From a6ac7b84e4517414fdf4aec99907e9a44b396043 Mon Sep 17 00:00:00 2001 From: baschno Date: Thu, 10 Apr 2025 22:56:27 +0200 Subject: [PATCH] savegame --- Database-manual-deployment/README.md | 2 + .../mysql-statefulset.yaml | 36 +++++ Database-manual-deployment/pv.yaml | 14 ++ Database-manual-deployment/pvc.yaml | 11 ++ Database-manual-deployment/svc.yaml | 13 ++ Homeassistant/deployment_complete.yaml | 145 ++++++++++++++++++ Traefik/README.md | 29 ++-- Traefik/test/dishes-certificate.yaml | 12 ++ Traefik/test/dishes-ingress-route.yaml | 16 ++ Traefik/test/nginx-certificate.yaml | 2 +- Traefik/test/nginx-ingress-route.yaml | 2 +- Traefik/test/nginx-ingress.yaml | 4 +- Traefik/traefik-values.yaml | 11 +- 13 files changed, 277 insertions(+), 20 deletions(-) create mode 100644 Database-manual-deployment/README.md create mode 100644 Database-manual-deployment/mysql-statefulset.yaml create mode 100644 Database-manual-deployment/pv.yaml create mode 100644 Database-manual-deployment/pvc.yaml create mode 100644 Database-manual-deployment/svc.yaml create mode 100644 Traefik/test/dishes-certificate.yaml create mode 100644 Traefik/test/dishes-ingress-route.yaml diff --git a/Database-manual-deployment/README.md b/Database-manual-deployment/README.md new file mode 100644 index 0000000..adb4ad8 --- /dev/null +++ b/Database-manual-deployment/README.md @@ -0,0 +1,2 @@ +https://igeadetokunbo.medium.com/how-to-run-databases-on-kubernetes-an-8-step-guide-b75ce9117600 + diff --git a/Database-manual-deployment/mysql-statefulset.yaml b/Database-manual-deployment/mysql-statefulset.yaml new file mode 100644 index 0000000..847738c --- /dev/null +++ b/Database-manual-deployment/mysql-statefulset.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mysql +spec: + serviceName: "mysql" + replicas: 3 + selector: + matchLabels: + app: mysql + template: + metadata: + labels: + app: mysql + spec: + containers: + - name: mysql + image: mysql:8.4.0-oraclelinux8 + ports: + - containerPort: 3306 + name: mysql + env: + - name: MYSQL_ROOT_PASSWORD + value: "your_password" + volumeMounts: + - name: mysql-storage + mountPath: /var/lib/mysql + volumeClaimTemplates: + - metadata: + name: mysql-storage + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 10Gi + storageClassName: longhorn \ No newline at end of file diff --git a/Database-manual-deployment/pv.yaml b/Database-manual-deployment/pv.yaml new file mode 100644 index 0000000..5790cbf --- /dev/null +++ b/Database-manual-deployment/pv.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: mysql-pv +spec: + capacity: + storage: 10Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: longhorn + hostPath: + path: /mnt/data # Specify a path in the host for storage + \ No newline at end of file diff --git a/Database-manual-deployment/pvc.yaml b/Database-manual-deployment/pvc.yaml new file mode 100644 index 0000000..f79248c --- /dev/null +++ b/Database-manual-deployment/pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: longhorn \ No newline at end of file diff --git a/Database-manual-deployment/svc.yaml b/Database-manual-deployment/svc.yaml new file mode 100644 index 0000000..7910dcc --- /dev/null +++ b/Database-manual-deployment/svc.yaml @@ -0,0 +1,13 @@ +# Headless service +apiVersion: v1 +kind: Service +metadata: + name: mysql + labels: + app: mysql +spec: + ports: + - name: mysql + port: 3306 + selector: + app: mysql \ No newline at end of file diff --git a/Homeassistant/deployment_complete.yaml b/Homeassistant/deployment_complete.yaml index b6857c7..01706e8 100644 --- a/Homeassistant/deployment_complete.yaml +++ b/Homeassistant/deployment_complete.yaml @@ -133,6 +133,151 @@ spec: --- apiVersion: v1 kind: PersistentVolumeClaim +metadata: + name: zwavejs2mqtt-pvc + labels: + app: zwavejs2mqtt + namespace: home-assistant +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Mi--- +apiVersion: v1 +kind: Namespace +metadata: + name: home-assistant +--- +apiVersion: v1 +kind: Service +metadata: + namespace: home-assistant + name: home-assistant +spec: + selector: + app: home-assistant + type: ClusterIP + ports: + - name: http + protocol: TCP + port: 80 + targetPort: 8123 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: home-assistant + name: home-assistant + labels: + app: home-assistant +spec: + replicas: 1 + selector: + matchLabels: + app: home-assistant + template: + metadata: + labels: + app: home-assistant + spec: + containers: + - name: bluez + image: ghcr.io/mysticrenji/bluez-service:v1.0.0 + securityContext: + privileged: true + - name: home-assistant + image: ghcr.io/mysticrenji/homeassistant-arm64:2023.3.0 + resources: + requests: + memory: "256Mi" + limits: + memory: "512Mi" + ports: + - containerPort: 8123 + volumeMounts: + - mountPath: /config + name: config + - mountPath: /config/configuration.yaml + subPath: configuration.yaml + name: configmap-file + - mountPath: /config/automations.yaml + subPath: automations.yaml + name: configmap-file + - mountPath: /media + name: media-volume + # - mountPath: /run/dbus + # name: d-bus + # readOnly: true + - mountPath: /dev/ttyUSB1 + name: zigbee + #- mountPath: /dev/video0 + # name: cam + securityContext: + privileged: true + capabilities: + add: + - NET_ADMIN + - NET_RAW + - SYS_ADMIN + hostNetwork: true + volumes: + - name: config + persistentVolumeClaim: + claimName: home-assistant-pvc + - name: media-volume + hostPath: + path: /tmp/media + - name: configmap-file + configMap: + name: home-assistant-configmap + # hostPath: + # path: /tmp/home-assistant + # type: DirectoryOrCreate + # - name: d-bus + # hostPath: + # path: /run/dbus + - name: zigbee + hostPath: + path: /dev/ttyACM0 + #- name: cam + # hostPath: + # path: /dev/video0 +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: home-assistant-configmap + namespace: home-assistant +data: + known_devices.yaml: | + automations.yaml: | + configuration.yaml: |- + default_config: + frontend: + themes: !include_dir_merge_named themes + automation: !include automations.yaml + http: + use_x_forwarded_for: true + trusted_proxies: + - 10.10.0.0/16 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: home-assistant-pvc + labels: + app: home-assistant + namespace: home-assistant +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 9Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim metadata: name: zwavejs2mqtt-pvc labels: diff --git a/Traefik/README.md b/Traefik/README.md index 34b23ce..7ec318b 100644 --- a/Traefik/README.md +++ b/Traefik/README.md @@ -7,6 +7,22 @@ helm install traefik traefik/traefik --namespace traefik --create-namespace --values traefik-values.yaml +## Cert-Manager + +Cert Manager will be used as it will store certs in a secret, therefore accessible for every pod. +In contrast to this, Traefik stores certs on disk, so a volume would be needed in RWX mode (too much effort). + +### Issuer - CA +An issuer is a CA. This can be done with 2 different kinds. + +#### Issuer +can be used in the namespace they are created in. + +#### Cluster Issuer +can be used throughout the whole cluster, not limited to a specific namespace. +i.e. general issuer for all namespaces in cluster. + + ## Troubleshooting steps kubectl create deploy nginx --image=nginx -n test k create svc -n test clusterip nginx --tcp=80 @@ -25,24 +41,11 @@ k apply -f traefik_lempa/nginx-ingress.yaml