Lumpiasty/klaster
0
0
Fork 0
Code Issues Pull Requests 4 Packages Projects Releases Wiki Activity

Delete old infra-scripts

Browse Source
This commit is contained in:
Lumpiasty
2025-02-12 00:39:58 +01:00
parent 9468f7b456
commit a60eb3a6e3
18 changed files with 0 additions and 586 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
infra-scripts/cert-manager/Makefile
View File

@@ -1,6 +0,0 @@
install:
helm repo add cert-manager https://charts.jetstack.io
helm repo update cert-manager
helm upgrade --install -n cert-manager --create-namespace cert-manager cert-manager/cert-manager --version 1.17.0 -f values.yml
kubectl apply -f cluster-issuer.yml

14
infra-scripts/cert-manager/cluster-issuer.yml
View File

@@ -1,14 +0,0 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
email: arek.dzski@gmail.com
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- http01:
ingress:
ingressClassName: nginx
privateKeySecretRef:
name: letsencrypt-key

2
infra-scripts/cert-manager/values.yml
View File

@@ -1,2 +0,0 @@
crds:
enabled: true

5
infra-scripts/cilium/Makefile
View File

@@ -1,5 +0,0 @@
install:
helm repo add cilium https://helm.cilium.io/
helm repo update cilium
helm upgrade --install -n kube-system cilium cilium/cilium --version 1.16.6 -f values.yml
kubectl apply -f loadbalancer-ippool.yml -f bgp-cluster-config.yml

62
infra-scripts/cilium/bgp-cluster-config.yml
View File

@@ -1,62 +0,0 @@
apiVersion: cilium.io/v2alpha1
kind: CiliumBGPClusterConfig
metadata:
name: router
spec:
bgpInstances:
- name: "main"
localASN: 65000
peers:
- name: barracuda
peerASN: 65000
peerAddress: 2001:470:61a3:100:ffff:ffff:ffff:ffff
peerConfigRef:
name: cilium-peer
---
apiVersion: cilium.io/v2alpha1
kind: CiliumBGPPeerConfig
metadata:
name: cilium-peer
spec:
timers:
keepAliveTimeSeconds: 3
holdTimeSeconds: 9
connectRetryTimeSeconds: 12
gracefulRestart:
enabled: true
restartTimeSeconds: 60
families:
- afi: ipv4
safi: unicast
advertisements:
matchLabels:
advertise: bgp
- afi: ipv6
safi: unicast
advertisements:
matchLabels:
advertise: bgp
---
apiVersion: cilium.io/v2alpha1
kind: CiliumBGPAdvertisement
metadata:
name: bgp-advertisements
labels:
advertise: bgp
spec:
advertisements:
- advertisementType: "CiliumPodIPPool"
# Wanting to advertise all pools
# https://docs.cilium.io/en/v1.16/network/bgp-control-plane/bgp-control-plane-v2/#multipool-ipam
selector:
matchExpressions:
- { key: somekey, operator: NotIn, values: ["never-used-value"] }
- advertisementType: Service
service:
addresses:
# Not advertising ClusterIP - kubeproxyreplacement should? translate them directly to pod ips
# Not advertising ExternalIP - they should be reachable via static config
- LoadBalancerIP
selector:
matchExpressions:
- { key: somekey, operator: NotIn, values: ["never-used-value"] }

8
infra-scripts/cilium/loadbalancer-ippool.yml
View File

@@ -1,8 +0,0 @@
apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
metadata:
name: "blue-pool"
spec:
blocks:
- cidr: 10.44.0.0/16
- cidr: 2001:470:61a3:400::/112

74
infra-scripts/cilium/values.yml
View File

@@ -1,74 +0,0 @@
# Talos specific
# https://www.talos.dev/v1.9/kubernetes-guides/network/deploying-cilium/
kubeProxyReplacement: true
securityContext:
capabilities:
ciliumAgent:
- CHOWN
- KILL
- NET_ADMIN
- NET_RAW
- IPC_LOCK
- SYS_ADMIN
- SYS_RESOURCE
- DAC_OVERRIDE
- FOWNER
- SETGID
- SETUID
cleanCiliumState:
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE
cgroup:
autoMount:
enabled: false
hostRoot: /sys/fs/cgroup
k8sServiceHost: localhost
k8sServicePort: 7445
# Homelab
routingMode: native
ipv6:
enabled: true
# Enable managing of IP Pools via CRD
ipam:
mode: multi-pool
operator:
autoCreateCiliumPodIPPools:
default:
# In line with controlplane.yml
ipv4:
cidrs:
- 10.42.0.0/16
maskSize: 24
ipv6:
cidrs:
- 2001:470:61a3:200::/104
maskSize: 120
# Disable masquerading, ipv4 is done at router level
enableIPv4Masquerade: false
enableIPv6Masquerade: false
# Enable peering announcing routes via BGP
bgpControlPlane:
enabled: true
# Decrease requests
resources:
requests:
cpu: 0
operator:
resources:
requests:
cpu: 0
envoy:
resources:
requests:
cpu: 0

