savegame

2025-04-10 22:56:27 +02:00
parent 0bb0f8d6e9
commit a6ac7b84e4
13 changed files with 277 additions and 20 deletions
--- a/Database-manual-deployment/README.md
+++ b/Database-manual-deployment/README.md
@@ -0,0 +1,2 @@
+https://igeadetokunbo.medium.com/how-to-run-databases-on-kubernetes-an-8-step-guide-b75ce9117600
+
--- a/Database-manual-deployment/mysql-statefulset.yaml
+++ b/Database-manual-deployment/mysql-statefulset.yaml
@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mysql
+spec:
+  serviceName: "mysql"
+  replicas: 3
+  selector:
+    matchLabels:
+      app: mysql
+  template:
+    metadata:
+      labels:
+        app: mysql
+    spec:
+      containers:
+      - name: mysql
+        image: mysql:8.4.0-oraclelinux8
+        ports:
+        - containerPort: 3306
+          name: mysql
+        env:
+        - name: MYSQL_ROOT_PASSWORD
+          value: "your_password"
+        volumeMounts:
+        - name: mysql-storage
+          mountPath: /var/lib/mysql
+  volumeClaimTemplates:
+  - metadata:
+      name: mysql-storage
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      resources:
+        requests:
+          storage: 10Gi
+      storageClassName: longhorn
--- a/Database-manual-deployment/pv.yaml
+++ b/Database-manual-deployment/pv.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: mysql-pv
+spec:
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: longhorn
+  hostPath:
+    path: /mnt/data # Specify a path in the host for storage
+  
--- a/Database-manual-deployment/pvc.yaml
+++ b/Database-manual-deployment/pvc.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mysql-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: longhorn
--- a/Database-manual-deployment/svc.yaml
+++ b/Database-manual-deployment/svc.yaml
@@ -0,0 +1,13 @@
+# Headless service
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql
+  labels:
+    app: mysql
+spec:
+  ports:
+  - name: mysql
+    port: 3306
+  selector:
+    app: mysql
--- a/Homeassistant/deployment_complete.yaml
+++ b/Homeassistant/deployment_complete.yaml
@@ -133,6 +133,151 @@ spec:
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
+metadata:
+  name: zwavejs2mqtt-pvc
+  labels:
+    app: zwavejs2mqtt
+  namespace: home-assistant
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 500Mi---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: home-assistant
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: home-assistant
+  name: home-assistant
+spec:
+  selector:
+    app: home-assistant
+  type: ClusterIP
+  ports:
+  - name: http
+    protocol: TCP
+    port: 80
+    targetPort: 8123
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: home-assistant
+  name: home-assistant
+  labels:
+    app: home-assistant
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: home-assistant
+  template:
+    metadata:
+      labels:
+        app: home-assistant
+    spec:
+      containers:
+      - name: bluez
+        image: ghcr.io/mysticrenji/bluez-service:v1.0.0
+        securityContext:
+          privileged: true
+      - name: home-assistant
+        image: ghcr.io/mysticrenji/homeassistant-arm64:2023.3.0
+        resources:
+          requests:
+            memory: "256Mi"
+          limits:
+            memory: "512Mi"
+        ports:
+        - containerPort: 8123
+        volumeMounts:
+        - mountPath: /config
+          name: config
+        - mountPath: /config/configuration.yaml
+          subPath: configuration.yaml
+          name: configmap-file
+        - mountPath: /config/automations.yaml
+          subPath: automations.yaml
+          name: configmap-file
+        - mountPath: /media
+          name: media-volume          
+        # - mountPath: /run/dbus
+        #   name: d-bus
+        #   readOnly: true
+        - mountPath: /dev/ttyUSB1
+          name: zigbee
+        #- mountPath: /dev/video0
+        #  name: cam
+        securityContext:
+          privileged: true
+          capabilities:
+            add:
+              - NET_ADMIN
+              - NET_RAW
+              - SYS_ADMIN
+      hostNetwork: true
+      volumes:
+      - name: config
+        persistentVolumeClaim:
+          claimName: home-assistant-pvc
+      - name: media-volume
+        hostPath:
+          path: /tmp/media
+      - name: configmap-file
+        configMap:
+          name: home-assistant-configmap
+      #  hostPath:
+      #    path: /tmp/home-assistant
+      #    type: DirectoryOrCreate
+      # - name: d-bus
+      #   hostPath:
+      #     path: /run/dbus
+      - name: zigbee
+        hostPath:
+          path: /dev/ttyACM0
+      #- name: cam
+      #  hostPath:
+      #    path: /dev/video0
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: home-assistant-configmap
+  namespace: home-assistant
+data:
+  known_devices.yaml: |
+  automations.yaml: |
+  configuration.yaml: |-
+    default_config:
+    frontend:
+      themes: !include_dir_merge_named themes
+    automation: !include automations.yaml
+    http:
+      use_x_forwarded_for: true
+      trusted_proxies:
+        - 10.10.0.0/16
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: home-assistant-pvc
+  labels:
+    app: home-assistant
+  namespace: home-assistant
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 9Gi 
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
 metadata:
  name: zwavejs2mqtt-pvc
  labels:
--- a/Traefik/README.md
+++ b/Traefik/README.md
@@ -7,6 +7,22 @@
 helm install traefik traefik/traefik --namespace traefik --create-namespace --values traefik-values.yaml


+## Cert-Manager
+
+Cert Manager will be used as it will store certs in a secret, therefore accessible for every pod.