k get svc -n test k get ingress k get ingress -n test -git staus -git status -git diff -git commit -am "wip thing" -git checkout master -git pull --rebase -git merge wip -git push -git log -git checkout master -cd traefik_lempa helm upgrade traefik traefik/traefik --namespace traefik --create-namespace --values traefik_lempa/traefik-values.yaml -cd .. helm upgrade traefik traefik/traefik --namespace traefik --create-namespace --values traefik_lempa/traefik-values.yaml k get svc ingressRoute k get svc ingressRoutes k get svc ingressroutes.traefik.io -k get svc ingressroutes.traefik.io --all-namespaces k get ingressroutes.traefik.io --all-namespaces helm upgrade traefik traefik/traefik --namespace traefik --create-namespace --values traefik_lempa/traefik-values.yaml exit diff --git a/Traefik/test/dishes-certificate.yaml b/Traefik/test/dishes-certificate.yaml new file mode 100644 index 0000000..5e43300 --- /dev/null +++ b/Traefik/test/dishes-certificate.yaml @@ -0,0 +1,12 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: schnipo-ingress-certificate + namespace: dishes +spec: + secretName: schnipo-certificate-secret + issuerRef: + name: cloudflare-cluster-issuer + kind: ClusterIssuer + dnsNames: + - schnipo.k8s.schnrbs.work \ No newline at end of file diff --git a/Traefik/test/dishes-ingress-route.yaml b/Traefik/test/dishes-ingress-route.yaml new file mode 100644 index 0000000..6accdea --- /dev/null +++ b/Traefik/test/dishes-ingress-route.yaml @@ -0,0 +1,16 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: schnipo-ingress-route + namespace: dishes +spec: + entryPoints: + - websecure + routes: + - match: Host(`schnipo.k8s.schnrbs.work`) + kind: Rule + services: + - name: schnipo + port: 8080 + tls: + secretName: schnipo-certificate-secret diff --git a/Traefik/test/nginx-certificate.yaml b/Traefik/test/nginx-certificate.yaml index 7459a5b..37e10d9 100644 --- a/Traefik/test/nginx-certificate.yaml +++ b/Traefik/test/nginx-certificate.yaml @@ -9,4 +9,4 @@ spec: name: cloudflare-cluster-issuer kind: ClusterIssuer dnsNames: - - nginx-test.k8s.internal.schnrbs.work \ No newline at end of file + - nginx-test.k8s.schnrbs.work \ No newline at end of file diff --git a/Traefik/test/nginx-ingress-route.yaml b/Traefik/test/nginx-ingress-route.yaml index 776f04d..74cd328 100644 --- a/Traefik/test/nginx-ingress-route.yaml +++ b/Traefik/test/nginx-ingress-route.yaml @@ -7,7 +7,7 @@ spec: entryPoints: - websecure routes: - - match: Host(`nginx-test.k8s.internal.schnrbs.work`) + - match: Host(`nginx-test.k8s.schnrbs.work`) kind: Rule services: - name: nginx diff --git a/Traefik/test/nginx-ingress.yaml b/Traefik/test/nginx-ingress.yaml index e4b4966..98e8002 100644 --- a/Traefik/test/nginx-ingress.yaml +++ b/Traefik/test/nginx-ingress.yaml @@ -7,7 +7,7 @@ metadata: traefik.ingress.kubernetes.io/router.entrypoints: websecure spec: rules: - - host: nginx-test.k8s.internal.schnrbs.work + - host: nginx-test.k8s.schnrbs.work http: paths: - path: / @@ -19,5 +19,5 @@ spec: number: 80 tls: - hosts: - - nginx-test.k8s.internal.schnrbs.work + - nginx-test.k8s.schnrbs.work secretName: nginx-certificate-secret diff --git a/Traefik/traefik-values.yaml b/Traefik/traefik-values.yaml index 40aaf40..cec8334 100644 --- a/Traefik/traefik-values.yaml +++ b/Traefik/traefik-values.yaml @@ -1,10 +1,15 @@ ports: web: - redirectTo: - port: websecure + redirections: + entryPoint: + to: websecure + scheme: https +logs: + general: + level: DEBUG ingressRoute: dashboard: enabled: true entryPoints: [web, websecure] - matchRule: Host(`traefik-dashboard.k8s.redacted`) + matchRule: Host(`traefik-dashboard.k8s.schnrbs.work`) \ No newline at end of file