2
infra-scripts/dns/Makefile
View File

@@ -1,2 +0,0 @@
install:
kubectl apply -f proxy.yml -f svc.yml

170
infra-scripts/dns/proxy.yml
View File

@@ -1,170 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns-external
namespace: kube-system
data:
Corefile: |-
lb.homelab.lumpiasty.xyz.:53 {
view externalv4 {
expr type() in ['A']
expr not hasSuffix(name(), '.in-addr.arpa.')
}
log . {
class all
}
template IN A {
answer "{{ .Name }} 60 IN A 139.28.40.212"
}
}
.:53 {
# Filter out anything IPv4 related
view external {
expr type() in ['AAAA', 'SRV', 'PTR']
expr not hasSuffix(name(), '.in-addr.arpa.')
}
errors
health {
lameduck 5s
}
ready
log . {
class error
}
# Exposes kubernetes domain names under homelab.lumpiasty.xyz
# https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
kubernetes homelab.lumpiasty.xyz ip6.arpa {
pods insecure
endpoint_pod_names
ttl 30
}
# Exposes loadbalancer domain names under lb.homelab.lumpiasty.xyz
k8s_external lb.homelab.lumpiasty.xyz {
ttl 30
}
# Cache results to reduce stress on apiserver
cache 30 {
disable success homelab.lumpiasty.xyz
disable denial homelab.lumpiasty.xyz
}
reload
loadbalance
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: kube-dns-external
kubernetes.io/name: CoreDNS
name: coredns-external
namespace: kube-system
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kube-dns-external
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
k8s-app: kube-dns-external
spec:
subdomain: kube-dns-external
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: k8s-app
operator: In
values:
- kube-dns
topologyKey: kubernetes.io/hostname
weight: 100
containers:
- args:
- -conf
- /etc/coredns/Corefile
env:
- name: GOMEMLIMIT
value: 161MiB
image: registry.k8s.io/coredns/coredns:v1.12.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 5
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: coredns
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 9153
name: metrics
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /ready
port: 8181
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
memory: 170Mi
requests:
cpu: 0
memory: 70Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /etc/coredns
name: config-volume
readOnly: true
dnsPolicy: Default
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
restartPolicy: Always
schedulerName: default-scheduler
serviceAccount: coredns
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
- effect: NoSchedule
key: node.cloudprovider.kubernetes.io/uninitialized
operator: Exists
volumes:
- configMap:
defaultMode: 420
items:
- key: Corefile
path: Corefile
name: coredns-external
name: config-volume

20
infra-scripts/dns/svc.yml
View File

@@ -1,20 +0,0 @@
apiVersion: v1
kind: Service
metadata:
namespace: kube-system
name: kube-dns-external
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ipFamilyPolicy: RequireDualStack
selector:
k8s-app: kube-dns-external
ports:
- name: dns
port: 53
targetPort: 53
protocol: UDP
- name: dns-tcp
port: 53
targetPort: 53
protocol: TCP

4
infra-scripts/gitea/Makefile
View File

@@ -1,4 +0,0 @@
install:
helm repo add gitea-charts https://dl.gitea.com/charts/
helm repo update gitea-charts
helm upgrade --install -n gitea --create-namespace gitea gitea-charts/gitea --version 10.6.0 -f values.yml

78
infra-scripts/gitea/values.yml
View File

@@ -1,78 +0,0 @@
postgresql-ha:
enabled: false
postgresql:
enabled: true
primary:
persistence:
enabled: true
storageClass: mayastor-single-hdd
resources:
requests:
cpu: 0
redis-cluster:
enabled: false
redis:
enabled: true
master:
persistence:
enabled: true
storageClass: mayastor-single-hdd
resources:
requests:
cpu: 0
persistence:
enabled: true
storageClass: mayastor-single-hdd
gitea:
config:
database:
DB_TYPE: postgres
indexer:
ISSUE_INDEXER_TYPE: bleve
REPO_INDEXER_ENABLED: true
admin:
username: GiteaAdmin
email: gi@tea.com
passwordMode: initialOnlyRequireReset
service:
ssh:
annotations:
lbipam.cilium.io/sharing-key: gitea
lbipam.cilium.io/sharing-cross-namespace: nginx-ingress-controller
lbipam.cilium.io/ips: 10.44.0.0,2001:470:61a3:400::1
type: LoadBalancer
port: 22
# Requirement for sharing ip with other service
externalTrafficPolicy: Cluster
ipFamilyPolicy: RequireDualStack
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt
acme.cert-manager.io/http01-edit-in-place: "true"
hosts:
- host: gitea.lumpiasty.xyz
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- gitea.lumpiasty.xyz
secretName: gitea-ingress
resources:
requests:
cpu: 0
initContainers:
resources:
requests:
cpu: 0

