mthomson/fleet-infra
1
0
Fork 0
mirror of https://github.com/michaelthomson0797/fleet-infra.git synced 2026-02-04 13:09:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

removed pihole and weave gitops

Browse Source
This commit is contained in:
Michael Thomson
2024-05-23 09:47:36 -04:00
parent 7fc16afa59
commit 1639d14a54
10 changed files with 0 additions and 682 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
bootstrap/helmrepositories/helmrepository-mojo2600.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: mojo2600
namespace: flux-system
spec:
interval: 15m
url: https://mojo2600.github.io/pihole-kubernetes/

17
bootstrap/helmrepositories/helmrepository-weave-gitops.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
annotations:
metadata.weave.works/description: This is the source location for the Weave GitOps
Dashboard's helm chart.
labels:
app.kubernetes.io/component: ui
app.kubernetes.io/created-by: weave-gitops-cli
app.kubernetes.io/name: weave-gitops-dashboard
app.kubernetes.io/part-of: weave-gitops
name: weave-gitops
namespace: flux-system
spec:
interval: 1h0m0s
type: oci
url: oci://ghcr.io/weaveworks/charts

18
bootstrap/kustomizations/kustomization-pihole.yaml
View File

@@ -1,18 +0,0 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: pihole
namespace: flux-system
spec:
interval: 15m
path: ./pihole
prune: true # remove any elements later removed from the above path
timeout: 2m # if not set, this defaults to interval duration, which is 1h
sourceRef:
kind: GitRepository
name: flux-system
healthChecks:
- apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
name: pihole
namespace: pihole

18
bootstrap/kustomizations/kustomization-weave-gitops.yaml
View File

@@ -1,18 +0,0 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: weave-gitops
namespace: flux-system
spec:
interval: 15m
path: ./weave-gitops
prune: true # remove any elements later removed from the above path
timeout: 2m # if not set, this defaults to interval duration, which is 1h
sourceRef:
kind: GitRepository
name: flux-system
healthChecks:
- apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
name: weave-gitops
namespace: weave-gitops

4
bootstrap/namespaces/namespace-pihole.yaml
View File

@@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: pihole

4
bootstrap/namespaces/namespace-weave-gitops.yaml
View File

@@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: weave-gitops

12
pihole/dns-endpoint.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
name: pihole.michaelthomson.dev
namespace: pihole
spec:
endpoints:
- dnsName: pihole.michaelthomson.dev
recordTTL: 180
recordType: CNAME
targets:
- server.michaelthomson.dev

