diff --git a/infra-scripts/cert-manager/Makefile b/infra-scripts/cert-manager/Makefile deleted file mode 100644 index 05b352e..0000000 --- a/infra-scripts/cert-manager/Makefile +++ /dev/null @@ -1,6 +0,0 @@ -install: - helm repo add cert-manager https://charts.jetstack.io - helm repo update cert-manager - helm upgrade --install -n cert-manager --create-namespace cert-manager cert-manager/cert-manager --version 1.17.0 -f values.yml - - kubectl apply -f cluster-issuer.yml diff --git a/infra-scripts/cert-manager/cluster-issuer.yml b/infra-scripts/cert-manager/cluster-issuer.yml deleted file mode 100644 index f00015b..0000000 --- a/infra-scripts/cert-manager/cluster-issuer.yml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt -spec: - acme: - email: arek.dzski@gmail.com - server: https://acme-v02.api.letsencrypt.org/directory - solvers: - - http01: - ingress: - ingressClassName: nginx - privateKeySecretRef: - name: letsencrypt-key diff --git a/infra-scripts/cert-manager/values.yml b/infra-scripts/cert-manager/values.yml deleted file mode 100644 index c526c4b..0000000 --- a/infra-scripts/cert-manager/values.yml +++ /dev/null @@ -1,2 +0,0 @@ -crds: - enabled: true diff --git a/infra-scripts/cilium/Makefile b/infra-scripts/cilium/Makefile deleted file mode 100644 index b87ab12..0000000 --- a/infra-scripts/cilium/Makefile +++ /dev/null @@ -1,5 +0,0 @@ -install: - helm repo add cilium https://helm.cilium.io/ - helm repo update cilium - helm upgrade --install -n kube-system cilium cilium/cilium --version 1.16.6 -f values.yml - kubectl apply -f loadbalancer-ippool.yml -f bgp-cluster-config.yml diff --git a/infra-scripts/cilium/bgp-cluster-config.yml b/infra-scripts/cilium/bgp-cluster-config.yml deleted file mode 100644 index 355512d..0000000 --- a/infra-scripts/cilium/bgp-cluster-config.yml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: cilium.io/v2alpha1 -kind: CiliumBGPClusterConfig -metadata: - name: router -spec: - bgpInstances: - - name: "main" - localASN: 65000 - peers: - - name: barracuda - peerASN: 65000 - peerAddress: 2001:470:61a3:100:ffff:ffff:ffff:ffff - peerConfigRef: - name: cilium-peer ---- -apiVersion: cilium.io/v2alpha1 -kind: CiliumBGPPeerConfig -metadata: - name: cilium-peer -spec: - timers: - keepAliveTimeSeconds: 3 - holdTimeSeconds: 9 - connectRetryTimeSeconds: 12 - gracefulRestart: - enabled: true - restartTimeSeconds: 60 - families: - - afi: ipv4 - safi: unicast - advertisements: - matchLabels: - advertise: bgp - - afi: ipv6 - safi: unicast - advertisements: - matchLabels: - advertise: bgp ---- -apiVersion: cilium.io/v2alpha1 -kind: CiliumBGPAdvertisement -metadata: - name: bgp-advertisements - labels: - advertise: bgp -spec: - advertisements: - - advertisementType: "CiliumPodIPPool" - # Wanting to advertise all pools - # https://docs.cilium.io/en/v1.16/network/bgp-control-plane/bgp-control-plane-v2/#multipool-ipam - selector: - matchExpressions: - - { key: somekey, operator: NotIn, values: ["never-used-value"] } - - advertisementType: Service - service: - addresses: - # Not advertising ClusterIP - kubeproxyreplacement should? translate them directly to pod ips - # Not advertising ExternalIP - they should be reachable via static config - - LoadBalancerIP - selector: - matchExpressions: - - { key: somekey, operator: NotIn, values: ["never-used-value"] } diff --git a/infra-scripts/cilium/loadbalancer-ippool.yml b/infra-scripts/cilium/loadbalancer-ippool.yml deleted file mode 100644 index b06b8c0..0000000 --- a/infra-scripts/cilium/loadbalancer-ippool.yml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: "cilium.io/v2alpha1" -kind: CiliumLoadBalancerIPPool -metadata: - name: "blue-pool" -spec: - blocks: - - cidr: 10.44.0.0/16 - - cidr: 2001:470:61a3:400::/112 diff --git a/infra-scripts/cilium/values.yml b/infra-scripts/cilium/values.yml deleted file mode 100644 index 6dbdb7c..0000000 --- a/infra-scripts/cilium/values.yml +++ /dev/null @@ -1,74 +0,0 @@ -# Talos specific -# https://www.talos.dev/v1.9/kubernetes-guides/network/deploying-cilium/ -kubeProxyReplacement: true - -securityContext: - capabilities: - ciliumAgent: - - CHOWN - - KILL - - NET_ADMIN - - NET_RAW - - IPC_LOCK - - SYS_ADMIN - - SYS_RESOURCE - - DAC_OVERRIDE - - FOWNER - - SETGID - - SETUID - cleanCiliumState: - - NET_ADMIN - - SYS_ADMIN - - SYS_RESOURCE - -cgroup: - autoMount: - enabled: false - hostRoot: /sys/fs/cgroup - -k8sServiceHost: localhost -k8sServicePort: 7445 - -# Homelab -routingMode: native -ipv6: - enabled: true - -# Enable managing of IP Pools via CRD -ipam: - mode: multi-pool - operator: - autoCreateCiliumPodIPPools: - default: - # In line with controlplane.yml - ipv4: - cidrs: - - 10.42.0.0/16 - maskSize: 24 - ipv6: - cidrs: - - 2001:470:61a3:200::/104 - maskSize: 120 - -# Disable masquerading, ipv4 is done at router level -enableIPv4Masquerade: false -enableIPv6Masquerade: false - -# Enable peering announcing routes via BGP -bgpControlPlane: - enabled: true - -# Decrease requests -resources: - requests: - cpu: 0 - -operator: - resources: - requests: - cpu: 0 - -envoy: - resources: - requests: - cpu: 0 diff --git a/infra-scripts/dns/Makefile b/infra-scripts/dns/Makefile deleted file mode 100644 index 8533b5a..0000000 --- a/infra-scripts/dns/Makefile +++ /dev/null @@ -1,2 +0,0 @@ -install: - kubectl apply -f proxy.yml -f svc.yml \ No newline at end of file diff --git a/infra-scripts/dns/proxy.yml b/infra-scripts/dns/proxy.yml deleted file mode 100644 index 8929250..0000000 --- a/infra-scripts/dns/proxy.yml +++ /dev/null @@ -1,170 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: coredns-external - namespace: kube-system -data: - Corefile: |- - lb.homelab.lumpiasty.xyz.:53 { - view externalv4 { - expr type() in ['A'] - expr not hasSuffix(name(), '.in-addr.arpa.') - } - log . { - class all - } - template IN A { - answer "{{ .Name }} 60 IN A 139.28.40.212" - } - } - .:53 { - # Filter out anything IPv4 related - view external { - expr type() in ['AAAA', 'SRV', 'PTR'] - expr not hasSuffix(name(), '.in-addr.arpa.') - } - errors - health { - lameduck 5s - } - ready - log . { - class error - } - # Exposes kubernetes domain names under homelab.lumpiasty.xyz - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ - kubernetes homelab.lumpiasty.xyz ip6.arpa { - pods insecure - endpoint_pod_names - ttl 30 - } - # Exposes loadbalancer domain names under lb.homelab.lumpiasty.xyz - k8s_external lb.homelab.lumpiasty.xyz { - ttl 30 - } - # Cache results to reduce stress on apiserver - cache 30 { - disable success homelab.lumpiasty.xyz - disable denial homelab.lumpiasty.xyz - } - reload - loadbalance - } ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - k8s-app: kube-dns-external - kubernetes.io/name: CoreDNS - name: coredns-external - namespace: kube-system -spec: - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - k8s-app: kube-dns-external - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - k8s-app: kube-dns-external - spec: - subdomain: kube-dns-external - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: k8s-app - operator: In - values: - - kube-dns - topologyKey: kubernetes.io/hostname - weight: 100 - containers: - - args: - - -conf - - /etc/coredns/Corefile - env: - - name: GOMEMLIMIT - value: 161MiB - image: registry.k8s.io/coredns/coredns:v1.12.0 