                port:
+                  name: beancount-web

infra/kubernetes/cluster-01/apps/default/beancount/kustomization.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - pvc.yaml
+  - deployment.yaml
+  - service.yaml
+  - ingress.yaml

infra/kubernetes/cluster-01/apps/default/beancount/pvc.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: beancount-data-claim
+  namespace: default
+  labels:
+    app: beancount
+  annotations:
+    volume.beta.kubernetes.io/storage-class: "zfs-nfs"
+spec:
+  storageClassName: zfs-nfs
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 500Mi

infra/kubernetes/cluster-01/apps/default/beancount/service.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: beancount-svc
+  namespace: default
+spec:
+  selector:
+    app: beancount
+  ports:
+    - name: beancount-web
+      protocol: TCP
+      port: 9501
+      targetPort: web

infra/kubernetes/cluster-01/apps/default/echo-server/helm-release.yaml

@@ -0,0 +1,52 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: echo-server
+  namespace: default
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: echo-server
+      version: 0.5.0
+      sourceRef:
+        kind: HelmRepository
+        name: ealenn-charts
+        namespace: flux-system
+      interval: 5m
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+  values:
+    image:
+      repository: docker.io/ealen/echo-server
+      tag: 0.9.2
+    ingress:
+      enabled: true
+      annotations:
+        cert-manager.io/cluster-issuer: "letsencrypt-production"
+        external-dns.alpha.kubernetes.io/target: "ipv4.${SECRET_DOMAIN}"
+        external-dns/is-public: "true"
+        hajimari.io/enable: "true"
+        hajimari.io/icon: "video-input-antenna"
+        kubernetes.io/ingress.class: "traefik"
+        traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+      hosts:
+        - host: "echo-server.${SECRET_DOMAIN}"
+          paths:
+            - "/"
+      tls:
+        - secretName: echo-server-tls
+          hosts:
+            - "echo-server.${SECRET_DOMAIN}"
+    resources:
+      requests:
+        cpu: 50m
+        memory: 64Mi
+      limits:
+        memory: 96Mi

infra/kubernetes/cluster-01/apps/default/echo-server/kustomization.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helm-release.yaml

infra/kubernetes/cluster-01/apps/default/hajimari/config-pvc.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: hajimari-config
+  namespace: default
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: local-path
+  resources:
+    requests:
+      storage: 128Mi

infra/kubernetes/cluster-01/apps/default/hajimari/helm-release.yaml

@@ -0,0 +1,135 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: hajimari
+  namespace: default
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: hajimari
+      version: 2.0.2
+      sourceRef:
+        kind: HelmRepository
+        name: hajimari-charts
+        namespace: flux-system
+      interval: 5m
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+  values:
+    image:
+      repository: ghcr.io/toboshii/hajimari
+      tag: v0.3.1
+    hajimari:
+      defaultEnable: false
+      namespaceSelector:
+        matchNames:
+          - default
+          - networking
+          - monitoring
+          - media
+      name: "you"
+      customApps:
+        - name: Plex
+          url: http://10.3.10.2:32400/web
+          icon: mdi:plex
+      groups:
+        - name: Communicate
+          links:
+            - name: Discord
+              url: "https://discord.com"
+            - name: Gmail
+              url: "https://gmail.com"
+            - name: Slack
+              url: "https://slack.com/signin"
+        - name: Cloud
+          links:
+            - name: Box
+              url: "https://box.com"
+            - name: Dropbox
+              url: "https://dropbox.com"
+            - name: Drive
+              url: "https://drive.google.com"
+        - name: Design
+          links:
+            - name: Awwwards
+              url: "https://awwwards.com"
+            - name: Dribbble
+              url: "https://dribbble.com"
+            - name: Muz.li
+              url: "https://medium.muz.li/"
+        - name: Dev
+          links:
+            - name: Codepen
+              url: "https://codepen.io/"
+            - name: Devdocs
+              url: "https://devdocs.io"
+            - name: Devhints
+              url: "https://devhints.io"
+        - name: Lifestyle
+          links:
+            - name: Design Milk
+              url: "https://design-milk.com/category/interior-design/"
+            - name: Dwell
+              url: "https://www.dwell.com/"
+            - name: Freshome
+              url: "https://www.mymove.com/freshome/"
+        - name: Media
+          links:
+            - name: Spotify
+              url: "http://browse.spotify.com"
+            - name: Trakt
+              url: "http://trakt.tv"
+            - name: YouTube
+              url: "https://youtube.com/feed/subscriptions"
+        - name: Reading
+          links:
+            - name: Instapaper
+              url: "https://www.instapaper.com/u"
+            - name: Medium
+              url: "http://medium.com"
+            - name: Reddit
+              url: "http://reddit.com"
+        - name: Tech
+          links:
+            - name: Hacker News
+              url: "https://news.ycombinator.com/"
+            - name: The Verge
+              url: "https://theverge.com/"
+            - name: MIT Technology Review
+              url: "https://www.technologyreview.com/"
+    ingress:
+      main:
+        enabled: true
+        ingressClassName: "traefik"
+        annotations:
+          cert-manager.io/cluster-issuer: "letsencrypt-production"
+          hajimari.io/enable: "true"
+          hajimari.io/icon: "weather-sunset"
+          traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+        hosts:
+          - host: "${SECRET_DOMAIN}"
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - hosts:
+              - "${SECRET_DOMAIN}"
+            secretName: "hajimari-tls"
+    persistence:
+      data:
+        enabled: true
+        existingClaim: hajimari-config
+    podAnnotations:
+      configmap.reloader.stakater.com/reload: "hajimari-settings"
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        memory: 256Mi

infra/kubernetes/cluster-01/apps/default/hajimari/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - config-pvc.yaml
+  - helm-release.yaml

infra/kubernetes/cluster-01/apps/default/homeassistant/deployment.yaml

@@ -0,0 +1,37 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: homeassistant-deployment
+  namespace: default
+  labels:
+    app: homeassistant
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: homeassistant
+  template:
+    metadata:
+      labels:
+        app: homeassistant
+    spec:
+      # hostNetwork: true
+      containers:
+        - name: homeassistant
+          image: ghcr.io/home-assistant/home-assistant:stable
+          securityContext:
+            privileged: true
+          env:
+            - name: TZ
+              value: Europe/London
+          ports:
+            - name: web
+              containerPort: 8123
+          volumeMounts:
+            - mountPath: /config
+              name: homeassistant-config-storage
+      volumes:
+        - name: homeassistant-config-storage
+          persistentVolumeClaim:
+            claimName: homeassistant-config-claim

infra/kubernetes/cluster-01/apps/default/homeassistant/ingress.yaml

@@ -0,0 +1,30 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: homeassistant-ingress
+  namespace: default
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+    external-dns.alpha.kubernetes.io/target: "ipv4.${SECRET_DOMAIN}"
+    external-dns/is-public: "true"
+    hajimari.io/enable: "true"
+    hajimari.io/icon: "arcticons:homeassistant"
+    traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+    kubernetes.io/ingress.class: "traefik"
+spec:
+  tls:
+    - hosts:
+        - "ha.${SECRET_DOMAIN}"
+      secretName: "ha.${SECRET_DOMAIN}"
+  rules:
+    - host: "ha.${SECRET_DOMAIN}"
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: homeassistant-svc
+                port:
+                  name: ha-web

infra/kubernetes/cluster-01/apps/default/homeassistant/kustomization.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - pvc.yaml
+  - deployment.yaml
+  - service.yaml
+  - ingress.yaml