552
pihole/helmrelease-pihole.yaml
View File

@@ -1,552 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: pihole
namespace: pihole
spec:
chart:
spec:
chart: pihole
version: 2.19.x
sourceRef:
kind: HelmRepository
name: mojo2600
namespace: flux-system
interval: 15m
timeout: 5m
releaseName: pihole
values:
# Default values for pihole.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# -- The number of replicas
replicaCount: 1
# -- The `spec.strategyTpye` for updates
strategyType: RollingUpdate
# -- The maximum number of Pods that can be created over the desired number of `ReplicaSet` during updating.
maxSurge: 1
# -- The maximum number of Pods that can be unavailable during updating
maxUnavailable: 1
image:
# -- the repostory to pull the image from
repository: "pihole/pihole"
# -- the docker tag, if left empty it will get it from the chart's appVersion
tag: ""
# -- the pull policy
pullPolicy: IfNotPresent
dualStack:
# -- set this to true to enable creation of DualStack services or creation of separate IPv6 services if `serviceDns.type` is set to `"LoadBalancer"`
enabled: false
dnsHostPort:
# -- set this to true to enable dnsHostPort
enabled: false
# -- default port for this pod
port: 53
# -- Configuration for the DNS service on port 53
serviceDns:
# -- deploys a mixed (TCP + UDP) Service instead of separate ones
mixedService: false
# -- `spec.type` for the DNS Service
type: LoadBalancer
# -- The port of the DNS service
port: 53
# -- Optional node port for the DNS service
nodePort: ""
# -- `spec.externalTrafficPolicy` for the DHCP Service
externalTrafficPolicy: Local
# -- A fixed `spec.loadBalancerIP` for the DNS Service
loadBalancerIP: ""
# -- A fixed `spec.loadBalancerIP` for the IPv6 DNS Service
loadBalancerIPv6: ""
# -- Annotations for the DNS service
annotations:
metallb.universe.tf/loadBalancerIPs: 192.168.2.250
metallb.universe.tf/allow-shared-ip: pihole-svc
# -- Configuration for the DHCP service on port 67
serviceDhcp:
# -- Generate a Service resource for DHCP traffic
enabled: true
# -- `spec.type` for the DHCP Service
type: NodePort
# -- The port of the DHCP service
port: 67
# -- Optional node port for the DHCP service
nodePort: ""
# -- `spec.externalTrafficPolicy` for the DHCP Service
externalTrafficPolicy: Local
# -- A fixed `spec.loadBalancerIP` for the DHCP Service
loadBalancerIP: ""
# -- A fixed `spec.loadBalancerIP` for the IPv6 DHCP Service
loadBalancerIPv6: ""
# -- Annotations for the DHCP service
annotations:
{}
# metallb.universe.tf/address-pool: network-services
# metallb.universe.tf/allow-shared-ip: pihole-svc
# -- Configuration for the web interface service
serviceWeb:
# -- Configuration for the HTTP web interface listener
http:
# -- Generate a service for HTTP traffic
enabled: true
# -- The port of the web HTTP service
port: 80
# -- Optional node port for the web HTTP service
nodePort: ""
# -- Configuration for the HTTPS web interface listener
https:
# -- Generate a service for HTTPS traffic
enabled: true
# -- The port of the web HTTPS service
port: 443
# -- Optional node port for the web HTTPS service
nodePort: ""
# -- `spec.type` for the web interface Service
type: LoadBalancer
# -- `spec.externalTrafficPolicy` for the web interface Service
externalTrafficPolicy: Local
# -- A fixed `spec.loadBalancerIP` for the web interface Service
loadBalancerIP: ""
# -- A fixed `spec.loadBalancerIP` for the IPv6 web interface Service
loadBalancerIPv6: ""
# -- Annotations for the DHCP service
annotations:
metallb.universe.tf/loadBalancerIPs: 192.168.2.250
metallb.universe.tf/allow-shared-ip: pihole-svc
virtualHost: pi.hole
# -- Configuration for the Ingress
ingress:
# -- Generate a Ingress resource
enabled: true
# -- Specify an ingressClassName
ingressClassName: traefik
# -- Annotations for the ingress
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
# traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
traefik.ingress.kubernetes.io/router.tls: "true"
path: /
hosts:
# virtualHost (default value is pi.hole) will be appended to the hosts
- pihole.michaelthomson.dev
tls:
- hosts:
# virtualHost (default value is pi.hole) will be appended to the hosts
- pihole.michaelthomson.dev
secretName: letsencrypt-wildcard-cert-michaelthomson.dev
# -- Probes configuration
probes:
# -- probes.liveness -- Configure the healthcheck for the ingress controller
liveness:
# -- Generate a liveness probe
# 'type' defaults to httpGet, can be set to 'command' to use a command type liveness probe.
type: httpGet
# command:
# - /bin/bash
# - -c
# - /bin/true
enabled: true
initialDelaySeconds: 60
failureThreshold: 10
timeoutSeconds: 5
port: http
scheme: HTTP
readiness:
# -- Generate a readiness probe
enabled: true
initialDelaySeconds: 60
failureThreshold: 3
timeoutSeconds: 5
port: http
scheme: HTTP
