From c09f1ddf7276d8f9b88cf504711d2daa229b75d4 Mon Sep 17 00:00:00 2001 From: Rich Braun Date: Thu, 22 Jan 2026 13:14:22 -0800 Subject: [PATCH 1/2] SYS-671 prune disused clutter --- README.md | 3 +- ansible/hosts-lab | 10 - ansible/requirements.txt | 4 +- images/wxcam-upload/Dockerfile | 30 --- images/wxcam-upload/Makefile | 1 - images/wxcam-upload/README.md | 49 ----- images/wxcam-upload/docker-compose.yml | 27 --- images/wxcam-upload/entrypoint-wx.sh | 55 ----- images/wxcam-upload/helm/Chart.yaml | 17 -- images/wxcam-upload/helm/values.yaml | 133 ------------ images/wxcam-upload/hooks/add_tags | 3 - images/wxcam-upload/hooks/build | 1 - images/wxcam-upload/wx_upload.sh | 40 ---- k8s/Makefile.helm | 3 +- k8s/Makefile.versions | 2 +- k8s/dex/des.yaml | 204 ------------------ k8s/dex/gangway.yaml | 121 ----------- k8s/dex/oath2-proxy.yaml | 78 ------- k8s/global.yaml | 15 +- k8s/helm-deprecated/artifactory/Chart.yaml | 10 - .../artifactory/templates/NOTES.txt | 28 --- .../artifactory/templates/app.yaml | 14 -- .../templates/tests/test-connection.yaml | 17 -- k8s/helm-deprecated/artifactory/values.yaml | 81 ------- .../helm-deprecated/rainloop}/.helmignore | 0 .../rainloop/Chart.yaml | 0 .../rainloop}/templates/NOTES.txt | 0 .../rainloop}/templates/app.yaml | 0 .../templates/tests/test-connection.yaml | 0 .../rainloop/values.yaml | 0 k8s/{helm => helm-deprecated}/wxcam-upload | 0 k8s/helm/davite | 1 - k8s/helm/{rainloop => owntone}/.helmignore | 0 k8s/helm/rainloop/templates/NOTES.txt | 28 --- k8s/helm/rainloop/templates/app.yaml | 15 -- .../templates/tests/test-connection.yaml | 17 -- services/Makefile | 33 ++- stacks/Makefile | 65 ------ stacks/README.md | 29 --- stacks/admin.yml | 1 - stacks/artifactory.yml | 25 --- stacks/authelia.yml | 27 --- stacks/blacklist.yml | 1 - stacks/cloud.yml | 25 --- stacks/davite.yml | 1 - stacks/db00.yml | 45 ---- stacks/db02.yml | 45 ---- stacks/docs.yml | 1 - stacks/dovecot.yml | 1 - stacks/dropbox.yml | 1 - stacks/duplicati.yml | 47 ---- stacks/ez-ipupdate.yml | 1 - stacks/git-dump.yml | 1 - stacks/gitlab-runner.yml | 21 -- stacks/gitlab.yml | 48 ----- stacks/guacamole.yml | 17 -- stacks/il-v1.yml | 1 - stacks/jenkins.yml | 1 - stacks/jira.yml | 25 --- stacks/logspout.yml | 19 -- stacks/mysqldump.yml | 1 - stacks/nexus.yml | 24 --- stacks/postfix.yml | 1 - stacks/proftpd.yml | 1 - stacks/rainloop.yml | 24 --- stacks/registry.yml | 24 --- stacks/rsyslogd.yml | 1 - stacks/secondshot.yml | 1 - stacks/services/Makefile | 32 --- stacks/services/README.md | 28 --- .../services/dhcpd-dns-pxe/docker-compose.yml | 33 --- stacks/services/etcd/docker-compose.yml | 37 ---- stacks/services/mt-daapd/docker-compose.yml | 16 -- .../mythtv-backend/docker-compose.yml | 32 --- stacks/services/ntpd/docker-compose.yml | 18 -- stacks/services/samba-dc/docker-compose.yml | 41 ---- stacks/services/samba/docker-compose.yml | 25 --- stacks/spamassassin.yml | 1 - stacks/splunk.yml | 30 --- stacks/squirrelmail.yml | 1 - stacks/swarm-sync-2.yml | 48 ----- stacks/swarm-sync.yml | 1 - stacks/udp-nginx-proxy.yml | 1 - stacks/wordpress-ci.yml | 30 --- stacks/wordpress-il.yml | 30 --- stacks/www00.yml | 56 ----- stacks/wwwext.yml | 76 ------- stacks/wx-nginx.yml | 1 - stacks/wxcam-upload.yml | 1 - 89 files changed, 46 insertions(+), 2057 deletions(-) delete mode 100644 ansible/hosts-lab delete mode 100644 images/wxcam-upload/Dockerfile delete mode 100644 images/wxcam-upload/Makefile delete mode 100644 images/wxcam-upload/README.md delete mode 100644 images/wxcam-upload/docker-compose.yml delete mode 100755 images/wxcam-upload/entrypoint-wx.sh delete mode 100644 images/wxcam-upload/helm/Chart.yaml delete mode 100644 images/wxcam-upload/helm/values.yaml delete mode 100755 images/wxcam-upload/hooks/add_tags delete mode 120000 images/wxcam-upload/hooks/build delete mode 100755 images/wxcam-upload/wx_upload.sh delete mode 100644 k8s/dex/des.yaml delete mode 100644 k8s/dex/gangway.yaml delete mode 100644 k8s/dex/oath2-proxy.yaml delete mode 100644 k8s/helm-deprecated/artifactory/Chart.yaml delete mode 100644 k8s/helm-deprecated/artifactory/templates/NOTES.txt delete mode 100644 k8s/helm-deprecated/artifactory/templates/app.yaml delete mode 100644 k8s/helm-deprecated/artifactory/templates/tests/test-connection.yaml delete mode 100644 k8s/helm-deprecated/artifactory/values.yaml rename {images/wxcam-upload/helm => k8s/helm-deprecated/rainloop}/.helmignore (100%) rename k8s/{helm => helm-deprecated}/rainloop/Chart.yaml (100%) rename {images/wxcam-upload/helm => k8s/helm-deprecated/rainloop}/templates/NOTES.txt (100%) rename {images/wxcam-upload/helm => k8s/helm-deprecated/rainloop}/templates/app.yaml (100%) rename {images/wxcam-upload/helm => k8s/helm-deprecated/rainloop}/templates/tests/test-connection.yaml (100%) rename k8s/{helm => helm-deprecated}/rainloop/values.yaml (100%) rename k8s/{helm => helm-deprecated}/wxcam-upload (100%) delete mode 120000 k8s/helm/davite rename k8s/helm/{rainloop => owntone}/.helmignore (100%) delete mode 100644 k8s/helm/rainloop/templates/NOTES.txt delete mode 100644 k8s/helm/rainloop/templates/app.yaml delete mode 100644 k8s/helm/rainloop/templates/tests/test-connection.yaml mode change 120000 => 100644 services/Makefile delete mode 100644 stacks/Makefile delete mode 100644 stacks/README.md delete mode 120000 stacks/admin.yml delete mode 100644 stacks/artifactory.yml delete mode 100644 stacks/authelia.yml delete mode 120000 stacks/blacklist.yml delete mode 100644 stacks/cloud.yml delete mode 120000 stacks/davite.yml delete mode 100644 stacks/db00.yml delete mode 100644 stacks/db02.yml delete mode 120000 stacks/docs.yml delete mode 120000 stacks/dovecot.yml delete mode 120000 stacks/dropbox.yml delete mode 100644 stacks/duplicati.yml delete mode 120000 stacks/ez-ipupdate.yml delete mode 120000 stacks/git-dump.yml delete mode 100644 stacks/gitlab-runner.yml delete mode 100644 stacks/gitlab.yml delete mode 100644 stacks/guacamole.yml delete mode 120000 stacks/il-v1.yml delete mode 120000 stacks/jenkins.yml delete mode 100644 stacks/jira.yml delete mode 100644 stacks/logspout.yml delete mode 120000 stacks/mysqldump.yml delete mode 100644 stacks/nexus.yml delete mode 120000 stacks/postfix.yml delete mode 120000 stacks/proftpd.yml delete mode 100644 stacks/rainloop.yml delete mode 100644 stacks/registry.yml delete mode 120000 stacks/rsyslogd.yml delete mode 120000 stacks/secondshot.yml delete mode 100644 stacks/services/Makefile delete mode 100644 stacks/services/README.md delete mode 100644 stacks/services/dhcpd-dns-pxe/docker-compose.yml delete mode 100644 stacks/services/etcd/docker-compose.yml delete mode 100644 stacks/services/mt-daapd/docker-compose.yml delete mode 100644 stacks/services/mythtv-backend/docker-compose.yml delete mode 100644 stacks/services/ntpd/docker-compose.yml delete mode 100644 stacks/services/samba-dc/docker-compose.yml delete mode 100644 stacks/services/samba/docker-compose.yml delete mode 120000 stacks/spamassassin.yml delete mode 100644 stacks/splunk.yml delete mode 120000 stacks/squirrelmail.yml delete mode 100644 stacks/swarm-sync-2.yml delete mode 120000 stacks/swarm-sync.yml delete mode 120000 stacks/udp-nginx-proxy.yml delete mode 100644 stacks/wordpress-ci.yml delete mode 100644 stacks/wordpress-il.yml delete mode 100644 stacks/www00.yml delete mode 100644 stacks/wwwext.yml delete mode 120000 stacks/wx-nginx.yml delete mode 120000 stacks/wxcam-upload.yml diff --git a/README.md b/README.md index 061102ba..7f027e41 100644 --- a/README.md +++ b/README.md @@ -26,12 +26,11 @@ Find a lot more details about the Kubernetes bare-metal installer in [k8s/README The cluster-deployment tools here include helm charts and ansible playbooks to spin up bare-metal or VM master/worker nodes, and a Makefile to add several additional features. * Direct-attached SSD local storage pools -* Dashboard * Non-default namespace with its own service account (full permissions within namespace, limited read-only in kube-system namespaces) * Keycloak for OpenID / OAuth2 user authentication / authorization * Vaultwarden, a self-hosted Bitwarden-compatible password manager -* Helm3 +* Helm4 * Mozilla [sops](https://github.com/mozilla/sops/blob/master/README.rst) with encryption (to keep credentials in local git repo) * Encryption for internal etcd * MFA using [Authelia](https://github.com/clems4ever/authelia) and Google Authenticator diff --git a/ansible/hosts-lab b/ansible/hosts-lab deleted file mode 100644 index 1a2655e3..00000000 --- a/ansible/hosts-lab +++ /dev/null @@ -1,10 +0,0 @@ -[fileservers] -k2.ci.net - -[k8s_cplane] -borg1.ci.net - -[k8s_nodes] -kube1.ci.net -kube2.ci.net -kube3.ci.net diff --git a/ansible/requirements.txt b/ansible/requirements.txt index a47a54cf..b6c16c0f 100644 --- a/ansible/requirements.txt +++ b/ansible/requirements.txt @@ -1,3 +1,3 @@ -ansible==12.2.0 -ansible-lint==25.9.1 +ansible==12.3.0 +ansible-lint==26.1.1 pip==25.3 diff --git a/images/wxcam-upload/Dockerfile b/images/wxcam-upload/Dockerfile deleted file mode 100644 index 6b9cf971..00000000 --- a/images/wxcam-upload/Dockerfile +++ /dev/null @@ -1,30 +0,0 @@ -FROM instantlinux/proftpd:1.3.8d-r0 -MAINTAINER Rich Braun "docker@instantlinux.net" -ARG BUILD_DATE -ARG VCS_REF -LABEL org.label-schema.build-date=$BUILD_DATE \ - org.label-schema.license=Apache-2.0 \ - org.label-schema.name=wxcam-upload \ - org.label-schema.vcs-ref=$VCS_REF \ - org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools - -ENV ANONYMOUS_DISABLE=on \ - CAMS=cam1 \ - INTERVAL=5 \ - PASV_MAX_PORT=30090 \ - PASV_MIN_PORT=30081 \ - UPLOAD_HOSTNAME=webcam.wunderground.com \ - UPLOAD_PASSWORD_SECRET=wunderground-user-password \ - UPLOAD_PATH=/home/wx/upload \ - UPLOAD_USERNAME=required \ - WXUSER_NAME=wx \ - WXUSER_PASSWORD_SECRET=wxcam-password-hashed \ - WXUSER_UID=2060 \ - TZ=UTC - -RUN apk add --update --no-cache bash dcron imagemagick ncftp - -VOLUME $UPLOAD_PATH - -COPY entrypoint-wx.sh wx_upload.sh /usr/local/bin/ -ENTRYPOINT ["/usr/local/bin/entrypoint-wx.sh"] diff --git a/images/wxcam-upload/Makefile b/images/wxcam-upload/Makefile deleted file mode 100644 index ae6ab3bf..00000000 --- a/images/wxcam-upload/Makefile +++ /dev/null @@ -1 +0,0 @@ -include ../../lib/build/Makefile.docker_image diff --git a/images/wxcam-upload/README.md b/images/wxcam-upload/README.md deleted file mode 100644 index 4264ba15..00000000 --- a/images/wxcam-upload/README.md +++ /dev/null @@ -1,49 +0,0 @@ -## wxcam-upload -[![](https://img.shields.io/docker/v/instantlinux/wxcam-upload?sort=date)](https://hub.docker.com/r/instantlinux/wxcam-upload/tags "Version badge") [![](https://img.shields.io/docker/image-size/instantlinux/wxcam-upload?sort=date)](https://github.com/instantlinux/docker-tools/tree/main/images/wxcam-upload "Image badge") ![](https://img.shields.io/badge/platform-amd64%20arm64%20arm%2Fv6%20arm%2Fv7-blue "Platform badge") [![](https://img.shields.io/badge/dockerfile-latest-blue)](https://gitlab.com/instantlinux/docker-tools/-/blob/main/images/wxcam-upload/Dockerfile "dockerfile") - -This wraps an upload script along with proftpd for publishing still images from network-attached webcams to the Weather Underground webcam server. - -### Status - -DEPRECATED - IBM discontinued webcam for Wunderground Oct 2021. - -### Usage - -Sign up with Weather Underground to get a user login, and set up one or more webcams. Add secrets to your Docker Swarm installation (or define them as plain-text files), and set parameters as defined below. An example compose file is provided here in docker-compose.yml. This repo has complete instructions for -[building a kubernetes cluster](https://github.com/instantlinux/docker-tools/blob/main/k8s/README.md) where you can launch with [helm](https://github.com/instantlinux/docker-tools/tree/main/images/wxcam-upload/helm) or [kubernetes.yaml](https://github.com/instantlinux/docker-tools/blob/main/images/wxcam-upload/kubernetes.yaml) using _make_ and customizing [Makefile.vars](https://github.com/instantlinux/docker-tools/blob/main/k8s/Makefile.vars) after cloning this repo: -~~~ -git clone https://github.com/instantlinux/docker-tools.git -cd docker-tools/k8s -make wxcam-upload -~~~ - -### Variables - -This image is based on instantantlinux/proftpd; see the variables there as well as these. - -Variable | Default | Description | --------- | ------- | ----------- | -ANONYMOUS_DISABLE | on | no downloads from local ftp -CAMS | cam1 | names of webcams (space-delimited list) -INTERVAL | 5 | interval for transmitting to Weather Underground (minutes) -PASV_MAX_PORT | 30090 | docker-host port number range -PASV_MIN_PORT | 30081 | -UPLOAD_HOSTNAME | webcam.wunderground.com | destination of image uploads -UPLOAD_PASSWORD_SECRET | wunderground-user-password | name of secret for API -UPLOAD_PATH | /home/wx/upload | root of uploaded files -UPLOAD_USERNAME | required | Weather Underground API user -WXUSER_NAME | wx | username for wx upload -WXUSER_PASSWORD_SECRET | wxuser-password-hashed | name of secret for ftp user -WXUSER_UID | 2060 | uid of wx files -TZ | UTC | timezone - -### Secrets - -Secret | Description ------- | ----------- -wunderground-user-password | password for Weather Underground ftp server -wunderground-pw-cam | if you have more than one, use multiple entries -wxcam-password-hashed | hashed password of -wxuser-password-hashed | hashed password of ftp upload user - -[![](https://images.microbadger.com/badges/license/instantlinux/wxcam-upload)](https://microbadger.com/images/instantlinux/wxcam-upload "License badge") [![](https://img.shields.io/badge/code-proftpd%2Fproftpd-blue.svg)](https://github.com/proftpd/proftpd "Code repo") [![](https://img.shields.io/badge/code-nftpd_com%2Fclient-blue.svg)](http://www.ncftpd.com/download "Code repo") diff --git a/images/wxcam-upload/docker-compose.yml b/images/wxcam-upload/docker-compose.yml deleted file mode 100644 index 335cc2e7..00000000 --- a/images/wxcam-upload/docker-compose.yml +++ /dev/null @@ -1,27 +0,0 @@ -version: "3.1" - -services: - app: - image: ${REGISTRY_URI:-instantlinux}/wxcam-upload:${VERSION_WXCAM:-latest} - environment: - CAMS: ${WXCAM_CAMS:-cam1} - PASV_ADDRESS: ${WX_RSYNC_HOST:-swarm} - UPLOAD_USERNAME: ${WXCAM_UPLOAD_USERNAME:-wx} - TZ: ${TZ:-UTC} - volumes: - - ${SHARE_PATH:-/opt}/wx:/home/wx/upload - ports: - - ${PORT_WXCAM_FTPD:-21}:21 - - "30081-30090:30081-30090" - secrets: - - wunderground-user-password - - wxcam-password-hashed - -volumes: - upload: -secrets: - wunderground-user-password: - external: true - wxcam-password-hashed: - external: true - diff --git a/images/wxcam-upload/entrypoint-wx.sh b/images/wxcam-upload/entrypoint-wx.sh deleted file mode 100755 index 53471afc..00000000 --- a/images/wxcam-upload/entrypoint-wx.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash -e - -if [ -e /run/secrets/$WXUSER_PASSWORD_SECRET ]; then - adduser -u $WXUSER_UID -s /bin/sh -g "ftp user" -D $WXUSER_NAME - echo "$WXUSER_NAME:$(cat /run/secrets/$WXUSER_PASSWORD_SECRET)" \ - | chpasswd -e -fi -if [ -e /run/secrets/$UPLOAD_PASSWORD_SECRET ]; then - UPLOAD_PASSWORD="$(cat /run/secrets/$UPLOAD_PASSWORD_SECRET)" -fi - -chown $WXUSER_NAME $UPLOAD_PATH -chmod 755 /usr/local/bin/wx_upload.sh - -echo "# Added by /usr/local/bin/entrypoint-wx.sh" >/etc/crontabs/$WXUSER_NAME -ITEM=0 -IFS=', ' read -r -a USERNAMES <<< "$UPLOAD_USERNAME" -for CAM in $CAMS; do - MINUTE=$(seq -s, $ITEM $INTERVAL 60) - if [ -e /run/secrets/wunderground-pw-cam/wunderground-pw-$CAM ]; then - PW=$(cat /run/secrets/wunderground-pw-cam/wunderground-pw-$CAM) - else - PW=$UPLOAD_PASSWORD - fi - cat <>/etc/crontabs/$WXUSER_NAME -$MINUTE * * * * /usr/local/bin/wx_upload.sh $CAM $UPLOAD_HOSTNAME $UPLOAD_PATH -EOF - ncftpini=/dev/shm/$WXUSER_NAME-ncftp-$CAM - cat <$ncftpini -host $UPLOAD_HOSTNAME -user ${USERNAMES[$ITEM]} -pass $PW -EOF - chown $WXUSER_NAME $ncftpini && chmod 600 $ncftpini - ln -s $ncftpini /home/$WXUSER_NAME/.ncftp-$CAM - mkdir -p $UPLOAD_PATH/$CAM - chown $WXUSER_NAME $UPLOAD_PATH/$CAM - ITEM=$((ITEM + 1)) -done - -touch /var/log/cron.log /var/log/docker.log -chown $WXUSER_NAME /var/log/docker.log -crond -L /var/log/cron.log -tail -f -n0 /var/log/cron.log /var/log/docker.log & - -# Not using mod_delay: suppress warning messages in logs -cat >/etc/proftpd/conf.d/mod_delay.conf < - DelayEngine off - -EOF -echo 'TransferLog /var/log/docker.log' > /etc/proftpd/conf.d/logging.conf - -# Invoke base proftpd image's entrypoint -exec /usr/local/bin/entrypoint.sh diff --git a/images/wxcam-upload/helm/Chart.yaml b/images/wxcam-upload/helm/Chart.yaml deleted file mode 100644 index 66a6f400..00000000 --- a/images/wxcam-upload/helm/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v2 -name: wxcam-upload -description: Uploader for Weather Underground images -home: https://github.com/instantlinux/docker-tools -sources: -- https://github.com/instantlinux/docker-tools -- https://github.com/proftpd/proftpd -type: application -version: 0.1.4 -appVersion: "1.3.8d-r0" -dependencies: -- name: chartlib - version: 0.1.8 - repository: https://instantlinux.github.io/docker-tools -- name: data-sync - version: 0.1.3 - repository: https://instantlinux.github.io/docker-tools diff --git a/images/wxcam-upload/helm/values.yaml b/images/wxcam-upload/helm/values.yaml deleted file mode 100644 index a455eaaa..00000000 --- a/images/wxcam-upload/helm/values.yaml +++ /dev/null @@ -1,133 +0,0 @@ -# Default values for wxcam-upload. -deployment: - containerPorts: - - containerPort: 21 - - containerPort: 30080 - - containerPort: 30081 - - containerPort: 30082 - - containerPort: 30083 - - containerPort: 30084 - - containerPort: 30085 - - containerPort: 30086 - - containerPort: 30087 - - containerPort: 30088 - - containerPort: 30089 - - containerPort: 30090 - env: - pasv_address: 10.101.1.70 - tz: UTC - nodeSelector: - service.wxcam-upload: allow -volumeMounts: -- mountPath: /home/wx/upload - name: synced -- name: wunderground-pw-cam - mountPath: /run/secrets/wunderground-pw-cam -- name: wxcam-password-hashed - mountPath: /run/secrets/wxcam-password-hashed - subPath: wxcam-password-hashed -volumes: -- name: synced - hostPath: { path: /var/lib/docker/k8s-volumes/wx } -- name: wunderground-pw-cam - secret: - secretName: wunderground-pw-cam -- name: wxcam-password-hashed - secret: - secretName: wxcam-password-hashed - -image: - repository: instantlinux/wxcam-upload - pullPolicy: IfNotPresent - # tag: default - -nameOverride: "" -fullnameOverride: "" - -serviceAccount: {} -service: - clusterIP: 10.101.1.70 - ports: - - { port: 21, targetPort: 21, name: ftp } - - { port: 30081, targetPort: 30081, name: pasv1 } - - { port: 30082, targetPort: 30082, name: pasv2 } - - { port: 30083, targetPort: 30083, name: pasv3 } - - { port: 30084, targetPort: 30084, name: pasv4 } - - { port: 30085, targetPort: 30085, name: pasv5 } - - { port: 30086, targetPort: 30086, name: pasv6 } - - { port: 30087, targetPort: 30087, name: pasv7 } - - { port: 30088, targetPort: 30088, name: pasv8 } - - { port: 30089, targetPort: 30089, name: pasv9 } - - { port: 