4
infra-scripts/nginx/Makefile
View File

@@ -1,4 +0,0 @@
install:
helm repo add nginx https://helm.nginx.com/stable
helm repo update nginx
helm upgrade --install -n nginx-ingress-controller --create-namespace nginx-ingress nginx/nginx-ingress --version 2.0.1 -f values.yaml

24
infra-scripts/nginx/values.yaml
View File

@@ -1,24 +0,0 @@
controller:
resources:
requests:
cpu: 0
memory: 128Mi
limits:
cpu: 100m
memory: 128Mi
ingressClass:
create: true
setAsDefaultIngress: true
service:
create: true
type: LoadBalancer
# Requirement for sharing ip with other service
externalTrafficPolicy: Cluster
ipFamilyPolicy: RequireDualStack
annotations:
# Share IP with gitea ssh so we can have the same domain for both port
lbipam.cilium.io/sharing-key: gitea
lbipam.cilium.io/sharing-cross-namespace: gitea
lbipam.cilium.io/ips: 10.44.0.0,2001:470:61a3:400::1

7
infra-scripts/openebs/Makefile
View File

@@ -1,7 +0,0 @@
install:
helm repo add openebs https://openebs.github.io/openebs
helm repo update openebs
helm upgrade -i -n openebs --create-namespace openebs openebs/openebs -f values.yml
kubectl apply -f diskpools/zoma-dibaiyin-hdd.yml
kubectl apply -f single-hdd-sc.yml

11
infra-scripts/openebs/diskpools/zoma-dibaiyin-hdd.yml
View File

@@ -1,11 +0,0 @@
apiVersion: "openebs.io/v1beta2"
kind: DiskPool
metadata:
name: zoma-dibaiyin-hdd
namespace: openebs
spec:
node: zoma-dibaiyin
disks: ["aio:///dev/disk/by-id/wwn-0x5000c500ba15dcf7"]
topology:
labelled:
type: hdd

18
infra-scripts/openebs/single-hdd-sc.yml
View File

@@ -1,18 +0,0 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: mayastor-single-hdd
parameters:
protocol: nvmf
# Single replica
repl: "1"
# Thin provision volumes
thin: "true"
# Allow expansion of volumes
allowVolumeExpansion: "true"
# Generate new filesystem's uuid when cloning
cloneFsIdAsVolumeId: "true"
# Schedule this sconly on hdd
poolAffinityTopologyLabel: |
type: hdd
provisioner: io.openebs.csi-mayastor

77
infra-scripts/openebs/values.yml
View File

@@ -1,77 +0,0 @@
zfs-localpv:
cidrs:
zfsLocalPv:
enabled: false
lvm-localpv:
crds:
lmvLocalPv:
enabled: false
mayastor:
csi:
node:
initContainers:
# We need to disable the init container that checks for the nvme_tcp module, since Talos has that module built-in.
# https://www.talos.dev/v1.9/kubernetes-guides/configuration/storage/#deploy-mayastor
enabled: false
resources:
requests:
cpu: 0
controller:
resources:
requests:
cpu: 0
etcd:
clusterDomain: homelab.lumpiasty.xyz
# Single node cluster for now
replicaCount: 1
io_engine:
# Workaround for crashing io-engine
# https://github.com/openebs/mayastor/issues/1763#issuecomment-2481922234
envcontext: "iova-mode=pa"
agents:
core:
resources:
requests:
cpu: 0
ha:
node:
resources:
requests:
cpu: 0
cluster:
resources:
requests:
cpu: 0
apis:
rest:
resources:
requests:
cpu: 0
obs:
callhome:
resources:
requests:
cpu: 0
stats:
resources:
requests:
cpu: 0
operators:
pool:
resources:
requests:
cpu: 0
engines:
local:
lvm:
enabled: false
zfs:
enabled: false
replicated:
mayastor:
enabled: true