# -- We usually recommend not to specify default resources and to leave this as a conscious
# -- choice for the user. This also increases chances charts run on environments with little
# -- resources, such as Minikube. If you do want to specify resources, uncomment the following
# -- lines, adjust them as necessary, and remove the curly braces after 'resources:'.
resources:
{}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# -- `spec.PersitentVolumeClaim` configuration
persistentVolumeClaim:
# -- set to true to use pvc
enabled: true
# -- specify an existing `PersistentVolumeClaim` to use
# existingClaim: ""
# -- Annotations for the `PersitentVolumeClaim`
annotations: {}
accessModes:
- ReadWriteOnce
size: "500Mi"
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: longhorn
## If subPath is set mount a sub folder of a volume instead of the root of the volume.
## This is especially handy for volume plugins that don't natively support sub mounting (like glusterfs).
## subPath: "pihole"
nodeSelector: {}
tolerations: []
# -- Specify a priorityClassName
# priorityClassName: ""
# Reference: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
topologySpreadConstraints: []
# - maxSkew: <integer>
# topologyKey: <string>
# whenUnsatisfiable: <string>
# labelSelector: <object>
affinity: {}
# -- Administrator password when not using an existing secret (see below)
adminPassword: "admin"
# -- Use an existing secret for the admin password.
admin:
# -- Specify an existing secret to use as admin password
existingSecret: ""
# -- Specify the key inside the secret to use
passwordKey: "password"
# -- extraEnvironmentVars is a list of extra enviroment variables to set for pihole to use
extraEnvVars:
{}
# TZ: UTC
# -- extraEnvVarsSecret is a list of secrets to load in as environment variables.
extraEnvVarsSecret:
{}
# env_var:
# name: secret-name
# key: secret-key
# -- default upstream DNS 1 server to use
DNS1: "8.8.8.8"
# -- default upstream DNS 2 server to use
DNS2: "8.8.4.4"
antiaff:
# -- set to true to enable antiaffinity (example: 2 pihole DNS in the same cluster)
enabled: false
# -- Here you can set the pihole release (you set in `helm install <releasename> ...`)
# you want to avoid
avoidRelease: pihole1
# -- Here you can choose between preferred or required
strict: true
# -- Here you can pass namespaces to be part of those inclueded in anti-affinity
namespaces: []
doh:
# -- set to true to enabled DNS over HTTPs via cloudflared
enabled: false
name: "cloudflared"
repository: "crazymax/cloudflared"
tag: latest
pullPolicy: IfNotPresent
# -- Here you can pass environment variables to the DoH container, for example:
envVars:
{}
# TUNNEL_DNS_UPSTREAM: "https://1.1.1.2/dns-query,https://1.0.0.2/dns-query"
# -- Probes configuration
probes:
# -- Configure the healthcheck for the doh container
liveness:
# -- set to true to enable liveness probe
enabled: true
# -- customize the liveness probe
probe:
exec:
command:
- nslookup
- -po=5053
- cloudflare.com
- "127.0.0.1"
# -- defines the initial delay for the liveness probe
initialDelaySeconds: 60
# -- defines the failure threshold for the liveness probe
failureThreshold: 10
# -- defines the timeout in secondes for the liveness probe
timeoutSeconds: 5
dnsmasq:
# -- Add upstream dns servers. All lines will be added to the pihole dnsmasq configuration
upstreamServers: []
# - server=/foo.bar/192.168.178.10
# - server=/bar.foo/192.168.178.11
# -- Add custom dns entries to override the dns resolution. All lines will be added to the pihole dnsmasq configuration.
customDnsEntries: []
# - address=/foo.bar/192.168.178.10
# - address=/bar.foo/192.168.178.11
# -- Dnsmasq reads the /etc/hosts file to resolve ips. You can add additional entries if you like
additionalHostsEntries: []
# - 192.168.0.3 host4
# - 192.168.0.4 host5
# -- Static DHCP config
staticDhcpEntries: []
# staticDhcpEntries:
# - dhcp-host=MAC_ADDRESS,IP_ADDRESS,HOSTNAME
# -- Other options
customSettings:
# otherSettings:
# - rebind-domain-ok=/plex.direct/
# -- Here we specify custom cname entries that should point to `A` records or
# elements in customDnsEntries array.
# The format should be:
# - cname=cname.foo.bar,foo.bar
# - cname=cname.bar.foo,bar.foo
# - cname=cname record,dns record
customCnameEntries: []
# Here we specify custom cname entries that should point to `A` records or
# elements in customDnsEntries array.
# The format should be:
# - cname=cname.foo.bar,foo.bar
# - cname=cname.bar.foo,bar.foo
# - cname=cname record,dns record
# -- list of adlists to import during initial start of the container
adlists:
{}
# If you want to provide blocklists, add them here.
# - https://hosts-file.net/grm.txt
# - https://reddestdream.github.io/Projects/MinimalHosts/etc/MinimalHostsBlocker/minimalhosts
# -- list of whitelisted domains to import during initial start of the container
whitelist:
{}
# If you want to provide whitelisted domains, add them here.
# - clients4.google.com
# -- list of blacklisted domains to import during initial start of the container
blacklist:
