Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Homepage #1636

Closed
wants to merge 32 commits into from
Closed

Homepage #1636

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
46e2d7b
Initial commit :rocket:
fabricesemti80 Nov 11, 2024
c975f3b
feat(bootstrap): :rocket: make things production
fabricesemti80 Nov 11, 2024
ecb66de
feat(bootstrap): :fire: reconfigure certs
fabricesemti80 Nov 11, 2024
6b041bb
fix(bootstrap): :fire: reconfigure secrets
fabricesemti80 Nov 11, 2024
80fd2b6
build(storage): :art: update TaskFiles
fabricesemti80 Nov 16, 2024
7e52dd8
build(storage): :zap: `add csi-driver-nfs` repo
fabricesemti80 Nov 16, 2024
9ba22ea
Merge pull request #1 from fabricesemti80/storage
fabricesemti80 Nov 16, 2024
e281349
feat(storage): :zap: build nfs storage classes
fabricesemti80 Nov 16, 2024
a69b6c2
Merge pull request #2 from fabricesemti80/storage
fabricesemti80 Nov 16, 2024
3c757b2
build(hajimari): :rocket: build hajimari application
fabricesemti80 Nov 16, 2024
3847d82
build(hajimari): :ambulance: add repository
fabricesemti80 Nov 16, 2024
7458608
fix(hajimari): :ambulance: adjust persistence
fabricesemti80 Nov 16, 2024
03640c7
fix(hajimari): :bug: fix kubevalidations
fabricesemti80 Nov 16, 2024
f768399
Merge pull request #3 from fabricesemti80/hajimari
fabricesemti80 Nov 16, 2024
d4713d6
fix(hajimari): :ambulance: missed indentation
fabricesemti80 Nov 16, 2024
f4f612b
Merge pull request #4 from fabricesemti80/hajimari
fabricesemti80 Nov 16, 2024
6a07f38
build(homepage): :zap: add homepage repository
fabricesemti80 Nov 16, 2024
3ce7d93
build(homepage): :rocket: try deploy this app
fabricesemti80 Nov 16, 2024
cb059e3
fix(homepage): :ambulance: kustomization mistakes
fabricesemti80 Nov 16, 2024
40ecce3
Merge pull request #5 from fabricesemti80/homepage
fabricesemti80 Nov 16, 2024
77e64e4
fix(homepage): :ambulance: activate kustomization
fabricesemti80 Nov 16, 2024
3634cee
Merge pull request #6 from fabricesemti80/homepage
fabricesemti80 Nov 16, 2024
4cfd71c
fix version
fabricesemti80 Nov 16, 2024
d3b2a0d
Merge pull request #7 from fabricesemti80/homepage
fabricesemti80 Nov 16, 2024
7149a35
update kubernetes widget
fabricesemti80 Nov 16, 2024
e2f3213
Merge pull request #8 from fabricesemti80/homepage
fabricesemti80 Nov 16, 2024
8d26cc5
Merge branch 'onedr0p:main' into main
fabricesemti80 Nov 16, 2024
bee0278
initialize pre-commit
fabricesemti80 Nov 17, 2024
b11e2e3
initialize pre-commit
fabricesemti80 Nov 17, 2024
3c6a21c
initialize pre-commit
fabricesemti80 Nov 17, 2024
4171837
Merge pull request #9 from fabricesemti80/precommit
fabricesemti80 Nov 17, 2024
ee3d8e0
(homepage): :sparkles: add bookmarks and servicesces
fabricesemti80 Nov 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions .pre-commit-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
repos:
- repo: local
hooks:
- id: kubeconform
name: Validate Kubernetes manifests
entry: task kubernetes:kubeconform
language: system
pass_filenames: false
types: [yaml]
files: ^kubernetes/.*\.(yaml|yml)$

- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-yaml
- id: check-added-large-files
12 changes: 12 additions & 0 deletions .sops.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
creation_rules:
- # IMPORTANT: This rule MUST be above the others
path_regex: talos/.*\.sops\.ya?ml
key_groups:
- age:
- "age17d79xwwv043mkvf45yfr372hc520nd468jxtm0a7wap4an3nxscsn8qtm7"
- path_regex: kubernetes/.*\.sops\.ya?ml
encrypted_regex: "^(data|stringData)$"
key_groups:
- age:
- "age17d79xwwv043mkvf45yfr372hc520nd468jxtm0a7wap4an3nxscsn8qtm7"
35 changes: 35 additions & 0 deletions .taskfiles/secrets/Taskfile.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
version: '3'

env:
EDITOR: nvim

tasks:
edit-sops-k8s:
desc: Edit cluster secrets using SOPS with Neovim
cmds:
- EDITOR=nvim sops {{.KUBERNETES_DIR}}/flux/vars/cluster-secrets.sops.yaml

view-sops-k8s:
desc: View decrypted cluster secrets file
cmds:
- sops -d {{.KUBERNETES_DIR}}/flux/vars/cluster-secrets.sops.yaml

edit-sops-cf:
desc: Edit Cloudflare using SOPS with Neovim
cmds:
- EDITOR=nvim sops {{.KUBERNETES_DIR}}/apps/network/cloudflared/app/secret.sops.yaml

view-sops-cf:
desc: View decrypted Cloudflare secrets file
cmds:
- sops -d {{.KUBERNETES_DIR}}/apps/network/cloudflared/app/secret.sops.yaml

view-k8s:
desc: View current cluster secrets in Kubernetes
cmds:
- kubectl get secret cluster-secrets -n flux-system -o yaml

view-k8s-decoded:
desc: View decoded cluster secrets in Kubernetes
cmds:
- kubectl get secret cluster-secrets -n flux-system -o yaml | yq '.data | map_values(@base64d)'
1 change: 1 addition & 0 deletions Taskfile.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ includes:
bootstrap: .taskfiles/bootstrap
kubernetes: .taskfiles/kubernetes
talos: .taskfiles/talos
secrets: .taskfiles/secrets
workstation: .taskfiles/workstation
user:
taskfile: .taskfiles/User
Expand Down
31 changes: 31 additions & 0 deletions kubernetes/apps/cert-manager/cert-manager/app/helmrelease.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: cert-manager
spec:
interval: 30m
chart:
spec:
chart: cert-manager
version: v1.16.1
sourceRef:
kind: HelmRepository
name: jetstack
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
crds:
enabled: true
dns01RecursiveNameservers: https://1.1.1.1:443/dns-query,https://1.0.0.1:443/dns-query
dns01RecursiveNameserversOnly: true
prometheus:
enabled: true
servicemonitor:
enabled: true
5 changes: 5 additions & 0 deletions kubernetes/apps/cert-manager/cert-manager/app/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml
39 changes: 39 additions & 0 deletions kubernetes/apps/cert-manager/cert-manager/issuers/issuers.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: "${SECRET_ACME_EMAIL}"
privateKeySecretRef:
name: letsencrypt-production
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cert-manager-secret
key: api-token
selector:
dnsZones:
- "${SECRET_DOMAIN}"
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: "${SECRET_ACME_EMAIL}"
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cert-manager-secret
key: api-token
selector:
dnsZones:
- "${SECRET_DOMAIN}"
6 changes: 6 additions & 0 deletions kubernetes/apps/cert-manager/cert-manager/issuers/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./secret.sops.yaml
- ./issuers.yaml
26 changes: 26 additions & 0 deletions kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
apiVersion: v1
kind: Secret
metadata:
name: cert-manager-secret
stringData:
api-token: ENC[AES256_GCM,data:oHUeqLlKYNPKBAJRdPfOHls0qFpsJfJcKJEV5MpL/kCocWKP9UdlCA==,iv:W4O9DX9YToi+vbjLbyM0cMQz0cmmQ/DJNaYca4lCT5Q=,tag:swEymk8UHhXNiMm3sK7GKQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age17d79xwwv043mkvf45yfr372hc520nd468jxtm0a7wap4an3nxscsn8qtm7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOd0duQVR6Z1UvUFo5VWN1
QUwwSEsvTCtQeFFVRUlFZGlKRzhmSWloQ1JFCk04R2FoNUN4Q1FjNi9pN0psTmh3
UlEyN3V1Vlc0bVlqVnhESklsY2FCSzQKLS0tIDlxaXBoeGRMTEtYMitxOUkrdTZH
eTIrSE9nb2hBK1p6MkZEaWU3UDUzaGsKoajdXevlahqNUzHTOZ0897uI++dj88UR
M3s5+Rg9GEPtEcEjPFu4Ly6CCC/uIDTzxS57DKlRlDMt/AqMHSaC8Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-11T20:46:35Z"
mac: ENC[AES256_GCM,data:NNzdW+E2FMVrLRE7iXqzEgnfe6xCWoQSjl6cDfDpi1zA9ERPgb5zN2D6VhPwNC0R5SkZw6qCkddgzpyDVo5JL2y7l8VAtQ8s/6jULAy5Pr8YXDk2IJG7eJXoXNfCAgx4yVCZs6qQr2msfrvOaSkNW77HTi9GeP3qrWOrKjmixTo=,iv:WD2E46Wi3jd/FsUtQW7HMY4ewsgNQLMHJPBrVH6WZYU=,tag:PA7rsmpWiAXrWlfT5/IUCA==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.9.1
40 changes: 40 additions & 0 deletions kubernetes/apps/cert-manager/cert-manager/ks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app cert-manager
namespace: flux-system
spec:
targetNamespace: cert-manager
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/cert-manager/cert-manager/app
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
wait: true
interval: 30m
timeout: 5m
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app cert-manager-issuers
namespace: flux-system
spec:
targetNamespace: cert-manager
commonMetadata:
labels:
app.kubernetes.io/name: *app
dependsOn:
- name: cert-manager
path: ./kubernetes/apps/cert-manager/cert-manager/issuers
prune: true
sourceRef:
kind: GitRepository
name: home-kubernetes
wait: true
interval: 30m
timeout: 5m
6 changes: 6 additions & 0 deletions kubernetes/apps/cert-manager/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./namespace.yaml
- ./cert-manager/ks.yaml
7 changes: 7 additions & 0 deletions kubernetes/apps/cert-manager/namespace.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager
labels:
kustomize.toolkit.fluxcd.io/prune: disabled
115 changes: 115 additions & 0 deletions kubernetes/apps/default/hajimari/app/helmrelease.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: hajimari
namespace: default
spec:
interval: 30m
chart:
spec:
chart: hajimari
version: 2.0.2
sourceRef:
kind: HelmRepository
name: hajimari
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
controller:
strategy: RollingUpdate

