Initial Commit

2023-11-12 16:02:19 -05:00 · 2023-11-12 16:02:19 -05:00 · ad9349f638
commit ad9349f638
10 changed files with 278 additions and 0 deletions
--- a/.hashes
+++ b/.hashes
@ -0,0 +1,6 @@
+eaf01e27a1f06bc36b5d4e0e96fb352656771fe2  ./templates/ingress.yaml
+4f43a9216ff28bb9649c17562c3178486a328383  ./templates/deployment.yaml
+54ac65fae69a221c4188354f0c9d07b67351eacb  ./templates/service.yaml
+a4c04ed02d25c1b06d6394ec78e62cd01acc5238  ./Chart.yaml
+78cc2bd5f0273b96d50e4fe8cf303793364f22aa  ./values/privatebin.yaml
+ae5a9f03a72f32284b576c6cbd3df913df79c286  ./values/wiki.yaml
--- a/Chart.yaml
+++ b/Chart.yaml
@ -0,0 +1,6 @@
+---
+apiVersion: v2
+name: home_server
+description: This deploys all of my home server services
+type: application
+version: 0.0.1
--- a/README.md
+++ b/README.md
@ -0,0 +1,5 @@
+# Home Server Helm
+
+Run `./scripts/deploy.sh`
+
+It uses helm diff to find any changes and redeploys if any are detected.
--- a/scripts/deploy.sh
+++ b/scripts/deploy.sh
@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+set -eu -o pipefail
+
+if [[ "${1:-}" == "diff" ]]; then
+	mode='diff'
+else
+	mode='apply'
+fi
+timeout='120'
+master_node='k3s-1'
+
+cur_hashes="$(kubectl get node "$master_node" -o jsonpath='{.metadata.annotations.home-server-hashes}')"
+
+compare_hash() {
+	yaml="$1"
+	hash=$(shasum "$yaml" | awk '{print $1}')
+
+	if [[ "$cur_hashes" =~ $hash ]]; then
+		return 0
+	else
+		return 1
+	fi
+}
+
+# Deploy all services if there is a template change
+for yaml in templates/*.yaml; do
+	if ! compare_hash "$yaml"; then
+		deploy_all=true
+	fi
+done
+
+# Deploy individual service changes
+for yaml in values/*.yaml; do
+	if ! compare_hash "$yaml" || [[ "${deploy_all:-}" == true ]]; then
+		name=$(grep '^name:' "$yaml" | awk '{print $2}')
+		if [[ "$mode" == 'apply' ]]; then
+			helm upgrade --install --atomic --timeout="${timeout}s" -f "$yaml" "$name" .
+			made_changes=true
+		elif [[ "$mode" == 'diff' ]]; then
+			helm diff upgrade -f "$yaml" "$name" .