30090, targetPort: 30090, name: pasv10 } - type: ClusterIP -autoscaling: - enabled: false - -# Subchart data-sync, maintains persistent data across nodes -data-sync: - statefulset: - containerPorts: [ containerPort: 22 ] - env: - sync_interval: 20 - tz: UTC - nodeSelector: - service.wxcam-upload: allow - replicas: 2 - resources: - limits: - memory: 1536Mi - requests: - cpu: 100m - memory: 256Mi - volumeMounts: - - name: archive - mountPath: /root/.unison - - name: config-sync - mountPath: /etc/unison.d/common.prf - subPath: common.prf - - mountPath: /etc/ssh - name: etc - - mountPath: /var/log/unison - name: logs - - mountPath: /var/data-sync/wx - name: wx - - mountPath: /run/secrets/data-sync-sshkey1 - name: sshkeys - subPath: sshkey1 - - mountPath: /run/secrets/data-sync-sshkey2 - name: sshkeys - subPath: sshkey2 - volumes: - - name: config-sync - configMap: - name: wxcam-upload-data-sync - - name: sshkeys - secret: - secretName: data-sync-ssh - - name: logs - hostPath: { path: /var/lib/docker/k8s-volumes/sync-logs/wxcam-upload } - volumeClaimTemplates: - - metadata: - name: archive - spec: - accessModes: [ ReadWriteOnce ] - resources: - requests: - storage: 500Mi - - metadata: - name: etc - spec: - accessModes: [ ReadWriteOnce ] - resources: - requests: - storage: 500Mi - - metadata: - name: wx - spec: - accessModes: [ ReadWriteMany ] - resources: - requests: - storage: 8Gi - selector: - matchLabels: - volume.group: wx diff --git a/images/wxcam-upload/hooks/add_tags b/images/wxcam-upload/hooks/add_tags deleted file mode 100755 index e644c0bf..00000000 --- a/images/wxcam-upload/hooks/add_tags +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -TAG=$(grep "^FROM " Dockerfile | cut -d: -f 2) -echo "--tag $DOCKER_REPO:$TAG" diff --git a/images/wxcam-upload/hooks/build b/images/wxcam-upload/hooks/build deleted file mode 120000 index acded15a..00000000 --- a/images/wxcam-upload/hooks/build +++ /dev/null @@ -1 +0,0 @@ -../../../lib/build/dockerhub-hook \ No newline at end of file diff --git a/images/wxcam-upload/wx_upload.sh b/images/wxcam-upload/wx_upload.sh deleted file mode 100755 index d6f48466..00000000 --- a/images/wxcam-upload/wx_upload.sh +++ /dev/null @@ -1,40 +0,0 @@ -#! /bin/bash -# Upload latest image to wunderground - -CAM=$1 -DEST=$2 -UPLOAD_FROM=$3 - -MAX_SIZE=145kb -MAX_TIME=60 -RETRIES=3 - -if [ "$CAM" == "twinpeaks" ]; then - CROP="-crop 1920x880+0+0" -else - CROP="" -fi - -LOG=/var/log/docker.log - -cd $UPLOAD_FROM/$CAM -LATEST=`find . -type f -name *.jpg -mmin -5 -print|sort -r |head -1` -IMG=/tmp/image-`date +%H.%M.%S`.jpg -if [ "$LATEST" != "" ]; then - convert $LATEST $CROP -define jpeg:extent=$MAX_SIZE $IMG - while [ $RETRIES -gt 0 ]; do - START=`date +%s` - ncftpput -f ~/.ncftp-$CAM -t $MAX_TIME -V -C $DEST $IMG /image.jpg - RET=$? - FIN=`date +%s` - if [ $RET == 0 ]; then - echo "I action=wx_upload result=ok file=$LATEST bytes=`stat -c %s $IMG` cam=$CAM seconds=$((FIN - START))" >> $LOG - break - else - echo "F action=wx_upload result=fail file=$LATEST bytes=`stat -c %s $IMG` cam=$CAM seconds=$((FIN - START))" >> $LOG - fi - RETRIES=$((RETRIES - 1)) - sleep 5 - done - rm $IMG -fi diff --git a/k8s/Makefile.helm b/k8s/Makefile.helm index 14d3db8a..7491194d 100644 --- a/k8s/Makefile.helm +++ b/k8s/Makefile.helm @@ -45,7 +45,8 @@ endif /usr/local/bin/helm: wget -O /tmp/$(TARBALL) https://get.helm.sh/$(TARBALL) wget -O /tmp/$(TARBALL).sha256 https://get.helm.sh/$(TARBALL).sha256sum - cd /tmp && echo "$(shell cat /tmp/$(TARBALL).sha256)" | sha256sum -c + # cd /tmp && echo "$(shell cat /tmp/$(TARBALL).sha256)" | sha256sum -c + cd /tmp && sha256sum -c $(TARBALL).sha256 tar xf /tmp/$(TARBALL) -C /tmp sudo mv /tmp/linux-amd64/helm /usr/local/bin rm -r /tmp/$(TARBALL)* /tmp/linux-amd64 diff --git a/k8s/Makefile.versions b/k8s/Makefile.versions index d92adbd6..08528982 100644 --- a/k8s/Makefile.versions +++ b/k8s/Makefile.versions @@ -8,7 +8,7 @@ export VERSION_LOGSPOUT ?= v3.2.14 export VERSION_CERT_MANAGER ?= 1.19.2 export VERSION_DEFAULTBACKEND ?= 1.5 export VERSION_FLANNEL ?= 0.28.0 -export VERSION_HELM ?= 3.19.2 +export VERSION_HELM ?= 4.1.0 export VERSION_INGRESS_NGINX ?= 1.14.1 export VERSION_METRICS ?= 2.18.0 export VERSION_NODE_LOCAL_DNS ?= 1.34.3 diff --git a/k8s/dex/des.yaml b/k8s/dex/des.yaml deleted file mode 100644 index bf3f742d..00000000 --- a/k8s/dex/des.yaml +++ /dev/null @@ -1,204 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: auth-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: dex - namespace: auth-system ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: dex - namespace: auth-system -rules: -- apiGroups: ["dex.coreos.com"] - resources: ["*"] - verbs: ["*"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create"] ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: dex - namespace: auth-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dex -subjects: -- kind: ServiceAccount - name: dex - namespace: auth-system ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: dex - namespace: auth-system -data: - config.yaml: | - issuer: https://auth.k8s.inkubate.io/ - web: - http: 0.0.0.0:5556 - frontend: - theme: custom - telemetry: - http: 0.0.0.0:5558 - staticClients: - - id: oidc-auth-client - redirectURIs: - - 'https://kubectl.k8s.inkubate.io/callback' - - 'http://dashboard.k8s.inkubate.io/oauth2/callback' - name: 'oidc-auth-client' - secret: *********** - connectors: - - type: ldap - id: ldap - name: LDAP - config: - host: ad.inkubate.io:389 - insecureNoSSL: true - insecureSkipVerify: true - bindDN: cn=Administrator,cn=Users,dc=inkubate,dc=io - bindPW: '***********' - userSearch: - baseDN: cn=Users,dc=inkubate,dc=io - filter: "(objectClass=user)" - username: sAMAccountName - idAttr: sAMAccountName - emailAttr: sAMAccountName - nameAttr: displayName - oauth2: - skipApprovalScreen: true - storage: - type: kubernetes - config: - inCluster: true ---- -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: dex - name: dex - namespace: auth-system -spec: - replicas: 1 - selector: - matchLabels: - app: dex - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app: dex - revision: "1" - spec: - initContainers: - - name: dl-theme - image: alpine/git - command: - - git - - clone - - "https://github.com/sguyennet/dex-inkubate-branding.git" - - /theme - volumeMounts: - - name: theme - mountPath: /theme/ - containers: - - command: - - /usr/local/bin/dex - - serve - - /etc/dex/cfg/config.yaml - image: quay.io/coreos/dex:v2.10.0 - imagePullPolicy: IfNotPresent - name: dex - ports: - - containerPort: 5556 - name: http - protocol: TCP - resources: {} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /etc/dex/cfg - name: config - - mountPath: /web/themes/custom/ - name: theme - dnsPolicy: ClusterFirst - serviceAccountName: dex - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - terminationGracePeriodSeconds: 30 - volumes: - - configMap: - defaultMode: 420 - items: - - key: config.yaml - path: config.yaml - name: dex - name: config - - name: theme - emptyDir: {} ---- -apiVersion: v1 -kind: Service -metadata: - name: dex - namespace: auth-system -spec: - selector: - app: dex - ports: - - name: dex - port: 5556 - protocol: TCP - target ---- -Port: 5556apiVersion: v1 -kind: Service -metadata: - name: dex - namespace: auth-system -spec: - selector: - app: dex - ports: - - name: dex - port: 5556 - protocol: TCP - targetPort: 5556 ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: dex - namespace: auth-system - annotations: - kubernetes.io/tls-acme: "true" - certmanager.k8s.io/cluster-issuer: "letsencrypt-production" - ingress.kubernetes.io/force-ssl-redirect: "true" -spec: - tls: - - secretName: dex - hosts: - - auth.k8s.inkubate.io - rules: - - host: auth.k8s.inkubate.io - http: - paths: - - backend: - serviceName: dex - servicePort: 5556 diff --git a/k8s/dex/gangway.yaml b/k8s/dex/gangway.yaml deleted file mode 100644 index 3575b1de..00000000 --- a/k8s/dex/gangway.yaml +++ /dev/null @@ -1,121 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: gangway - namespace: auth-system -data: - gangway.yaml: | - clusterName: "Inkubate" - apiServerURL: "https://10.10.40.33:6443" - authorizeURL: "https://auth.k8s.inkubate.io/auth" - tokenURL: "https://auth.k8s.inkubate.io/token" - clientID: "oidc-auth-client" - clientSecret: "***********" - redirectURL: "https://kubectl.k8s.inkubate.io/callback" - scopes: ["openid", "profile", "email", "offline_access"] - usernameClaim: "email" - emailClaim: "email" ---- -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: gangway - namespace: auth-system - labels: - app: gangway -spec: - replicas: 1 - selector: - matchLabels: - app: gangway - strategy: - template: - metadata: - labels: - app: gangway - revision: "1" - spec: - containers: - - name: gangway - image: gcr.io/heptio-images/gangway:v2.0.0 - imagePullPolicy: Always - command: ["gangway", "-config", "/gangway/gangway.yaml"] - env: - - name: GANGWAY_SESSION_SECURITY_KEY - valueFrom: - secretKeyRef: - name: gangway-key - key: sesssionkey - ports: - - name: http - containerPort: 8080 - protocol: TCP - resources: - requests: - cpu: "100m" - memory: "100Mi" - limits: - cpu: "100m" - memory: "100Mi" - volumeMounts: - - name: gangway - mountPath: /gangway/ - livenessProbe: - httpGet: - path: / - port: 8080 - initialDelaySeconds: 20 - timeoutSeconds: 1 - periodSeconds: 60 - failureThreshold: 3 - readinessProbe: - httpGet: - path: / - port: 8080 - timeoutSeconds: 1 - periodSeconds: 10 - failureThreshold: 3 - volumes: - - name: gangway - configMap: - name: gangway ---- -kind: Service -apiVersion: v1 -metadata: - name: gangway-svc - namespace: auth-system - labels: - app: gangway -spec: - type: ClusterIP - ports: - - name: "http" - protocol: TCP - port: 80 - targetPort: "http" - selector: - app: gangway ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: gangway - namespace: auth-system - annotations: - kubernetes.io/tls-acme: "true" - certmanager.k8s.io/cluster-issuer: "letsencrypt-production" - ingress.kubernetes.io/force-ssl-redirect: "true" -spec: - tls: - - secretName: gangway - hosts: - - kubectl.k8s.inkubate.io - rules: - - host: kubectl.k8s.inkubate.io - http: - paths: - - backend: - serviceName: gangway-svc - servicePort: http diff --git a/k8s/dex/oath2-proxy.yaml b/k8s/dex/oath2-proxy.yaml deleted file mode 100644 index 9985564d..00000000 --- a/k8s/dex/oath2-proxy.yaml +++ /dev/null @@ -1,78 +0,0 @@ ---- -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - k8s-app: oauth2-proxy - name: oauth2-proxy - namespace: auth-system -spec: - replicas: 1 - selector: - matchLabels: - k8s-app: oauth2-proxy - template: - metadata: - labels: - k8s-app: oauth2-proxy - spec: - containers: - - args: - - --cookie-secure=false - - --provider=oidc - - --client-id=oidc-auth-client - - --client-secret=*********** - - --oidc-issuer-url=https://auth.k8s.inkubate.io/ - - --http-address=0.0.0.0:8080 - - --upstream=file:///dev/null - - --email-domain=* - - --set-authorization-header=true - env: - # docker run -ti --rm python:3-alpine python -c 'import secrets,base64; print(base64.b64encode(base64.b64encode(secrets.token_bytes(16))));' - - name: OAUTH2_PROXY_COOKIE_SECRET - value: *********** - image: sguyennet/oauth2-proxy:header-2.2 - imagePullPolicy: Always - name: oauth2-proxy - ports: - - containerPort: 8080 - protocol: TCP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - k8s-app: oauth2-proxy - name: oauth2-proxy - namespace: auth-system -spec: - ports: - - name: http - port: 8080 - protocol: TCP - targetPort: 8080 - selector: - k8s-app: oauth2-proxy ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - annotations: - kubernetes.io/tls-acme: "true" - certmanager.k8s.io/cluster-issuer: "letsencrypt-production" - ingress.kubernetes.io/force-ssl-redirect: "true" - name: oauth-proxy - namespace: auth-system -spec: - rules: - - host: dashboard.k8s.inkubate.io - http: - paths: - - backend: - serviceName: oauth2-proxy - servicePort: 8080 - path: /oauth2 - tls: - - hosts: - - dashboard.k8s.inkubate.io - secretName: kubernetes-dashboard-external-tls diff --git a/k8s/global.yaml b/k8s/global.yaml index e638746c..5ebbaded 100644 --- a/k8s/global.yaml +++ b/k8s/global.yaml @@ -1,7 +1,8 @@ -authelia: - fqdn: authtotp.example.com - ip: 10.101.1.5 -domain: example.com -serviceAccount: - enabled: false -tz: UTC +# TODO: remove this outdated file +# authelia: +# fqdn: authtotp.example.com +# ip: 10.101.1.5 +# domain: example.com +# serviceAccount: +# enabled: false +# tz: UTC diff --git a/k8s/helm-deprecated/artifactory/Chart.yaml b/k8s/helm-deprecated/artifactory/Chart.yaml deleted file mode 100644 index 3fbc9fdc..00000000 --- a/k8s/helm-deprecated/artifactory/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -name: artifactory -description: JFrog Artifactory service -type: application -version: 0.1.8 -appVersion: "6.15.1" -dependencies: -- name: chartlib - version: 0.1.8 - repository: https://instantlinux.github.io/docker-tools diff --git a/k8s/helm-deprecated/artifactory/templates/NOTES.txt b/k8s/helm-deprecated/artifactory/templates/NOTES.txt deleted file mode 100644 index 62ea3f4b..00000000 --- a/k8s/helm-deprecated/artifactory/templates/NOTES.txt +++ /dev/null @@ -1,28 +0,0 @@ -{{- if hasKey .Values "service" }} -{{- if or .Values.service.enabled (not (hasKey .Values.service "enabled")) }} -1. Get the application URL by running these commands: -{{- if hasKey .Values "ingress" }} -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "local.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "local.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "local.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "local.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/k8s/helm-deprecated/artifactory/templates/app.yaml b/k8s/helm-deprecated/artifactory/templates/app.yaml deleted file mode 100644 index 90cc60a1..00000000 --- a/k8s/helm-deprecated/artifactory/templates/app.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -{{- include "chartlib.deployment" . }} ---- -{{- include "chartlib.hpa" . }} ---- -{{- include "chartlib.ingress" . }} ---- -{{- include "chartlib.ingresstotp" . }} ---- -{{- include "chartlib.service" . }} ---- -{{- include "chartlib.serviceaccount" . }} ---- -{{- include "chartlib.statefulset" . }} diff --git a/k8s/helm-deprecated/artifactory/templates/tests/test-connection.yaml b/k8s/helm-deprecated/artifactory/templates/tests/test-connection.yaml deleted file mode 100644 index ae159a4f..00000000 --- a/k8s/helm-deprecated/artifactory/templates/tests/test-connection.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if hasKey .Values "service" }} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "local.fullname" . }}-test-connection" - labels: - {{- include "local.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "local.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never -{{- end }} diff --git a/k8s/helm-deprecated/artifactory/values.yaml b/k8s/helm-deprecated/artifactory/values.yaml deleted file mode 100644 index 8ce52c96..00000000 --- a/k8s/helm-deprecated/artifactory/values.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# Default values for artifactory. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -tlsHostname: artifactory.example.com -deployment: - env: - db_host: db00 - extra_java_options: -Xms1g -Xmx4g - tz: UTC - containerPorts: - - { name: http, containerPort: 8081, protocol: TCP } - resources: - limits: - memory: 4Gi - requests: - cpu: 200m - memory: 1Gi - strategy: - type: Recreate -livenessProbe: - httpGet: - path: /artifactory/webapp/#/login - port: http - initialDelaySeconds: 600 -readinessProbe: - httpGet: - path: /artifactory/webapp/#/login - port: http - initialDelaySeconds: 600 -volumeMounts: -- name: data - mountPath: /var/opt/jfrog/artifactory - subPath: artifactory/data -- name: data - mountPath: /opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.40-bin.jar - readOnly: true - subPath: artifactory/mysql-connector-java-5.1.40.jar -volumes: -- name: data - hostPath: { path: /var/lib/docker/k8s-volumes/share } - -image: - repository: docker.bintray.io/jfrog/artifactory-oss - pullPolicy: IfNotPresent - # tag: default - -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - create: false - -service: - clusterIP: None - type: ClusterIP - ports: - - { port: 80, targetPort: http, protocol: TCP } - -authelia: - fqdn: authtotp.example.com - ip: 10.101.1.5 -ingress: - className: "" - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/enable-access-log: "false" - -ingressTOTP: - className: "" - hosts: - - host: repo.example.com - paths: - - path: /artifactory/webapp/[#]/login - pathType: Prefix - - path: /artifactory/ui/(oauth2/loginRequest|auth/login) - pathType: Prefix - -autoscaling: - enabled: false diff --git a/images/wxcam-upload/helm/.helmignore b/k8s/helm-deprecated/rainloop/.helmignore similarity index 100% rename from images/wxcam-upload/helm/.helmignore rename to k8s/helm-deprecated/rainloop/.helmignore diff --git a/k8s/helm/rainloop/Chart.yaml b/k8s/helm-deprecated/rainloop/Chart.yaml similarity index 100% rename from k8s/helm/rainloop/Chart.yaml rename to k8s/helm-deprecated/rainloop/Chart.yaml diff --git a/images/wxcam-upload/helm/templates/NOTES.txt b/k8s/helm-deprecated/rainloop/templates/NOTES.txt similarity index 100% rename from images/wxcam-upload/helm/templates/NOTES.txt rename to k8s/helm-deprecated/rainloop/templates/NOTES.txt diff --git a/images/wxcam-upload/helm/templates/app.yaml b/k8s/helm-deprecated/rainloop/templates/app.yaml similarity index 100% rename from images/wxcam-upload/helm/templates/app.yaml rename to k8s/helm-deprecated/rainloop/templates/app.yaml diff --git a/images/wxcam-upload/helm/templates/tests/test-connection.yaml b/k8s/helm-deprecated/rainloop/templates/tests/test-connection.yaml similarity index 100% rename from images/wxcam-upload/helm/templates/tests/test-connection.yaml rename to k8s/helm-deprecated/rainloop/templates/tests/test-connection.yaml diff --git a/k8s/helm/rainloop/values.yaml b/k8s/helm-deprecated/rainloop/values.yaml similarity index 100% rename from k8s/helm/rainloop/values.yaml rename to k8s/helm-deprecated/rainloop/values.yaml diff --git a/k8s/helm/wxcam-upload b/k8s/helm-deprecated/wxcam-upload similarity index 100% rename from k8s/helm/wxcam-upload rename to k8s/helm-deprecated/wxcam-upload diff --git a/k8s/helm/davite b/k8s/helm/davite deleted file mode 120000 index 16ad44e0..00000000 --- a/k8s/helm/davite +++ /dev/null @@ -1 +0,0 @@ -../../images/davite/helm \ No newline at end of file diff --git a/k8s/helm/rainloop/.helmignore b/k8s/helm/owntone/.helmignore similarity index 100% rename from k8s/helm/rainloop/.helmignore rename to k8s/helm/owntone/.helmignore diff --git a/k8s/helm/rainloop/templates/NOTES.txt b/k8s/helm/rainloop/templates/NOTES.txt deleted file mode 100644 index 62ea3f4b..00000000 --- a/k8s/helm/rainloop/templates/NOTES.txt +++ /dev/null @@ -1,28 +0,0 @@ -{{- if hasKey .Values "service" }} -{{- if or .Values.service.enabled (not (hasKey .Values.service "enabled")) }} -1. Get the application URL by running these commands: -{{- if hasKey .Values "ingress" }} -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "local.