Initial Commit

This commit is contained in:
Eric Renfro 2023-11-12 16:02:19 -05:00
commit ad9349f638
Signed by: psi-jack
GPG key ID: 14977F3A50D9A5BF
10 changed files with 278 additions and 0 deletions

6
.hashes Normal file
View file

@ -0,0 +1,6 @@
eaf01e27a1f06bc36b5d4e0e96fb352656771fe2 ./templates/ingress.yaml
4f43a9216ff28bb9649c17562c3178486a328383 ./templates/deployment.yaml
54ac65fae69a221c4188354f0c9d07b67351eacb ./templates/service.yaml
a4c04ed02d25c1b06d6394ec78e62cd01acc5238 ./Chart.yaml
78cc2bd5f0273b96d50e4fe8cf303793364f22aa ./values/privatebin.yaml
ae5a9f03a72f32284b576c6cbd3df913df79c286 ./values/wiki.yaml

6
Chart.yaml Normal file
View file

@ -0,0 +1,6 @@
---
apiVersion: v2
name: home_server
description: This deploys all of my home server services
type: application
version: 0.0.1

5
README.md Normal file
View file

@ -0,0 +1,5 @@
# Home Server Helm
Run `./scripts/deploy.sh`
It uses helm diff to find any changes and redeploys if any are detected.

49
scripts/deploy.sh Executable file
View file

@ -0,0 +1,49 @@
#!/usr/bin/env bash
set -eu -o pipefail
if [[ "${1:-}" == "diff" ]]; then
mode='diff'
else
mode='apply'
fi
timeout='120'
master_node='k3s-1'
cur_hashes="$(kubectl get node "$master_node" -o jsonpath='{.metadata.annotations.home-server-hashes}')"
compare_hash() {
yaml="$1"
hash=$(shasum "$yaml" | awk '{print $1}')
if [[ "$cur_hashes" =~ $hash ]]; then
return 0
else
return 1
fi
}
# Deploy all services if there is a template change
for yaml in templates/*.yaml; do
if ! compare_hash "$yaml"; then
deploy_all=true
fi
done
# Deploy individual service changes
for yaml in values/*.yaml; do
if ! compare_hash "$yaml" || [[ "${deploy_all:-}" == true ]]; then
name=$(grep '^name:' "$yaml" | awk '{print $2}')
if [[ "$mode" == 'apply' ]]; then
helm upgrade --install --atomic --timeout="${timeout}s" -f "$yaml" "$name" .
made_changes=true
elif [[ "$mode" == 'diff' ]]; then
helm diff upgrade -f "$yaml" "$name" .
fi
fi
done
if [[ "${made_changes:-}" ]]; then
new_hashes="$(find . -type f -name '*.yaml' -exec shasum {} \+)"
kubectl annotate node "$master_node" home-server-hashes="$new_hashes" --overwrite=true
fi

54
templates/deployment.yaml Normal file
View file

@ -0,0 +1,54 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.name }}
labels:
app: {{ .Values.name }}
spec:
replicas: {{ .Values.replicas }}
strategy:
type: {{ .Values.strategy | default "RollingUpdate" }}
selector:
matchLabels:
app: {{ .Values.name }}
template:
metadata:
labels:
app: {{ .Values.name }}
spec:
containers:
- name: {{ .Values.name }}
imagePullPolicy: {{ .Values.image.imagePullPolicy | default "IfNotPresent" }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
{{- with .Values.ports}}
ports:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.lifecycle}}
lifecycle:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.volumeMounts}}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.resources}}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.env }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.args}}
args:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.volumes}}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeName}}
nodeName: {{ . }}
{{- end }}

38
templates/ingress.yaml Normal file
View file

@ -0,0 +1,38 @@
{{- if .Values.ingress.enabled -}}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Values.name }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
rules:
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
pathType: {{ .pathType }}
backend:
service:
name: {{ $.Values.name }}
port:
number: {{ .port }}
{{- end }}
{{- end }}
{{- end }}

14
templates/pvc.yaml Normal file
View file

@ -0,0 +1,14 @@
{{- if .Values.pvc.enabled -}}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .Values.pvc.name }}
spec:
accessModes:
{{ .Values.pvc.accessModes }}
storageClassName: {{ .Values.pvc.storageClassName }}
resources:
requests:
storage: {{ .Values.pvc.size | default "10Gi" }}
{{- end }}

15
templates/service.yaml Normal file
View file

@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.name }}
spec:
selector:
app: {{ .Values.name }}
ports:
{{- range .Values.ports}}
- protocol: {{ .protocol | default "TCP" }}
port: {{ .containerPort }}
targetPort: {{ .targetPort | default .containerPort }}
name: {{ .containerPort }}-{{ .protocol | default "TCP" | lower }}-{{ .targetPort | default .containerPort }}
{{- end }}

44
values/privatebin.yaml Normal file
View file

@ -0,0 +1,44 @@
name: privatebin
replicas: 1
image:
repository: privatebin/nginx-fpm-alpine
imagePullPolicy: Always
tag: 1.6.0
ports:
- containerPort: 8080
protocol: TCP
name: tcp8080
volumeMounts:
- name: data
mountPath: /srv/data
subPath: privatebin/data
- name: data
mountPath: /srv/cfg
subPath: privatebin/cfg
volumes:
- name: data
persistentVolumeClaim:
claimName: cephfs-privatebin
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: paste.linux-help.org
paths:
- path: /
pathType: Prefix
port: 8080
tls:
- secretName: paste-linux-help.org-tls
hosts:
- paste.linux-help.org
pvc:
enabled: true
name: cephfs-privatebin
storageClassName: cephfs
size: 2Gi
accessModes:
- ReadWriteMany

47
values/wiki.yaml Normal file
View file

@ -0,0 +1,47 @@
name: wiki
replicas: 1
image:
repository: linuxserver/grav
imagePullPolicy: Always
tag: 1.7.43
ports:
- containerPort: 80
protocol: TCP
name: tcp80
volumeMounts:
- mountPath: /config
name: cephfs
volumes:
- name: cephfs
persistentVolumeClaim:
claimName: cephfs-wiki
env:
- name: PGID
value: "10000"
- name: PUID
value: "10000"
- name: TZ
value: "America/Toronto"
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: grav.linux-help.org
paths:
- path: /
pathType: Prefix
port: 80
tls:
- secretName: grav-linux-help.org-tls
hosts:
- grav.linux-help.org
pvc:
enabled: true
name: cephfs-wiki
storageClassName: cephfs
size: 1Gi
accessModes:
- ReadWriteMany