+		fi
+	fi
+done
+
+if [[ "${made_changes:-}" ]]; then
+	new_hashes="$(find . -type f -name '*.yaml' -exec shasum {} \+)"
+	kubectl annotate node "$master_node" home-server-hashes="$new_hashes" --overwrite=true
+fi
--- a/templates/deployment.yaml
+++ b/templates/deployment.yaml
@ -0,0 +1,54 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.name }}
+  labels:
+    app: {{ .Values.name }}
+spec:
+  replicas: {{ .Values.replicas }}
+  strategy:
+    type: {{ .Values.strategy | default "RollingUpdate" }}
+  selector:
+    matchLabels:
+      app: {{ .Values.name }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.name }}
+    spec:
+      containers:
+        - name: {{ .Values.name }}
+          imagePullPolicy: {{ .Values.image.imagePullPolicy | default "IfNotPresent" }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          {{- with .Values.ports}}
+          ports:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.lifecycle}}
+          lifecycle:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.volumeMounts}}
+          volumeMounts:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.resources}}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.env }}
+          env:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.args}}
+          args:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      {{- with .Values.volumes}}
+      volumes:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.nodeName}}
+      nodeName: {{ . }}
+      {{- end }}
--- a/templates/ingress.yaml
+++ b/templates/ingress.yaml
@ -0,0 +1,38 @@
+{{- if .Values.ingress.enabled -}}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Values.name }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.ingress.tls }}
+  rules:
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            pathType: {{ .pathType }}
+            backend:
+              service:
+                name: {{ $.Values.name }}
+                port:
+                  number: {{ .port }}
+          {{- end }}
+    {{- end }}
+{{- end }}
--- a/templates/pvc.yaml
+++ b/templates/pvc.yaml
@ -0,0 +1,14 @@
+{{- if .Values.pvc.enabled -}}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ .Values.pvc.name }}
+spec:
+  accessModes:
+    {{ .Values.pvc.accessModes }}
+  storageClassName: {{ .Values.pvc.storageClassName }}
+  resources:
+    requests:
+      storage: {{ .Values.pvc.size | default "10Gi" }}
+{{- end }}
--- a/templates/service.yaml
+++ b/templates/service.yaml
@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.name }}
+spec:
+  selector:
+    app: {{ .Values.name }}
+  ports:
+    {{- range .Values.ports}}
+    - protocol: {{ .protocol | default "TCP" }}
+      port: {{ .containerPort }}
+      targetPort: {{ .targetPort | default .containerPort }}
+      name: {{ .containerPort }}-{{ .protocol | default "TCP" | lower }}-{{ .targetPort | default .containerPort }}
+    {{- end }}
--- a/values/privatebin.yaml
+++ b/values/privatebin.yaml
@ -0,0 +1,44 @@
+name: privatebin
+replicas: 1
+image:
+  repository: privatebin/nginx-fpm-alpine
+  imagePullPolicy: Always
+  tag: 1.6.0
+ports:
+  - containerPort: 8080
+    protocol: TCP
+    name: tcp8080
+volumeMounts:
+  - name: data
+    mountPath: /srv/data
+    subPath: privatebin/data
+  - name: data
+    mountPath: /srv/cfg
+    subPath: privatebin/cfg
+volumes:
+  - name: data
+    persistentVolumeClaim:
+      claimName: cephfs-privatebin
+ingress:
+  enabled: true
+  annotations:
+    kubernetes.io/ingress.class: traefik
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+  hosts:
+    - host: paste.linux-help.org
+      paths:
+        - path: /
+          pathType: Prefix
+          port: 8080
+  tls:
+    - secretName: paste-linux-help.org-tls
+      hosts:
+        - paste.linux-help.org
+pvc:
+  enabled: true
+  name: cephfs-privatebin
+  storageClassName: cephfs
+  size: 2Gi
+  accessModes:
+    - ReadWriteMany
+
--- a/values/wiki.yaml
+++ b/values/wiki.yaml
@ -0,0 +1,47 @@
+name: wiki
+replicas: 1
+image:
+  repository: linuxserver/grav
+  imagePullPolicy: Always
+  tag: 1.7.43
+ports:
+  - containerPort: 80
+    protocol: TCP
+    name: tcp80
+volumeMounts:
+  - mountPath: /config
+    name: cephfs
+volumes:
+  - name: cephfs
+    persistentVolumeClaim:
+      claimName: cephfs-wiki
+env:
+  - name: PGID
+    value: "10000"
+  - name: PUID
+    value: "10000"
+  - name: TZ
+    value: "America/Toronto"
+ingress:
+  enabled: true
+  annotations:
+    kubernetes.io/ingress.class: traefik
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+  hosts:
+    - host: grav.linux-help.org
+      paths:
+        - path: /
+          pathType: Prefix
+          port: 80
+  tls:
+    - secretName: grav-linux-help.org-tls
+      hosts:
+        - grav.linux-help.org
+pvc:
+  enabled: true
+  name: cephfs-wiki
+  storageClassName: cephfs
+  size: 1Gi
+  accessModes:
+    - ReadWriteMany
+