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "local.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "local.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "local.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/k8s/helm/rainloop/templates/app.yaml b/k8s/helm/rainloop/templates/app.yaml deleted file mode 100644 index 5a01911b..00000000 --- a/k8s/helm/rainloop/templates/app.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- include "chartlib.configmap" . }} ---- -{{- include "chartlib.deployment" . }} ---- -{{- include "chartlib.hpa" . }} ---- -{{- include "chartlib.ingress" . }} ---- -{{- include "chartlib.ingresstotp" . }} ---- -{{- include "chartlib.service" . }} ---- -{{- include "chartlib.serviceaccount" . }} ---- -{{- include "chartlib.statefulset" . }} diff --git a/k8s/helm/rainloop/templates/tests/test-connection.yaml b/k8s/helm/rainloop/templates/tests/test-connection.yaml deleted file mode 100644 index ae159a4f..00000000 --- a/k8s/helm/rainloop/templates/tests/test-connection.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if hasKey .Values "service" }} -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "local.fullname" . }}-test-connection" - labels: - {{- include "local.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "local.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never -{{- end }} diff --git a/services/Makefile b/services/Makefile deleted file mode 120000 index 37cd7af1..00000000 --- a/services/Makefile +++ /dev/null @@ -1 +0,0 @@ -../stacks/services/Makefile \ No newline at end of file diff --git a/services/Makefile b/services/Makefile new file mode 100644 index 00000000..6d3800f6 --- /dev/null +++ b/services/Makefile @@ -0,0 +1,32 @@ +# Ad-hoc services +# These are containers run without Kubernetes +# +# Usage: +# # Make sure to set up SHARE_PATH env +# make + +HOST = $(shell hostname -s) +REGISTRY_URI ?= nexus.instantlinux.net +SERVICES = haproxy-keepalived minio mythtv-backend nut-upsd restic-server +ifeq ($(shell test -d /var/adm/admin/services && echo 1),1) + export ADMIN_PATH=/var/adm/admin/services +endif + +default: $(HOST) + +cumbre: haproxy-keepalived nut-upsd +k2: nagios haproxy-keepalived keycloak restic-server + +$(SERVICES):: + @echo Starting $@ + cd $@ ; docker compose up -d + +keycloak:: + @echo Starting $@ + @cd $@ ; KEYCLOAK_DB_PASSWORD=$(shell cat \ + /var/adm/secrets/keycloak-db-password) docker compose up -d + +nagios:: + @echo Starting $@ + docker pull $(REGISTRY_URI)/nagiosql:latest; \ + cd $@ ; docker compose up -d diff --git a/stacks/Makefile b/stacks/Makefile deleted file mode 100644 index 1443db88..00000000 --- a/stacks/Makefile +++ /dev/null @@ -1,65 +0,0 @@ -MAKEFLAGS += -rR -STACKS = $(basename $(wildcard *.yml)) -DEPLOY = $(STACKS:%=.deploy/%) - -db00: CLUSTER_NAME = db00 -db02: CLUSTER_NAME = db02 - -default: $(DEPLOY) - -.deploy/%: %.yml - @echo Deploying $(@F) - @mkdir -p .deploy - CLUSTER_NAME=$(CLUSTER_NAME) \ - docker stack deploy --with-registry-auth -c $(@F).yml $(@F) - @touch .deploy/$(@F) - -admin: .deploy/admin -artifactory: .deploy/artifactory -authelia: .deploy/authelia -blacklist: .deploy/blacklist -cloud: .deploy/cloud -davite: .deploy/davite -db00: .deploy/db00 -db02: .deploy/db02 -docs: .deploy/docs -dovecot: .deploy/dovecot -dropbox: .deploy/dropbox -duplicati: .deploy/duplicati -ez-ipupdate: .deploy/ez-ipupdate -gitlab: .deploy/gitlab -gitlab-runner: .deploy/gitlab-runner -git-dump: .deploy/git-dump -guacamole: .deploy/guacamole -il-v1: .deploy/il-v1 -jenkins: .deploy/jenkins -jira: .deploy/jira -logspout: .deploy/logspout -mariadb: .deploy/mariadb -mysqldump: .deploy/mysqldump -nexus: .deploy/nexus -portainer: .deploy/portainer -postfix: .deploy/postfix -proftpd: .deploy/proftpd -rainloop: .deploy/rainloop -registry: .deploy/registry -rsyslogd: .deploy/rsyslogd -secondshot: .deploy/secondshot -spamassassin: .deploy/spamassassin -splunk: .deploy/splunk -squirrelmail: .deploy/squirrelmail -swarm-sync: .deploy/swarm-sync -swarm-sync-2: .deploy/swarm-sync-2 -udp-nginx-proxy: .deploy/udp-nginx-proxy -wordpress-ci: .deploy/wordpress-ci -wordpress-il: .deploy/wordpress-il -www00: .deploy/www00 -wwwext: .deploy/wwwext -wx-nginx: .deploy/wx-nginx -wxcam-upload: .deploy/wxcam-upload - -net_create:: - docker network create dbcluster --driver overlay $(LABELS) - -# TODO: does not work -%: .deploy/% diff --git a/stacks/README.md b/stacks/README.md deleted file mode 100644 index ea15d4bf..00000000 --- a/stacks/README.md +++ /dev/null @@ -1,29 +0,0 @@ -## stacks - -These are Docker stack definitions in docker-compose format. Each -represents a separate service running in Swarm. - -### Notes - -* If this repo contains a custom image definition published to Docker - hub, its stack definition is sym-linked to the docker-compose.yml - file in the same directory as its Dockerfile - -* Environment variables, labels and external secrets are local - settings which are kept in a separate private git repo. They're each - referenced explicitly in the environment section of each compose - file, rather than by reference to a separate env_file, for - clarity. - -|Variable|Description| -|--------|-----------| -|ADMIN_PATH|Directory (stored in git) containing admin settings| -|DB_HOST|Load-balanced hostname of primary MySQL database| -|REGISTRY_URI|Local docker registry hostname:port| -|SHARE_PATH|Directory pathname to synchronize across hosts| - -### Status - -With the rise in popularity of Kubernetes in 2018, usage of docker-compose -file format is declining. I'm no longer using these files and there is -no validation testing to confirm they still work. diff --git a/stacks/admin.yml b/stacks/admin.yml deleted file mode 120000 index 6c59e563..00000000 --- a/stacks/admin.yml +++ /dev/null @@ -1 +0,0 @@ -../images/git-pull/docker-compose.yml \ No newline at end of file diff --git a/stacks/artifactory.yml b/stacks/artifactory.yml deleted file mode 100644 index aa3874d4..00000000 --- a/stacks/artifactory.yml +++ /dev/null @@ -1,25 +0,0 @@ -version: "3" -services: - - app: - image: docker.bintray.io/jfrog/artifactory-oss:${VERSION_ARTIFACTORY:-latest} - hostname: artifactory - environment: - DB_HOST: ${DB_HOST:-db00} - DB_PASSWORD: redacted - DB_TYPE: mysql - TZ: ${TZ:-UTC} - ports: - - ${PORT_ARTIFACTORY:-18080}:8081 - volumes: - - ${SHARE_PATH}/artifactory/data:/var/opt/jfrog/artifactory - - ${SHARE_PATH}/artifactory/mysql-connector-java-5.1.40.jar:/opt/jfrog/artifactory/tomcat/lib/mysql-connector-java-5.1.40-bin.jar - deploy: - placement: - constraints: - - node.labels.swarm-sync-member == true - -networks: - default: - external: - name: app_net diff --git a/stacks/authelia.yml b/stacks/authelia.yml deleted file mode 100644 index 48cd2cc8..00000000 --- a/stacks/authelia.yml +++ /dev/null @@ -1,27 +0,0 @@ -version: '3' - -services: - authelia: - hostname: authelia - image: clems4ever/authelia:${VERSION_AUTHELIA:-latest} - volumes: - - ${ADMIN_PATH:-/opt}/authelia/config.yml:/etc/authelia/config.yml:ro - - ${SHARE_PATH}/authelia/store:/var/lib/authelia/store - ports: - - ${PORT_AUTHELIA:-17380}:80 - deploy: - placement: - constraints: - - ${LABEL_WORKER:-node.role == worker} - - ldap: - image: dinkel/openldap:latest - environment: - SLAPD_ORGANISATION: Community Internet - SLAPD_DOMAIN: ${DOMAIN} - SLAPD_PASSWORD: password - SLAPD_ADDITIONAL_MODULES: memberof - SLAPD_ADDITIONAL_SCHEMAS: openldap - SLAPD_FORCE_RECONFIGURE: 'true' - volumes: - - ${ADMIN_PATH:-/opt}/authelia/ldap:/etc/ldap.dist/prepopulate:ro diff --git a/stacks/blacklist.yml b/stacks/blacklist.yml deleted file mode 120000 index 24f1b113..00000000 --- a/stacks/blacklist.yml +++ /dev/null @@ -1 +0,0 @@ -../images/blacklist/docker-compose.yml \ No newline at end of file diff --git a/stacks/cloud.yml b/stacks/cloud.yml deleted file mode 100644 index b4df7bbe..00000000 --- a/stacks/cloud.yml +++ /dev/null @@ -1,25 +0,0 @@ -version: "3" -services: - - app: - image: nextcloud:${VERSION_NEXTCLOUD:-latest} - hostname: cloud.