env:
- name: HAJIMARI_DEFAULT_GROUP
value: "default"

persistence:
config:
enabled: true
existingClaim: hajimari-config # Reference your existing PVC

# persistence:
# config:
# enabled: true
# storageClass: configs-nfs
# accessMode: ReadWriteOnce
# size: 1Gi
# volumeAttributes:
# server: ${NAS_IP}
# share: ${SETTINGS_NAS_APPDATA_PATH}

hajimari:
defaultEnable: true
namespaceSelector:
matchNames:
- default
- networking
name: "Fabrice"
customApps:
- name: Some App
url: http://some-app.default.svc.cluster.local
icon: test-tube
groups:
- name: Kubernetes
links:
- name: Rancher
url: "https://rancher.example.com"
- name: Grafana
url: "https://grafana.example.com"

ingress:
main:
enabled: true
ingressClassName: external
annotations:

external-dns.alpha.kubernetes.io/target: "external.${SECRET_DOMAIN}"

gethomepage.dev/enabled: "true"
gethomepage.dev/description: Alternative to Homepage
gethomepage.dev/group: Operations
gethomepage.dev/icon: hajimari.png
gethomepage.dev/name: Toboshii

hosts:
- host: &host "hajimari.${SECRET_DOMAIN}"
paths:
- path: /
pathType: Prefix

resources:
requests:
cpu: 100m
memory: 128Mi
limits:
memory: 256Mi

serviceMonitor:
main:
enabled: true
endpoints:
- port: http
scheme: http
path: /metrics
interval: 1m
scrapeTimeout: 10s

securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop: ["ALL"]

podSecurityContext:
runAsNonRoot: true
runAsUser: 65534
runAsGroup: 65534
fsGroup: 65534
seccompProfile:
type: RuntimeDefault
9 changes: 9 additions & 0 deletions kubernetes/apps/default/hajimari/app/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# /kubernetes/apps/default/hajimari/app/kustomization.yaml
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: default
resources:
- ./helmrelease.yaml
- ./pvc.yaml
---
15 changes: 15 additions & 0 deletions kubernetes/apps/default/hajimari/app/pvc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# /kubernetes/apps/default/hajimari/app/pvc.yaml
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: hajimari-config
namespace: default
spec:
accessModes:
- ReadWriteOnce
storageClassName: config-nfs
resources:
requests:
storage: 1Gi

Loading
Loading