{}
# If you want to have special domains blacklisted, add them here
# - *.blackist.com
# -- list of blacklisted regex expressions to import during initial start of the container
regex:
{}
# Add regular expression blacklist items
# - (^|\.)facebook\.com$
# -- values that should be added to pihole-FTL.conf
ftl:
{}
# Add values for pihole-FTL.conf
# MAXDBDAYS: 14
# -- port the container should use to expose HTTP traffic
webHttp: "80"
# -- port the container should use to expose HTTPS traffic
webHttps: "443"
# -- hostname of pod
hostname: ""
# -- should the container use host network
hostNetwork: "false"
# -- should container run in privileged mode
privileged: "false"
# linux capabilities container should run with
capabilities:
{}
# add:
# - NET_ADMIN
customVolumes:
# -- set this to true to enable custom volumes
enabled: false
# -- any volume type can be used here
config:
{}
# hostPath:
# path: "/mnt/data"
# -- any extra volumes you might want
extraVolumes:
{}
# external-conf:
# configMap:
# name: pi-hole-lighttpd-external-conf
# -- any extra volume mounts you might want
extraVolumeMounts:
{}
# external-conf:
# mountPath: /etc/lighttpd/external.conf
# subPath: external.conf
extraContainers:
[]
# - name: pihole-logwatcher
# image: your-registry/pihole-logwatcher
# imagePullPolicy: Always
# resources:
# requests:
# cpu: 100m
# memory: 5Mi
# limits:
# cpu: 100m
# memory: 5Mi
# volumeMounts:
# - name: pihole-logs
# mountPath: /var/log/pihole
# -- any extra kubernetes manifests you might want
extraObjects:
[]
# - apiVersion: v1
# kind: ConfigMap
# metadata:
# name: pi-hole-lighttpd-external-conf
# data:
# external.conf: |
# $HTTP["host"] =~ "example.foo" {
# # If we're using a non-standard host for pihole, ensure the Pi-hole
# # Block Page knows that this is not a blocked domain
# setenv.add-environment = ("fqdn" => "true")
#
# # Enable the SSL engine with a cert, only for this specific host
# $SERVER["socket"] == ":443" {
# ssl.engine = "enable"
# ssl.pemfile = "/etc/ssl/lighttpd-private/tls.crt"
# ssl.privkey = "/etc/ssl/lighttpd-private/tls.key"
# ssl.ca-file = "/etc/ssl/lighttpd-private/ca.crt"
# ssl.honor-cipher-order = "enable"
# ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
# ssl.use-sslv2 = "disable"
# ssl.use-sslv3 = "disable"
# }
# }
#
# # Redirect HTTP to HTTPS
# $HTTP["scheme"] == "http" {
# $HTTP["host"] =~ ".*" {
# url.redirect = (".*" => "https://%0$0")
# }
# }
# -- Additional annotations for pods
podAnnotations:
{}
# Example below allows Prometheus to scape on metric port (requires pihole-exporter sidecar enabled)
# prometheus.io/port: '9617'
# prometheus.io/scrape: 'true'
# -- any initContainers you might want to run before starting pihole
extraInitContainers:
[]
# - name: copy-config
# image: busybox
# args:
# - sh
# - -c
# - |
# cp /etc/lighttpd-cm/external.conf /etc/lighttpd/
# ls -l /etc/lighttpd/
# volumeMounts:
# - name: external-conf-cm
# mountPath: /etc/lighttpd-cm/
# - name: external-conf
# mountPath: /etc/lighttpd/
monitoring:
# -- Preferably adding prometheus scrape annotations rather than enabling podMonitor.
podMonitor:
# -- set this to true to enable podMonitor
enabled: false
# -- Sidecar configuration
sidecar:
# -- set this to true to enable podMonitor as sidecar
enabled: false
port: 9617
image:
repository: ekofr/pihole-exporter
tag: v0.3.0
pullPolicy: IfNotPresent
resources:
limits:
memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
podDnsConfig:
enabled: true
policy: "None"
nameservers:
- 127.0.0.1
- 8.8.8.8
# -- configure a Pod Disruption Budget
podDisruptionBudget:
# -- set to true to enable creating the PDB
enabled: false
# -- minimum number of pods Kubernetes should try to have running at all times
minAvailable: 1
# -- maximum number of pods Kubernetes will allow to be unavailable. Cannot set both `minAvailable` and `maxAvailable`
# maxUnavailable: 1

12
weave-gitops/dns-endpoint-weave-gitops.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
name: weave-gitops.michaelthomson.dev
namespace: weave-gitops
spec:
endpoints:
- dnsName: weave-gitops.michaelthomson.dev
recordTTL: 180
recordType: CNAME
targets:
- server.michaelthomson.dev

37
weave-gitops/helmrelease-weave-gitops.yaml
View File

@@ -1,37 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: weave-gitops
namespace: weave-gitops
spec:
chart:
spec:
chart: weave-gitops
version: 4.x
sourceRef:
kind: HelmRepository
name: weave-gitops
namespace: flux-system
interval: 15m
timeout: 5m
values:
adminUser:
create: true
passwordHash: $2a$10$UbI.iTSJlbmim9A/FYGcHOSWdWnSd0Wwzdv5YXW4eGsPupA1nVW/y
username: admin
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
# traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
hosts:
- host: weave-gitops.michaelthomson.dev
paths:
- path: "/"
pathType: ImplementationSpecific
tls:
- secretName: letsencrypt-wildcard-cert-michaelthomson.dev
hosts:
- weave-gitops.michaelthomson.dev