${DOMAIN} - environment: - TZ: ${TZ:-UTC} - ports: - - ${PORT_CLOUD:-18280}:80 - volumes: - - ${SHARE_PATH:-/opt}/cloud/html:/var/www/html - - ${PHOTOS_PATH}/${CLOUD_USER1}:/var/www/html/data/${CLOUD_USER1}/files/Photos - - ${PHOTOS_PATH}/${CLOUD_USER2}:/var/www/html/data/${CLOUD_USER2}/files/Photos - deploy: - placement: - constraints: - - ${LABEL_WORKER:-node.role == worker} - -volumes: - html: -networks: - default: - external: - name: app_net diff --git a/stacks/davite.yml b/stacks/davite.yml deleted file mode 120000 index f7d8f0b2..00000000 --- a/stacks/davite.yml +++ /dev/null @@ -1 +0,0 @@ -../images/davite/docker-compose.yml \ No newline at end of file diff --git a/stacks/db00.yml b/stacks/db00.yml deleted file mode 100644 index 10a03a65..00000000 --- a/stacks/db00.yml +++ /dev/null @@ -1,45 +0,0 @@ -version: "3.2" - -services: - peer: - hostname: "{{.Service.Name}}-{{.Task.Slot}}" - image: ${REGISTRY_URI:-instantlinux}/mariadb-galera:${VERSION_MARIADB:-latest} - environment: - CLUSTER_NAME: ${CLUSTER_NAME:-cluster01} - DISCOVERY_SERVICE: ${ETCD_HOST:-etcd}:2379 - CLUSTER_SIZE: 3 - ports: - - target: 3306 - published: 19306 - protocol: tcp - mode: host - volumes: - - data:/var/lib/mysql - - logs:/var/log/mysql - - ${ADMIN_PATH:-/opt}/mariadb/etc/:/etc/mysql/my.cnf.d:ro - secrets: - - mysql-root-password - - sst-auth-password - deploy: - mode: global - labels: - - ${LABEL:-service_type=mariadb} - restart_policy: - condition: any - delay: 20s - max_attempts: 30 - -volumes: - data: - labels: - - ${LABEL:-service_type=mariadb} - logs: - labels: - - ${LABEL:-service_type=mariadb} -networks: - default: -secrets: - mysql-root-password: - external: true - sst-auth-password: - external: true diff --git a/stacks/db02.yml b/stacks/db02.yml deleted file mode 100644 index ba647737..00000000 --- a/stacks/db02.yml +++ /dev/null @@ -1,45 +0,0 @@ -version: "3.2" - -services: - peer: - hostname: "{{.Service.Name}}-{{.Task.Slot}}" - image: ${REGISTRY_URI:-instantlinux}/mariadb-galera:${VERSION_MARIADB:-latest} - environment: - CLUSTER_NAME: ${CLUSTER_NAME:-cluster01} - DISCOVERY_SERVICE: ${ETCD_HOST:-etcd}:2379 - CLUSTER_SIZE: 3 - ports: - - target: 3306 - published: 18306 - protocol: tcp - mode: host - volumes: - - data:/var/lib/mysql - - logs:/var/log/mysql - - ${ADMIN_PATH:-/opt}/mariadb/etc/:/etc/mysql/my.cnf.d:ro - secrets: - - mysql-root-password - - sst-auth-password - deploy: - mode: global - labels: - - ${LABEL:-service_type=mariadb} - restart_policy: - condition: any - delay: 20s - max_attempts: 30 - -volumes: - data: - labels: - - ${LABEL:-service_type=mariadb} - logs: - labels: - - ${LABEL:-service_type=mariadb} -networks: - default: -secrets: - mysql-root-password: - external: true - sst-auth-password: - external: true diff --git a/stacks/docs.yml b/stacks/docs.yml deleted file mode 120000 index edd262e0..00000000 --- a/stacks/docs.yml +++ /dev/null @@ -1 +0,0 @@ -../images/open-xchange-appsuite/docker-compose.yml \ No newline at end of file diff --git a/stacks/dovecot.yml b/stacks/dovecot.yml deleted file mode 120000 index d39f4bc1..00000000 --- a/stacks/dovecot.yml +++ /dev/null @@ -1 +0,0 @@ -../images/dovecot/docker-compose.yml \ No newline at end of file diff --git a/stacks/dropbox.yml b/stacks/dropbox.yml deleted file mode 120000 index 52ac0ad8..00000000 --- a/stacks/dropbox.yml +++ /dev/null @@ -1 +0,0 @@ -../images/dropbox/docker-compose.yml \ No newline at end of file diff --git a/stacks/duplicati.yml b/stacks/duplicati.yml deleted file mode 100644 index 52f8b298..00000000 --- a/stacks/duplicati.yml +++ /dev/null @@ -1,47 +0,0 @@ -version: "3" -services: - - app: - image: ${REGISTRY_URI:-instantlinux}/duplicati:${VERSION_DUPLICATI:-latest} - environment: - PUID: 0 - TZ: ${TZ:-UTC} - ports: - - ${PORT_DUPLICATI:-8200}:8200 - volumes: - - ${SHARE_PATH:-/opt}/duplicati/config:/config - - backups:/backups - - restore:/restore - # list of volumes to back up, customize as needed - - backup:/backup/services:ro - - dovecot_inbox:/backup/inbox:ro - - dovecot_webmail:/backup/webmail:ro - - /home:/backup/home:ro - - /pc:/backup/pc:ro - - proftpd_ftp:/backup/ftp:ro - - samba_dos:/backup/samba_dos:ro - - sambadc_lib:/backup/sambadc:ro - - user_home:/backup/u:ro - - ${SHARE_PATH}:/backup/share:ro - deploy: - placement: - constraints: - - node.labels.swarm-sync == peer - -volumes: - backups: - restore: - backup: - external: true - dovecot_inbox: - external: true - dovecot_webmail: - external: true - proftpd_ftp: - external: true - samba_dos: - external: true - sambadc_lib: - external: true - user_home: - external: true diff --git a/stacks/ez-ipupdate.yml b/stacks/ez-ipupdate.yml deleted file mode 120000 index 9334ae6c..00000000 --- a/stacks/ez-ipupdate.yml +++ /dev/null @@ -1 +0,0 @@ -../images/ez-ipupdate/docker-compose.yml \ No newline at end of file diff --git a/stacks/git-dump.yml b/stacks/git-dump.yml deleted file mode 120000 index f9ba58d6..00000000 --- a/stacks/git-dump.yml +++ /dev/null @@ -1 +0,0 @@ -../images/git-dump/docker-compose.yml \ No newline at end of file diff --git a/stacks/gitlab-runner.yml b/stacks/gitlab-runner.yml deleted file mode 100644 index 11f48217..00000000 --- a/stacks/gitlab-runner.yml +++ /dev/null @@ -1,21 +0,0 @@ -version: "3" -services: - - app: - image: gitlab/gitlab-runner:alpine-v${VERSION_GITLAB_RUNNER} - volumes: - - config:/etc/gitlab-runner - - ${SHARE_PATH:-/opt}/common/pki/ca/instantlinux-ca.crt:/etc/gitlab-runner/certs/ca.crt:ro - - /var/run/docker.sock:/var/run/docker.sock - deploy: - placement: - constraints: - - ${LABEL_WORKER:-node.role == worker} - replicas: 2 - -volumes: - config: -networks: - default: - external: - name: app_net diff --git a/stacks/gitlab.yml b/stacks/gitlab.yml deleted file mode 100644 index cf735df7..00000000 --- a/stacks/gitlab.yml +++ /dev/null @@ -1,48 +0,0 @@ -version: "3" -services: - - app: - image: gitlab/gitlab-ce:${VERSION_GITLAB:-latest} - hostname: git.instantlinux.net - command: > - bash -c "mkdir -p /var/backups/gitlab && - rm -fr /var/opt/gitlab/backups && - ln -fnsT /var/backups/gitlab /var/opt/gitlab/backups && - bash -c '/var/backups/gitlab/gitback &' && - exec /assets/wrapper" - environment: - TZ: ${TZ:-UTC} - ports: - - ${PORT_GITLAB_HTTP:-18080}:80 - - ${PORT_GITLAB_SSH:-8999}:22 - # ${PORT_GITLAB_HTTPS:-443}:443 - volumes: - - ${SHARE_PATH}/gitlab/config:/etc/gitlab - - ${SHARE_PATH}/gitlab/data:/var/opt/gitlab - - backup:/var/backups - - logs:/var/log/gitlab - deploy: - placement: - constraints: - - ${LABEL_WORKER:-node.role == worker} - logging: - driver: json-file - options: - max-size: 2M - max-file: 4 -# ulimits: -# sigpending: 62793 -# nproc: 131072 -# nofile: 60000 -# core: 0 - -volumes: - backup: - # Make sure gitlab dir exists and contains executable gitback script - # (or comment out above reference to gitback) - external: true - logs: -networks: - default: - external: - name: app_net diff --git a/stacks/guacamole.yml b/stacks/guacamole.yml deleted file mode 100644 index eb823420..00000000 --- a/stacks/guacamole.yml +++ /dev/null @@ -1,17 +0,0 @@ -version: "3" -services: - - guac: - image: guacamole/guacamole:${VERSION_GUACAMOLE:-latest} - hostname: guac - ports: - - ${PORT_GUACAMOLE:-16080}:8080 - environment: - MYSQL_HOSTNAME: ${DB_HOST:-db} - MYSQL_DATABASE: guacamole - MYSQL_USER: guacamole_user - MYSQL_PASSWORD: ${GUACAMOLE_DBPASS:-guacamole} - GUACD_HOSTNAME: guacd - guacd: - image: guacamole/guacd:${VERSION_GUACAMOLE:-latest} - hostname: guacd diff --git a/stacks/il-v1.yml b/stacks/il-v1.yml deleted file mode 120000 index b2954367..00000000 --- a/stacks/il-v1.yml +++ /dev/null @@ -1 +0,0 @@ -../images/il-v1/docker-compose.yml \ No newline at end of file diff --git a/stacks/jenkins.yml b/stacks/jenkins.yml deleted file mode 120000 index 3510878f..00000000 --- a/stacks/jenkins.yml +++ /dev/null @@ -1 +0,0 @@ -../images/jenkins-master/docker-compose.yml \ No newline at end of file diff --git a/stacks/jira.yml b/stacks/jira.yml deleted file mode 100644 index 2daa868a..00000000 --- a/stacks/jira.yml +++ /dev/null @@ -1,25 +0,0 @@ -version: "3" -services: - app: - hostname: jira - image: cptactionhank/atlassian-jira:${VERSION_JIRA:-latest} - environment: - CATALINA_OPTS: -Xms512m -Xmx1280m - X_PROXY_NAME: jira.${DOMAIN} - X_PROXY_PORT: 443 - X_PROXY_SCHEME: https - TZ: ${TZ:-UTC} - ports: - - ${PORT_JIRA:-15080}:8080 - volumes: - - ${SHARE_PATH}/jira01/home:/var/atlassian/jira - - ${SHARE_PATH}/jira01/logs:/opt/atlassian/jira/logs - deploy: - placement: - constraints: - - node.labels.swarm-sync-member == true - -networks: - default: - external: - name: app_net diff --git a/stacks/logspout.yml b/stacks/logspout.yml deleted file mode 100644 index ecd8740d..00000000 --- a/stacks/logspout.yml +++ /dev/null @@ -1,19 +0,0 @@ -version: "3" -services: - - app: - image: gliderlabs/logspout:${VERSION_LOGSPOUT:-latest} - environment: - SYSLOG_FORMAT: rfc3164 - TZ: ${TZ:-UTC} - command: syslog+tcp://${RSYSLOGD_HOST:-syslog}:${PORT_RSYSLOGD:-514} - volumes: - - /etc/hostname:/etc/host_hostname:ro - - /var/run/docker.sock:/var/run/docker.sock:ro - deploy: - mode: global - -networks: - default: - external: - name: app_net diff --git a/stacks/mysqldump.yml b/stacks/mysqldump.yml deleted file mode 120000 index bce0f895..00000000 --- a/stacks/mysqldump.yml +++ /dev/null @@ -1 +0,0 @@ -../images/mysqldump/docker-compose.yml \ No newline at end of file diff --git a/stacks/nexus.yml b/stacks/nexus.yml deleted file mode 100644 index 18ccc488..00000000 --- a/stacks/nexus.yml +++ /dev/null @@ -1,24 +0,0 @@ -version: "3" -services: - - app: - image: sonatype/nexus3:${VERSION_NEXUS:-latest} - hostname: nexus - environment: - INSTALL4J_ADD_VM_PARAMS: > - -Xms1536m -Xmx2048m -XX:MaxDirectMemorySize=3g - TZ: ${TZ:-UTC} - ports: - - ${PORT_NEXUS:-8081}:8081 - - ${PORT_NEXUS_REGISTRY:-5000}:5000 - volumes: - - /var/lib/docker/share/nexus:/nexus-data - deploy: - placement: - constraints: - - node.labels.swarm-sync-member == true - -networks: - default: - external: - name: app_net diff --git a/stacks/postfix.yml b/stacks/postfix.yml deleted file mode 120000 index 36cb1836..00000000 --- a/stacks/postfix.yml +++ /dev/null @@ -1 +0,0 @@ -../images/postfix-python/docker-compose.yml \ No newline at end of file diff --git a/stacks/proftpd.yml b/stacks/proftpd.yml deleted file mode 120000 index b2c0a470..00000000 --- a/stacks/proftpd.yml +++ /dev/null @@ -1 +0,0 @@ -../images/proftpd/docker-compose.yml \ No newline at end of file diff --git a/stacks/rainloop.yml b/stacks/rainloop.yml deleted file mode 100644 index bf1f441d..00000000 --- a/stacks/rainloop.yml +++ /dev/null @@ -1,24 +0,0 @@ -version: "3.2" - -services: - app: - image: hardware/rainloop:$VERSION_RAINLOOP - environment: - GID: ${RAINLOOP_GID:-991} - UID: ${RAINLOOP_UID:-991} - LOG_TO_STDOUT: "true" - ports: - - ${PORT_RAINLOOP:-8080}:8888 - volumes: - - ${SHARE_PATH}/rainloop/data:/rainloop/data - deploy: - placement: - constraints: - - ${LABEL_WORKER:-node.role == worker} - -volumes: - data: -networks: - default: - external: - name: app_net diff --git a/stacks/registry.yml b/stacks/registry.yml deleted file mode 100644 index 57c0f499..00000000 --- a/stacks/registry.yml +++ /dev/null @@ -1,24 +0,0 @@ -version: "3" -services: - - app: - hostname: registry - image: registry:2 - environment: - REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt - REGISTRY_HTTP_TLS_KEY: /certs/domain.key - TZ: ${TZ:-UTC} - ports: - - ${PORT_REGISTRY:-5000}:5000 - volumes: - - ${SHARE_PATH}/registry:/var/lib/registry - - /root/certs:/certs - deploy: - placement: - constraints: - - node.labels.swarm-sync-member == true - -networks: - default: - external: - name: app_net diff --git a/stacks/rsyslogd.yml b/stacks/rsyslogd.yml deleted file mode 120000 index 1abc8e95..00000000 --- a/stacks/rsyslogd.yml +++ /dev/null @@ -1 +0,0 @@ -../images/rsyslogd/docker-compose.yml \ No newline at end of file diff --git a/stacks/secondshot.yml b/stacks/secondshot.yml deleted file mode 120000 index acc4f2d6..00000000 --- a/stacks/secondshot.yml +++ /dev/null @@ -1 +0,0 @@ -../../secondshot/docker-compose.yml \ No newline at end of file diff --git a/stacks/services/Makefile b/stacks/services/Makefile deleted file mode 100644 index 6d3800f6..00000000 --- a/stacks/services/Makefile +++ /dev/null @@ -1,32 +0,0 @@ -# Ad-hoc services -# These are containers run without Kubernetes -# -# Usage: -# # Make sure to set up SHARE_PATH env -# make - -HOST = $(shell hostname -s) -REGISTRY_URI ?= nexus.instantlinux.net -SERVICES = haproxy-keepalived minio mythtv-backend nut-upsd restic-server -ifeq ($(shell test -d /var/adm/admin/services && echo 1),1) - export ADMIN_PATH=/var/adm/admin/services -endif - -default: $(HOST) - -cumbre: haproxy-keepalived nut-upsd -k2: nagios haproxy-keepalived keycloak restic-server - -$(SERVICES):: - @echo Starting $@ - cd $@ ; docker compose up -d - -keycloak:: - @echo Starting $@ - @cd $@ ; KEYCLOAK_DB_PASSWORD=$(shell cat \ - /var/adm/secrets/keycloak-db-password) docker compose up -d - -nagios:: - @echo Starting $@ - docker pull $(REGISTRY_URI)/nagiosql:latest; \ - cd $@ ; docker compose up -d diff --git a/stacks/services/README.md b/stacks/services/README.md deleted file mode 100644 index b23ab8c1..00000000 --- a/stacks/services/README.md +++ /dev/null @@ -1,28 +0,0 @@ -## Non-swarm services - -The service definitions here represent the cases where limitations -of Docker's swarm implementation made it difficult or impossible to -run them via 'docker stack deploy'. Examples: - -* dhcpd needs to run on host network, with kernel net-admin capability - -* etcd instances require IP address settings on command line and thus -far Docker doesn't provide a way to assign static IPs (or separate DNS -host names) via compose in swarm mode. - -* haproxy-keepalived needs to run on host network, with kernel net-admin capability - -* mt-daapd (iTunes server) needs to run on host network for mDNS (avahi) service -discovery. - -* nagios can run fine in swarm but I've chosen to run it outside the single swarm that I have - -* nut-upsd needs kernel privileges for the USB device - -* samba's nmbd daemon needs to run on host network. - -* weewx (weather station) needs a 'devices' directive. - -Each service defined here is invoked via docker-compose from one of -the docker hosts. Failover requires manual intervention. - diff --git a/stacks/services/dhcpd-dns-pxe/docker-compose.yml b/stacks/services/dhcpd-dns-pxe/docker-compose.yml deleted file mode 100644 index 3ea75ccf..00000000 --- a/stacks/services/dhcpd-dns-pxe/docker-compose.yml +++ /dev/null @@ -1,33 +0,0 @@ -version: "3" - -services: - app: - image: ${REGISTRY_URI:-instantlinux}/dhcpd-dns-pxe:latest - restart: always - environment: - DHCP_NETBIOS_NAME_SERVERS: ${DHCP_NETBIOS_NAME_SERVERS} - DHCP_RANGE: ${DHCP_RANGE} - DHCP_SUBNET1: ${DHCP_SUBNET1:-192.168.1.0} - DOMAIN: ${DOMAIN:-example.com} - DNS_SERVER: ${DNS_SERVERS:-8.8.8.8} - DNS_UPSTREAM: ${DNS_UPSTREAM:-8.8.8.8} - NTP_SERVER: ${NTP_SERVERS:-0.pool.ntp.org} - PORT_DNSMASQ_DNS: ${PORT_DNSMASQ_DNS:-53} - SUBNET1_GATEWAY: ${SUBNET1_GATEWAY:-192.168.1.1} - SUBNET1_INTERFACE: ${SUBNET1_INTERFACE:-eth0} - TZ: ${TZ:-UTC} - ports: - - ${PORT_DNSMASQ_DNS:-53}:53/udp - - 67:67/udp - - 69:69/udp - volumes: - - ${SHARE_PATH}/dhcpd-dns-pxe/pxelinux:/tftpboot/pxelinux:ro - - ${ADMIN_PATH}/dhcpd-dns-pxe/etc/dhcpd.d:/etc/dhcpd.d/local:ro - - ${ADMIN_PATH}/dhcpd-dns-pxe/etc/dnsmasq.d:/etc/dnsmasq.d/local:ro - - leases:/var/lib/misc - network_mode: host - cap_add: - - NET_ADMIN - -volumes: - leases: diff --git a/stacks/services/etcd/docker-compose.yml b/stacks/services/etcd/docker-compose.yml deleted file mode 100644 index 89e8c522..00000000 --- a/stacks/services/etcd/docker-compose.yml +++ /dev/null @@ -1,37 +0,0 @@ -version: "3" - -# Each host's ETCD_NAME should be unique and resolveable in DNS (or use IP addr) -# Optionally specify $CLUSTER name - -# to restart a cluster, generate a new DISCOVERY_TOKEN with desired size -# DISCOVERY_TOKEN=$(basename `curl -s 'https://discovery.etcd.io/new?size=3'`) -# export DISCOVERY_TOKEN -# use the same value on each instance -# remove the etcd_data volume, then from services dir invoke: -# make etcd - -services: - v3: - image: quay.io/coreos/etcd:v3.2.9 - restart: always - hostname: ${ETCD_NAME:-v3} - volumes: - - data:/var/etcd - ports: - - ${PORT_ETCD_CLIENT:-2379}:2379 - - ${PORT_ETCD_PEER:-2380}:2380 - network_mode: host - command: > - sh -c "apk add --update ca-certificates && - /usr/local/bin/etcd \ - -advertise-client-urls http://${ETCD_NAME:-v3}:2379 \ - -data-dir /var/etcd \ - -discovery https://discovery.etcd.io/${DISCOVERY_TOKEN} \ - -initial-advertise-peer-urls http://${ETCD_NAME:-v3}:2380 \ - -initial-cluster-token ${CLUSTER:-etcd-cluster-1} \ - -listen-client-urls http://0.0.0.0:2379 \ - -listen-peer-urls http://0.0.0.0:2380 \ - -name ${ETCD_NAME:-v3}" - -volumes: - data: diff --git a/stacks/services/mt-daapd/docker-compose.yml b/stacks/services/mt-daapd/docker-compose.yml deleted file mode 100644 index 61db3796..00000000 --- a/stacks/services/mt-daapd/docker-compose.yml +++ /dev/null @@ -1,16 +0,0 @@ -version: "3.1" - -services: - app: - image: instantlinux/mt-daapd:latest - restart: always - hostname: ${HOST:-mt-daapd} - environment: - SERVER_BANNER: "%h Firefly MP3 via Docker" - volumes: - - /pc/MP3:/srv/music:ro - - cache:/var/cache/forked-daapd - network_mode: host - -volumes: - cache: diff --git a/stacks/services/mythtv-backend/docker-compose.yml b/stacks/services/mythtv-backend/docker-compose.yml deleted file mode 100644 index 9862a392..00000000 --- a/stacks/services/mythtv-backend/docker-compose.yml +++ /dev/null @@ -1,32 +0,0 @@ -version: "3.1" - -services: - app: - image: ${REGISTRY_URI:-instantlinux}/mythtv-backend:latest - hostname: ${HOSTNAME_MYTHTV:-mythtv} - restart: always - environment: - DBNAME: ${DB_MYTHTV:-mythtv} - DBSERVER: ${DB_HOST:-db00} - LOCALHOSTNAME: ${HOSTNAME_MYTHTV:-mythtv} - TZ: ${TZ:-UTC} - network_mode: host - volumes: - - apache2:/var/log/apache2 - - data:/var/mythdata - - home:/home/mythtv - - /var/mythtv:/var/mythtv - secrets: - - mythtv-db-password - - mythtv-user-password - -secrets: - mythtv-db-password: - file: /var/adm/secrets/mythtv-db-password - mythtv-user-password: - file: /var/adm/secrets/mythtv-user-password - -volumes: - apache2: - data: - home: diff --git a/stacks/services/ntpd/docker-compose.yml b/stacks/services/ntpd/docker-compose.yml deleted file mode 100644 index b26289b1..00000000 --- a/stacks/services/ntpd/docker-compose.yml +++ /dev/null @@ -1,18 +0,0 @@ -version: "3" -services: - - app: - image: alpine:3.6 - restart: always - command: sh -c 'mkdir -p /var/lib/ntp/drift; exec /usr/sbin/ntpd -dn -I eth0' - volumes: - - ${ADMIN_PATH:-/opt}/ntpd/ntp.conf:/etc/ntp.conf:ro - - ${ADMIN_PATH:-/opt}/ntpd/ntp.keys:/etc/ntp.keys:ro - ports: - - 123:123/udp - cap_add: - - SYS_TIME - - SYS_NICE - network_mode: bridge - deploy: - mode: global diff --git a/stacks/services/samba-dc/docker-compose.yml b/stacks/services/samba-dc/docker-compose.yml deleted file mode 100644 index d3034189..00000000 --- a/stacks/services/samba-dc/docker-compose.yml +++ /dev/null @@ -1,41 +0,0 @@ -version: "3.1" - -services: - app: - image: ${REGISTRY_URI:-instantlinux}/samba-dc:latest - restart: always - network_mode: host - hostname: ${SAMBADC_HOSTNAME:-dc.example.com} - environment: - DOMAIN_ACTION: join - INTERFACES: ${SAMBADC_INTERFACES:-lo eth0} - REALM: ${SAMBA_REALM:-ad.example.com} - TZ: ${TZ:-UTC} - WORKGROUP: ${SAMBA_WORKGROUP:-WORKGROUP} - volumes: - - etc:/etc/samba - - lib:/var/lib/samba - ports: - - 53:53 - - 53:53/udp - - 88:88 - - 88:88/udp - - 135:135 - - 137-138:137-138/udp - - 139:139 - - 389:389 - - 389:389/udp - - 445:445 - - 464:464 - - 464:464/udp - - 636:636 - - 3268-3269:3268-3269 - secrets: - - samba-admin-password - -volumes: - etc: - lib: -secrets: - samba-admin-password: - file: /var/adm/secrets/samba-admin-password diff --git a/stacks/services/samba/docker-compose.yml b/stacks/services/samba/docker-compose.yml deleted file mode 100644 index c769a501..00000000 --- a/stacks/services/samba/docker-compose.yml +++ /dev/null @@ -1,25 +0,0 @@ -version: "3" - -services: - app: - image: ${REGISTRY_URI:-instantlinux}/samba:latest - network_mode: host - restart: always - environment: - LOG_LEVEL: 3 - NETBIOS_NAME: ${SAMBA_NETBIOS_NAME:-samba} - SERVER_STRING: ${SAMBA_SERVER_STRING:-Samba Server} - TZ: ${TZ:-UTC} - WORKGROUP: ${SAMBA_WORKGROUP:-WORKGROUP} - volumes: - - ${ADMIN_PATH}/samba/etc:/etc/samba/conf.d:ro - - ${SHARE_PATH}/samba/var/lib:/var/lib/samba - - log:/var/log/samba - # Add your mounts here - ports: - - 137-138:137-138/udp - - 139:139 - - 445:445 - -volumes: - log: diff --git a/stacks/spamassassin.yml b/stacks/spamassassin.yml deleted file mode 120000 index 81a7ba49..00000000 --- a/stacks/spamassassin.yml +++ /dev/null @@ -1 +0,0 @@ -../images/spamassassin/docker-compose.yml \ No newline at end of file diff --git a/stacks/splunk.yml b/stacks/splunk.yml deleted file mode 100644 index 64b14782..00000000 --- a/stacks/splunk.yml +++ /dev/null @@ -1,30 +0,0 @@ -version: "3" - -services: - app: - image: splunk/splunk:${VERSION_SPLUNK:-latest} - hostname: splunk.