+In contrast to this, Traefik stores certs on disk, so a volume would be needed in RWX mode (too much effort).
+
+### Issuer - CA
+An issuer is a CA. This can be done with 2 different kinds.
+
+#### Issuer 
+can be used in the namespace they are created in.
+
+#### Cluster Issuer 
+can be used throughout the whole cluster, not limited to a specific namespace.
+i.e. general issuer for all namespaces in cluster.
+
+
 ## Troubleshooting steps
 kubectl create deploy nginx --image=nginx -n test
 k create svc -n test clusterip nginx --tcp=80
@@ -25,24 +41,11 @@ k apply -f traefik_lempa/nginx-ingress.yaml
 k get svc -n test
 k get ingress
 k get ingress -n test
-git staus
-git status
-git diff
-git commit -am "wip thing"
-git checkout master
-git pull --rebase
-git merge wip
-git push 
-git log
-git checkout master
-cd traefik_lempa
 helm upgrade traefik traefik/traefik --namespace traefik --create-namespace --values traefik_lempa/traefik-values.yaml
-cd ..
 helm upgrade traefik traefik/traefik --namespace traefik --create-namespace --values traefik_lempa/traefik-values.yaml
 k get svc ingressRoute
 k get svc ingressRoutes
 k get svc ingressroutes.traefik.io
-k get svc ingressroutes.traefik.io --all-namespaces
 k get ingressroutes.traefik.io --all-namespaces
 helm upgrade traefik traefik/traefik --namespace traefik --create-namespace --values traefik_lempa/traefik-values.yaml
 exit
--- a/Traefik/test/dishes-certificate.yaml
+++ b/Traefik/test/dishes-certificate.yaml
@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: schnipo-ingress-certificate
+  namespace: dishes
+spec:
+  secretName: schnipo-certificate-secret
+  issuerRef:
+    name: cloudflare-cluster-issuer
+    kind: ClusterIssuer
+  dnsNames:
+  - schnipo.k8s.schnrbs.work
--- a/Traefik/test/dishes-ingress-route.yaml
+++ b/Traefik/test/dishes-ingress-route.yaml
@@ -0,0 +1,16 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: schnipo-ingress-route
+  namespace: dishes
+spec:
+  entryPoints:
+  - websecure
+  routes:
+  - match: Host(`schnipo.k8s.schnrbs.work`)
+    kind: Rule
+    services:
+    - name: schnipo
+      port: 8080
+  tls:
+    secretName: schnipo-certificate-secret
--- a/Traefik/test/nginx-certificate.yaml
+++ b/Traefik/test/nginx-certificate.yaml
@@ -9,4 +9,4 @@ spec:
    name: cloudflare-cluster-issuer
    kind: ClusterIssuer
  dnsNames:
-  - nginx-test.k8s.internal.schnrbs.work
+  - nginx-test.k8s.schnrbs.work
--- a/Traefik/test/nginx-ingress-route.yaml
+++ b/Traefik/test/nginx-ingress-route.yaml
@@ -7,7 +7,7 @@ spec:
  entryPoints:
  - websecure
  routes:
-  - match: Host(`nginx-test.k8s.internal.schnrbs.work`)
+  - match: Host(`nginx-test.k8s.schnrbs.work`)
    kind: Rule
    services:
    - name: nginx
--- a/Traefik/test/nginx-ingress.yaml
+++ b/Traefik/test/nginx-ingress.yaml
@@ -7,7 +7,7 @@ metadata:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
 spec:
  rules:
-    - host: nginx-test.k8s.internal.schnrbs.work
+    - host: nginx-test.k8s.schnrbs.work
      http:
        paths: 
          - path: /
@@ -19,5 +19,5 @@ spec:
                  number: 80
  tls:
    - hosts:
-        - nginx-test.k8s.internal.schnrbs.work
+        - nginx-test.k8s.schnrbs.work
      secretName: nginx-certificate-secret
--- a/Traefik/traefik-values.yaml
+++ b/Traefik/traefik-values.yaml
@@ -1,10 +1,15 @@
 ports:
  web:
-    redirectTo: 
-      port: websecure
+    redirections:
+      entryPoint:
+        to: websecure
+        scheme: https 
+logs:
+  general:
+    level: DEBUG
 ingressRoute:
  dashboard:
    enabled: true
    entryPoints: [web, websecure]
-    matchRule: Host(`traefik-dashboard.k8s.redacted`)
+    matchRule: Host(`traefik-dashboard.k8s.schnrbs.work`)
				`@@ -0,0 +1,2 @@`
				`https://igeadetokunbo.medium.com/how-to-run-databases-on-kubernetes-an-8-step-guide-b75ce9117600`