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /ready - port: 8181 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - memory: 170Mi - requests: - cpu: 0 - memory: 70Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /etc/coredns - name: config-volume - readOnly: true - dnsPolicy: Default - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - restartPolicy: Always - schedulerName: default-scheduler - serviceAccount: coredns - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Exists - - effect: NoSchedule - key: node.cloudprovider.kubernetes.io/uninitialized - operator: Exists - volumes: - - configMap: - defaultMode: 420 - items: - - key: Corefile - path: Corefile - name: coredns-external - name: config-volume diff --git a/infra-scripts/dns/svc.yml b/infra-scripts/dns/svc.yml deleted file mode 100644 index b60e86e..0000000 --- a/infra-scripts/dns/svc.yml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - namespace: kube-system - name: kube-dns-external -spec: - type: LoadBalancer - externalTrafficPolicy: Local - ipFamilyPolicy: RequireDualStack - selector: - k8s-app: kube-dns-external - ports: - - name: dns - port: 53 - targetPort: 53 - protocol: UDP - - name: dns-tcp - port: 53 - targetPort: 53 - protocol: TCP diff --git a/infra-scripts/gitea/Makefile b/infra-scripts/gitea/Makefile deleted file mode 100644 index 6724eae..0000000 --- a/infra-scripts/gitea/Makefile +++ /dev/null @@ -1,4 +0,0 @@ -install: - helm repo add gitea-charts https://dl.gitea.com/charts/ - helm repo update gitea-charts - helm upgrade --install -n gitea --create-namespace gitea gitea-charts/gitea --version 10.6.0 -f values.yml diff --git a/infra-scripts/gitea/values.yml b/infra-scripts/gitea/values.yml deleted file mode 100644 index b600dde..0000000 --- a/infra-scripts/gitea/values.yml +++ /dev/null @@ -1,78 +0,0 @@ -postgresql-ha: - enabled: false - -postgresql: - enabled: true - primary: - persistence: - enabled: true - storageClass: mayastor-single-hdd - resources: - requests: - cpu: 0 - -redis-cluster: - enabled: false - -redis: - enabled: true - master: - persistence: - enabled: true - storageClass: mayastor-single-hdd - resources: - requests: - cpu: 0 - -persistence: - enabled: true - storageClass: mayastor-single-hdd - -gitea: - config: - database: - DB_TYPE: postgres - indexer: - ISSUE_INDEXER_TYPE: bleve - REPO_INDEXER_ENABLED: true - admin: - username: GiteaAdmin - email: gi@tea.com - passwordMode: initialOnlyRequireReset - -service: - ssh: - annotations: - lbipam.cilium.io/sharing-key: gitea - lbipam.cilium.io/sharing-cross-namespace: nginx-ingress-controller - lbipam.cilium.io/ips: 10.44.0.0,2001:470:61a3:400::1 - type: LoadBalancer - port: 22 - # Requirement for sharing ip with other service - externalTrafficPolicy: Cluster - ipFamilyPolicy: RequireDualStack - -ingress: - enabled: true - className: nginx - annotations: - cert-manager.io/cluster-issuer: letsencrypt - acme.cert-manager.io/http01-edit-in-place: "true" - hosts: - - host: gitea.lumpiasty.xyz - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - gitea.lumpiasty.xyz - secretName: gitea-ingress - -resources: - requests: - cpu: 0 - -initContainers: - resources: - requests: - cpu: 0 diff --git a/infra-scripts/nginx/Makefile b/infra-scripts/nginx/Makefile deleted file mode 100644 index ffe8c5f..0000000 --- a/infra-scripts/nginx/Makefile +++ /dev/null @@ -1,4 +0,0 @@ -install: - helm repo add nginx https://helm.nginx.com/stable - helm repo update nginx - helm upgrade --install -n nginx-ingress-controller --create-namespace nginx-ingress nginx/nginx-ingress --version 2.0.1 -f values.yaml diff --git a/infra-scripts/nginx/values.yaml