From 2846af9566dfd9226e8458ccd267bbd8ca790f59 Mon Sep 17 00:00:00 2001
From: Michael Thomson <mthomson@konradgroup.com>
Date: Mon, 11 Dec 2023 12:00:09 -0500
Subject: [PATCH] heimdall

---
 .../kustomization-heimdall.yaml               | 18 +++++++++++
 bootstrap/namespaces/namespace-heimdall.yaml  |  4 +++
 heimdall/deployment.yaml                      | 30 +++++++++++++++++++
 heimdall/dns-endpoint.yaml                    | 12 ++++++++
 heimdall/ingress.yaml                         | 25 ++++++++++++++++
 heimdall/pvc-config.yaml                      | 12 ++++++++
 heimdall/service.yaml                         | 12 ++++++++
 7 files changed, 113 insertions(+)
 create mode 100644 bootstrap/kustomizations/kustomization-heimdall.yaml
 create mode 100644 bootstrap/namespaces/namespace-heimdall.yaml
 create mode 100644 heimdall/deployment.yaml
 create mode 100644 heimdall/dns-endpoint.yaml
 create mode 100644 heimdall/ingress.yaml
 create mode 100644 heimdall/pvc-config.yaml
 create mode 100644 heimdall/service.yaml

diff --git a/bootstrap/kustomizations/kustomization-heimdall.yaml b/bootstrap/kustomizations/kustomization-heimdall.yaml
new file mode 100644
index 0000000..9aa0888
--- /dev/null
+++ b/bootstrap/kustomizations/kustomization-heimdall.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: heimdall
+  namespace: flux-system
+spec:
+  interval: 15m
+  path: ./heimdall
+  prune: true # remove any elements later removed from the above path
+  timeout: 2m # if not set, this defaults to interval duration, which is 1h
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  healthChecks:
+    - apiVersion: apps/v1
+      kind: Deployment
+      name: heimdall
+      namespace: heimdall
diff --git a/bootstrap/namespaces/namespace-heimdall.yaml b/bootstrap/namespaces/namespace-heimdall.yaml
new file mode 100644
index 0000000..c042b6b
--- /dev/null
+++ b/bootstrap/namespaces/namespace-heimdall.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: heimdall
diff --git a/heimdall/deployment.yaml b/heimdall/deployment.yaml
new file mode 100644
index 0000000..6517383
--- /dev/null
+++ b/heimdall/deployment.yaml
@@ -0,0 +1,30 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: heimdall
+  namespace: heimdall
+spec:
+  selector:
+    matchLabels:
+      app: heimdall
+  template:
+    metadata:
+      labels:
+        app: heimdall
+    spec:
+      containers:
+      - name: heimdall
+        image: lscr.io/linuxserver/heimdall:latest
+        ports:
+        - containerPort: 80
+          name: http
+          protocol: TCP
+        volumeMounts:
+        - name: config
+          mountPath: /config
+      volumes:
+      - name: config
+        persistentVolumeClaim: 
+          claimName: heimdall-config
+            
+          
diff --git a/heimdall/dns-endpoint.yaml b/heimdall/dns-endpoint.yaml
new file mode 100644
index 0000000..f8cb1ba
--- /dev/null
+++ b/heimdall/dns-endpoint.yaml
@@ -0,0 +1,12 @@
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: heimdall.michaelthomson.dev
+  namespace: heimdall
+spec:
+  endpoints:
+  - dnsName: heimdall.michaelthomson.dev
+    recordTTL: 180
+    recordType: CNAME
+    targets:
+    - server.michaelthomson.dev
diff --git a/heimdall/ingress.yaml b/heimdall/ingress.yaml
new file mode 100644
index 0000000..657d776
--- /dev/null
+++ b/heimdall/ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: heimdall
+  namespace: heimdall
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  rules:
+  - host: heimdall.michaelthomson.dev
+    http:
+      paths:
+      - pathType: ImplementationSpecific
+        path: /
+        backend:
+          service:
+            name: heimdall
+            port: 
+              name: http
+  tls:
+    - hosts:
+        - heimdall.michaelthomson.dev
+      secretName: letsencrypt-wildcard-cert-michaelthomson.dev
diff --git a/heimdall/pvc-config.yaml b/heimdall/pvc-config.yaml
new file mode 100644
index 0000000..f85ec8c
--- /dev/null
+++ b/heimdall/pvc-config.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: heimdall-config
+  namespace: heimdall
+spec:
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteOnce
diff --git a/heimdall/service.yaml b/heimdall/service.yaml
new file mode 100644
index 0000000..8eb2ee9
--- /dev/null
+++ b/heimdall/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: heimdall
+  namespace: heimdall
+spec:
+  selector:
+    app: heimdall
+  ports:
+  - port: 80
+    targetPort: http
+    name: http