diff --git a/k8s/matrix/config-janky.bot/homeserver.yaml b/k8s/matrix/config-janky.bot/homeserver.yaml index 4bae07d..249f3ef 100644 --- a/k8s/matrix/config-janky.bot/homeserver.yaml +++ b/k8s/matrix/config-janky.bot/homeserver.yaml @@ -27,4 +27,4 @@ signing_key_path: "/secrets/janky.bot.signing.key" trusted_key_servers: - server_name: "matrix.org" public_baseurl: https://matrix.janky.bot -ip_range_whitelist: [10.5.1.245] +ip_range_whitelist: [10.5.1.245,10.5.1.1] diff --git a/k8s/matrix/kustomization.yaml b/k8s/matrix/kustomization.yaml index e4267f6..86182ad 100644 --- a/k8s/matrix/kustomization.yaml +++ b/k8s/matrix/kustomization.yaml @@ -7,6 +7,7 @@ resources: - bridge-signal.yaml - bridge-telegram.yaml - janky.bot-homeserver.yaml + - janky.solutions-homeserver.yaml - secrets.yaml - secrets-init.yaml configMapGenerator: @@ -18,3 +19,12 @@ configMapGenerator: files: - config-janky.bot/homeserver.yaml - config-janky.bot/log.yaml + - name: synapse-janky-solutions + files: + - config-janky.solutions/homeserver.yaml + - config-janky.solutions/log.yaml + - name: appservices-janky-solutions + files: + - appservices-janky.solutions/facebook.yaml + - appservices-janky.solutions/telegram.yaml + - appservices-janky.solutions/signal.yaml diff --git a/k8s/monica/kustomization.yaml b/k8s/monica/kustomization.yaml index 0038540..fc24236 100644 --- a/k8s/monica/kustomization.yaml +++ b/k8s/monica/kustomization.yaml @@ -4,5 +4,5 @@ namespace: monica resources: - namespace.yaml - monica.yaml - - mysql.yaml + - database.yaml - secrets.yaml diff --git a/k8s/monica/monica.yaml b/k8s/monica/monica.yaml index 2d0a371..827d85b 100644 --- a/k8s/monica/monica.yaml +++ b/k8s/monica/monica.yaml @@ -64,6 +64,7 @@ spec: - metadata: name: storage spec: + storageClassName: longhorn accessModes: ["ReadWriteOnce"] resources: requests: diff --git a/k8s/monica/mysql.yaml b/k8s/monica/mysql.yaml index 660b9eb..db55077 100644 --- a/k8s/monica/mysql.yaml +++ b/k8s/monica/mysql.yaml @@ -27,7 +27,7 @@ spec: app: mysql spec: containers: - - image: docker.io/library/mysql:5.7 + - image: docker.io/library/mysql:8 name: mysql resources: {} ports: @@ -50,6 +50,7 @@ spec: - metadata: name: storage spec: + storageClassName: longhorn accessModes: ["ReadWriteOnce"] resources: requests: diff --git a/k8s/monitoring/ingresses.yaml b/k8s/monitoring/ingresses.yaml index 711c179..90d8b0d 100644 --- a/k8s/monitoring/ingresses.yaml +++ b/k8s/monitoring/ingresses.yaml @@ -19,6 +19,8 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: prometheus-internal + annotations: + janky.solutions/auth-glue: prometheus spec: rules: - host: prometheus.monitoring.k8s diff --git a/k8s/system/kustomization.yaml b/k8s/system/kustomization.yaml index 9ae17a6..6291fd6 100644 --- a/k8s/system/kustomization.yaml +++ b/k8s/system/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - traefik-default-cert.yaml + - traefik-dashboard.yaml configMapGenerator: - name: traefik-additional-configs namespace: kube-system diff --git a/k8s/system/traefik-dashboard.yaml b/k8s/system/traefik-dashboard.yaml new file mode 100644 index 0000000..5324f66 --- /dev/null +++ b/k8s/system/traefik-dashboard.yaml @@ -0,0 +1,12 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: traefik-dashboard + namespace: kube-system +spec: + routes: + - match: Host(`traefik.kube-system.k8s`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`)) + kind: Rule + services: + - name: api@internal + kind: TraefikService diff --git a/k8s/system/traefik/external-services.yaml b/k8s/system/traefik/external-services.yaml index e2c906d..886cfc7 100644 --- a/k8s/system/traefik/external-services.yaml +++ b/k8s/system/traefik/external-services.yaml @@ -1,21 +1,25 @@ +{{ + $services := list + (list "minio-console" "minio-console.home.finn.io" "http://minio:9001") + (list "minio" "storage.home.finn.io" "http://minio:9000") + (list "jellyfin" "jellyfin.janky.solutions" "http://jellyfin:8096") + (list "dns" "dns.janky.solutions" "http://dns:9191") + (list "dns443" "dns.janky.solutions:443" "http://dns:9191") + (list "matrix" "matrix.janky.solutions" "http://matrix:8008") +}} http: routers: - minio: + {{range $_, $service := $services}} + {{index $service 0}}: entryPoints: - websecure - rule: "Host(`storage.home.finn.io`)" - service: minio - minio-console: - entryPoints: - - websecure - rule: "Host(`minio-console.home.finn.io`)" - service: minio-console + rule: "Host(`{{ index $service 1 }}`)" + service: {{ index $service 0 }} + {{end}} services: - minio: + {{range $_, $service := $services}} + {{index $service 0}}: loadBalancer: servers: - - url: "http://minio:9000/" - minio-console: - loadBalancer: - servers: - - url: "http://minio:9001/" + - url: "{{index $service 2}}" + {{end}} diff --git a/playbook-home-k8s-usb.yaml b/playbook-home-k8s-usb.yaml index 30722d0..243d6e5 100644 --- a/playbook-home-k8s-usb.yaml +++ b/playbook-home-k8s-usb.yaml @@ -3,6 +3,5 @@ ansible_user: root roles: - base - - monitoring - k8s-node - k8s-usb-node diff --git a/playbook-home-k8s.yaml b/playbook-home-k8s.yaml index 89ba1f5..c2c82b4 100644 --- a/playbook-home-k8s.yaml +++ b/playbook-home-k8s.yaml @@ -3,5 +3,4 @@ ansible_user: root roles: - base - - monitoring - k8s-node diff --git a/roles/k8s-node/templates/traefik-config.yaml b/roles/k8s-node/templates/traefik-config.yaml index 023bb92..88e27e9 100644 --- a/roles/k8s-node/templates/traefik-config.yaml +++ b/roles/k8s-node/templates/traefik-config.yaml @@ -22,6 +22,7 @@ spec: additionalArguments: - --providers.file.directory=/file-configs - --providers.file.watch=true + - --providers.file.debugLogGeneratedTemplate=true volumes: - name: traefik-additional-configs mountPath: /file-configs