b/infra-scripts/nginx/values.yaml deleted file mode 100644 index 7e5fc54..0000000 --- a/infra-scripts/nginx/values.yaml +++ /dev/null @@ -1,24 +0,0 @@ -controller: - resources: - requests: - cpu: 0 - memory: 128Mi - limits: - cpu: 100m - memory: 128Mi - - ingressClass: - create: true - setAsDefaultIngress: true - - service: - create: true - type: LoadBalancer - # Requirement for sharing ip with other service - externalTrafficPolicy: Cluster - ipFamilyPolicy: RequireDualStack - annotations: - # Share IP with gitea ssh so we can have the same domain for both port - lbipam.cilium.io/sharing-key: gitea - lbipam.cilium.io/sharing-cross-namespace: gitea - lbipam.cilium.io/ips: 10.44.0.0,2001:470:61a3:400::1 diff --git a/infra-scripts/openebs/Makefile b/infra-scripts/openebs/Makefile deleted file mode 100644 index fac461b..0000000 --- a/infra-scripts/openebs/Makefile +++ /dev/null @@ -1,7 +0,0 @@ -install: - helm repo add openebs https://openebs.github.io/openebs - helm repo update openebs - helm upgrade -i -n openebs --create-namespace openebs openebs/openebs -f values.yml - - kubectl apply -f diskpools/zoma-dibaiyin-hdd.yml - kubectl apply -f single-hdd-sc.yml diff --git a/infra-scripts/openebs/diskpools/zoma-dibaiyin-hdd.yml b/infra-scripts/openebs/diskpools/zoma-dibaiyin-hdd.yml deleted file mode 100644 index ecfd399..0000000 --- a/infra-scripts/openebs/diskpools/zoma-dibaiyin-hdd.yml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: "openebs.io/v1beta2" -kind: DiskPool -metadata: - name: zoma-dibaiyin-hdd - namespace: openebs -spec: - node: zoma-dibaiyin - disks: ["aio:///dev/disk/by-id/wwn-0x5000c500ba15dcf7"] - topology: - labelled: - type: hdd diff --git a/infra-scripts/openebs/single-hdd-sc.yml b/infra-scripts/openebs/single-hdd-sc.yml deleted file mode 100644 index 605fdd3..0000000 --- a/infra-scripts/openebs/single-hdd-sc.yml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: mayastor-single-hdd -parameters: - protocol: nvmf - # Single replica - repl: "1" - # Thin provision volumes - thin: "true" - # Allow expansion of volumes - allowVolumeExpansion: "true" - # Generate new filesystem's uuid when cloning - cloneFsIdAsVolumeId: "true" - # Schedule this sconly on hdd - poolAffinityTopologyLabel: | - type: hdd -provisioner: io.openebs.csi-mayastor diff --git a/infra-scripts/openebs/values.yml b/infra-scripts/openebs/values.yml deleted file mode 100644 index 5f5c68e..0000000 --- a/infra-scripts/openebs/values.yml +++ /dev/null @@ -1,77 +0,0 @@ -zfs-localpv: - cidrs: - zfsLocalPv: - enabled: false - -lvm-localpv: - crds: - lmvLocalPv: - enabled: false - -mayastor: - csi: - node: - initContainers: - # We need to disable the init container that checks for the nvme_tcp module, since Talos has that module built-in. - # https://www.talos.dev/v1.9/kubernetes-guides/configuration/storage/#deploy-mayastor - enabled: false - resources: - requests: - cpu: 0 - controller: - resources: - requests: - cpu: 0 - - etcd: - clusterDomain: homelab.lumpiasty.xyz - # Single node cluster for now - replicaCount: 1 - io_engine: - # Workaround for crashing io-engine - # https://github.com/openebs/mayastor/issues/1763#issuecomment-2481922234 - envcontext: "iova-mode=pa" - agents: - core: - resources: - requests: - cpu: 0 - ha: - node: - resources: - requests: - cpu: 0 - cluster: - resources: - requests: - cpu: 0 - apis: - rest: - resources: - requests: - cpu: 0 - obs: - callhome: - resources: - requests: - cpu: 0 - stats: - resources: - requests: - cpu: 0 - - operators: - pool: - resources: - requests: - cpu: 0 - -engines: - local: - lvm: - enabled: false - zfs: - enabled: false - replicated: - mayastor: - enabled: true