${DOMAIN} - environment: - SPLUNK_START_ARGS: --accept-license --answer-yes - SPLUNK_USER: root - SPLUNK_PASSWORD: changeme - SPLUNK_ENABLE_LISTEN: 9997 - SPLUNK_ADD: tcp 1514 - ports: - - ${PORT_SPLUNK_HTTP:-17180}:8000 - - ${PORT_SPLUNK_SYSLOG:-1514}:1514 - - ${PORT_SPLUNK_HEC:-8088}:8088 - - ${PORT_SPLUNK_API:-8089}:8089 - - ${PORT_SPLUNK_FWD:-9997}:9997 - volumes: - - /var/dvol/splunk/etc:/opt/splunk/etc - - /var/dvol/splunk/var:/opt/splunk/var - deploy: - placement: - constraints: - - node.labels.swarm-sync == primary - -networks: - default: - external: - name: app_net diff --git a/stacks/squirrelmail.yml b/stacks/squirrelmail.yml deleted file mode 120000 index e3893de6..00000000 --- a/stacks/squirrelmail.yml +++ /dev/null @@ -1 +0,0 @@ -../images/squirrelmail/docker-compose.yml \ No newline at end of file diff --git a/stacks/swarm-sync-2.yml b/stacks/swarm-sync-2.yml deleted file mode 100644 index 44c65861..00000000 --- a/stacks/swarm-sync-2.yml +++ /dev/null @@ -1,48 +0,0 @@ -version: "3.1" -# Synchronize primary with tertiary -# Note that the stack has to be redeployed any time a new volume -# mount is added underneath the top-level share - -services: - - primary: - image: ${REGISTRY_URI:-instantlinux}/swarm-sync:${VERSION_SWARMSYNC:-latest} - environment: - SECRET: swarm-sync-2_sshkey - SYNC_INTERVAL: "2" - TZ: ${TZ:-UTC} - volumes: - - logs:/var/log/unison - - syncarchive:/root/.unison - - ${SHARE_PATH}:/var/swarm-sync - secrets: - - swarm-sync-2_sshkey - deploy: - placement: - constraints: - - node.labels.swarm-sync == primary - depends_on: - - peer - - peer: - image: ${REGISTRY_URI:-instantlinux}/swarm-sync:latest - environment: - SYNC_ROLE: peer - env_file: - - ../../.docker/swarm-sync-2.pub.env - volumes: - - etcssh:/etc/ssh - - syncarchive:/root/.unison - - ${SHARE_PATH}:/var/swarm-sync - deploy: - placement: - constraints: - - node.labels.swarm-sync == tertiary - -volumes: - etcssh: - logs: - syncarchive: -secrets: - swarm-sync-2_sshkey: - external: true diff --git a/stacks/swarm-sync.yml b/stacks/swarm-sync.yml deleted file mode 120000 index 0a4d31ac..00000000 --- a/stacks/swarm-sync.yml +++ /dev/null @@ -1 +0,0 @@ -../images/swarm-sync/docker-compose.yml \ No newline at end of file diff --git a/stacks/udp-nginx-proxy.yml b/stacks/udp-nginx-proxy.yml deleted file mode 120000 index 44560931..00000000 --- a/stacks/udp-nginx-proxy.yml +++ /dev/null @@ -1 +0,0 @@ -../images/udp-nginx-proxy/docker-compose.yml \ No newline at end of file diff --git a/stacks/wordpress-ci.yml b/stacks/wordpress-ci.yml deleted file mode 100644 index e88bf2ff..00000000 --- a/stacks/wordpress-ci.yml +++ /dev/null @@ -1,30 +0,0 @@ -version: "3" -services: - app: - image: wordpress:${VERSION_WORDPRESS:-latest} - ports: - - ${PORT_WORDPRESS_CI:-8080}:80 - environment: - TZ: ${TZ:-UTC} - WORDPRESS_DB_HOST: ${DB_HOST:-db} - WORDPRESS_DB_NAME: wordpress_ci - WORDPRESS_DB_USER: wordpress - env_file: - - ${SHARE_PATH}/wordpress-ci/env - volumes: - - ${SHARE_PATH}/wordpress-ci/html:/var/www/html - - ${ADMIN_PATH:-/opt}/wordpress/ci-php.ini:/usr/local/etc/php/conf.d/ci-php.ini:ro - deploy: - placement: - constraints: - - ${LABEL_WORKER:-node.role == worker} - logging: - driver: json-file - options: - max-size: 100k - max-file: 10 - -networks: - default: - external: - name: app_net diff --git a/stacks/wordpress-il.yml b/stacks/wordpress-il.yml deleted file mode 100644 index 18ad4855..00000000 --- a/stacks/wordpress-il.yml +++ /dev/null @@ -1,30 +0,0 @@ -version: "3" -services: - app: - image: wordpress:${VERSION_WORDPRESS:-latest} - ports: - - ${PORT_WORDPRESS_IL:-8080}:80 - environment: - TZ: ${TZ:-UTC} - WORDPRESS_DB_HOST: ${DB_HOST:-db} - WORDPRESS_DB_NAME: wordpress_il - WORDPRESS_DB_USER: wordpress - env_file: - - ${SHARE_PATH}/wordpress-il/env - volumes: - - ${SHARE_PATH}/wordpress-il/html:/var/www/html - - ${ADMIN_PATH:-/opt}/wordpress/ci-php.ini:/usr/local/etc/php/conf.d/ci-php.ini:ro - deploy: - placement: - constraints: - - ${LABEL_WORKER:-node.role == worker} - logging: - driver: json-file - options: - max-size: 100k - max-file: 10 - -networks: - default: - external: - name: app_net diff --git a/stacks/www00.yml b/stacks/www00.yml deleted file mode 100644 index 084e94c0..00000000 --- a/stacks/www00.yml +++ /dev/null @@ -1,56 +0,0 @@ -version: "3.2" -services: - - app: - image: nginx:${VERSION_NGINX:-latest} - ports: - - target: 443 - published: 19443 - protocol: tcp - mode: host - - target: 80 - published: 19080 - protocol: tcp - mode: host - volumes: - - ${ADMIN_PATH:-/opt}/www00/etc/nginx/conf.d:/etc/nginx/conf.d:ro - - ${SHARE_PATH}/common/pki/ca:/etc/ssl/ca:ro - - ${SHARE_PATH}/common/pki/certs:/etc/ssl/certs:ro - environment: - TZ: ${TZ:-UTC} - deploy: - placement: - constraints: - - ${LABEL_WORKER:-node.role == worker} - replicas: 3 - secrets: - - desktop.ci.net-server-key.pem - - git.instantlinux.net-server-key.pem - - jenkins.ci.net-server-key.pem - - jira.ci.net-server-key.pem - - monitor.ci.net-server-key.pem - - nexus.instantlinux.net-server-key.pem - - repo.ci.net-server-key.pem - - splunk.ci.net-server-key.pem - -networks: - default: - external: - name: app_net -secrets: - desktop.ci.net-server-key.pem: - external: true - git.instantlinux.net-server-key.pem: - external: true - jenkins.ci.net-server-key.pem: - external: true - jira.ci.net-server-key.pem: - external: true - monitor.ci.net-server-key.pem: - external: true - nexus.instantlinux.net-server-key.pem: - external: true - repo.ci.net-server-key.pem: - external: true - splunk.ci.net-server-key.pem: - external: true diff --git a/stacks/wwwext.yml b/stacks/wwwext.yml deleted file mode 100644 index 12aaadcd..00000000 --- a/stacks/wwwext.yml +++ /dev/null @@ -1,76 +0,0 @@ -version: "3.2" -services: - -# This serves nginx for Internet-facing internal services - - app: - image: nginx:${VERSION_NGINX:-latest} - ports: - - target: 443 - published: 19444 - protocol: tcp - mode: host - - target: 80 - published: 19081 - protocol: tcp - mode: host - volumes: - - ${ADMIN_PATH:-/opt}/wwwext/etc/nginx/conf.d:/etc/nginx/conf.d:ro - - ${SHARE_PATH}/common/pki/ca:/etc/ssl/ca:ro - - ${SHARE_PATH}/common/pki/certs:/etc/ssl/certs:ro - environment: - TZ: ${TZ:-UTC} - deploy: - placement: - constraints: - - ${LABEL_WORKER:-node.role == worker} - replicas: 2 - secrets: - - authtotp.ci.net-server-key.pem - - cloud.ci.net-server-key.pem - - desktop.ci.net-server-key.pem - - docs.ci.net-server-key.pem - - git.instantlinux.net-server-key.pem - - homebase.instantlinux.net-server-key.pem - - jenkins.ci.net-server-key.pem - - jira.ci.net-server-key.pem - - monitor.ci.net-server-key.pem - - repo.ci.net-server-key.pem - - squirrelmail.ci.net-server-key.pem - - webmail.ci.net-server-key.pem - - www.ci.net-server-key.pem - - www.instantlinux.net-server-key.pem - -networks: - default: - external: - name: app_net -secrets: - authtotp.ci.net-server-key.pem: - external: true - cloud.ci.net-server-key.pem: - external: true - desktop.ci.net-server-key.pem: - external: true - docs.ci.net-server-key.pem: - external: true - git.instantlinux.net-server-key.pem: - external: true - homebase.instantlinux.net-server-key.pem: - external: true - jenkins.ci.net-server-key.pem: - external: true - jira.ci.net-server-key.pem: - external: true - monitor.ci.net-server-key.pem: - external: true - repo.ci.net-server-key.pem: - external: true - squirrelmail.ci.net-server-key.pem: - external: true - webmail.ci.net-server-key.pem: - external: true - www.ci.net-server-key.pem: - external: true - www.instantlinux.net-server-key.pem: - external: true diff --git a/stacks/wx-nginx.yml b/stacks/wx-nginx.yml deleted file mode 120000 index 44e3c804..00000000 --- a/stacks/wx-nginx.yml +++ /dev/null @@ -1 +0,0 @@ -../images/weewx/docker-compose-nginx.yml \ No newline at end of file diff --git a/stacks/wxcam-upload.yml b/stacks/wxcam-upload.yml deleted file mode 120000 index 69716aa6..00000000 --- a/stacks/wxcam-upload.yml +++ /dev/null @@ -1 +0,0 @@ -../images/wxcam-upload/docker-compose.yml \ No newline at end of file From 277eb0a35df93eab5758bc92dc62b7fb7e526b04 Mon Sep 17 00:00:00 2001 From: Rich Braun Date: Thu, 22 Jan 2026 13:25:58 -0800 Subject: [PATCH 2/2] SYS-671 wip --- k8s/Makefile.helm | 1 - 1 file changed, 1 deletion(-) diff --git a/k8s/Makefile.helm b/k8s/Makefile.helm index 7491194d..dc475e02 100644 --- a/k8s/Makefile.helm +++ b/k8s/Makefile.helm @@ -45,7 +45,6 @@ endif /usr/local/bin/helm: wget -O /tmp/$(TARBALL) https://get.helm.sh/$(TARBALL) wget -O /tmp/$(TARBALL).sha256 https://get.helm.sh/$(TARBALL).sha256sum - # cd /tmp && echo "$(shell cat /tmp/$(TARBALL).sha256)" | sha256sum -c cd /tmp && sha256sum -c $(TARBALL).sha256 tar xf /tmp/$(TARBALL) -C /tmp sudo mv /tmp/linux-amd64/helm /usr/local/bin