diff --git a/.gitmodules b/.gitmodules index e2777f2..3888c0c 100644 --- a/.gitmodules +++ b/.gitmodules @@ -46,3 +46,6 @@ [submodule "apps/postgresql/postgres_exporter"] path = apps/postgresql/postgres_exporter url = https://github.com/wrouesnel/postgres_exporter.git +[submodule "apps/tekton/dashboard"] + path = apps/tekton/dashboard + url = https://github.com/tektoncd/dashboard.git diff --git a/apps/gitea.yaml b/apps/gitea.yaml index 7f4f972..0533589 100644 --- a/apps/gitea.yaml +++ b/apps/gitea.yaml @@ -56,7 +56,7 @@ spec: cpu: "250m" limits: memory: "1000Mi" - cpu: "500m" + cpu: "1500m" volumes: - name: gitea persistentVolumeClaim: diff --git a/apps/pihole-deployment.yaml b/apps/pihole-deployment.yaml index 99c5376..4f95149 100644 --- a/apps/pihole-deployment.yaml +++ b/apps/pihole-deployment.yaml @@ -46,7 +46,7 @@ spec: value: 208.67.222.222 - name: DNS2 value: 208.67.220.220 - image: pihole/pihole:v5.1.2 + image: pihole/pihole:latest imagePullPolicy: Always livenessProbe: failureThreshold: 10 diff --git a/apps/smarthome/home-assistant.yaml b/apps/smarthome/home-assistant.yaml index 22be287..721359c 100644 --- a/apps/smarthome/home-assistant.yaml +++ b/apps/smarthome/home-assistant.yaml @@ -20,6 +20,7 @@ spec: containers: - name: hassio image: "homeassistant/home-assistant:latest" + #image: "homeassistant/aarch64-hassio-supervisor:latest" imagePullPolicy: Always env: - name: TZ @@ -46,10 +47,25 @@ spec: # limits: # memory: "1000Mi" # cpu: "500m" + - name: configurator + image: "causticlab/hass-configurator-docker:arm" + imagePullPolicy: Always + ports: + - name: adm + containerPort: 3218 + protocol: TCP + volumeMounts: + - name: hassio-storage + mountPath: /hass-config + - name: hassio-conf-storage + mountPath: /config volumes: - name: hassio-storage persistentVolumeClaim: claimName: hassio-storage + - name: hassio-conf-storage + persistentVolumeClaim: + claimName: hassio-configurator --- apiVersion: v1 kind: PersistentVolumeClaim @@ -66,6 +82,20 @@ spec: storage: 20Mi --- apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: hassio-configurator + labels: + app: hassio +spec: + storageClassName: nfs-ssd + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Mi +--- +apiVersion: v1 kind: Service metadata: name: hassio @@ -82,6 +112,23 @@ spec: app: hassio release: latest --- +apiVersion: v1 +kind: Service +metadata: + name: hassio-conf + labels: + app: hassio + release: latest +spec: + ports: + - port: 80 + targetPort: adm + protocol: TCP + name: adm + selector: + app: hassio + release: latest +--- apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: @@ -93,4 +140,10 @@ spec: paths: - backend: serviceName: hassio - servicePort: http \ No newline at end of file + servicePort: http + - host: hassio-conf.lan + http: + paths: + - backend: + serviceName: hassio-conf + servicePort: adm \ No newline at end of file diff --git a/apps/tekton/dashboard b/apps/tekton/dashboard new file mode 160000 index 0000000..69b9ff6 --- /dev/null +++ b/apps/tekton/dashboard @@ -0,0 +1 @@ +Subproject commit 69b9ff64ca52f508fe7287f906e9dd12330e37db diff --git a/apps/tekton/task-hello-world.yaml b/apps/tekton/task-hello-world.yaml new file mode 100644 index 0000000..0e6a70c --- /dev/null +++ b/apps/tekton/task-hello-world.yaml @@ -0,0 +1,12 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: hello +spec: + steps: + - name: hello + image: debian + command: + - echo + args: + - "Hello World!" diff --git a/apps/tekton/tekton-dashboard-release.yaml b/apps/tekton/tekton-dashboard-release.yaml new file mode 100644 index 0000000..e284c96 --- /dev/null +++ b/apps/tekton/tekton-dashboard-release.yaml @@ -0,0 +1,515 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: extensions.dashboard.tekton.dev +spec: + additionalPrinterColumns: + - JSONPath: .spec.apiVersion + name: API version + type: string + - JSONPath: .spec.name + name: Kind + type: string + - JSONPath: .spec.displayname + name: Display name + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: dashboard.tekton.dev + names: + categories: + - tekton + - tekton-dashboard + kind: Extension + plural: extensions + shortNames: + - ext + - exts + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + versions: + - name: v1alpha1 + served: true + storage: true +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-backend +rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - tekton.dev + resources: + - clustertasks + - clustertasks/status + verbs: + - get + - list + - watch + - apiGroups: + - triggers.tekton.dev + resources: + - clustertriggerbindings + verbs: + - get + - list + - watch + - apiGroups: + - dashboard.tekton.dev + resources: + - extensions + verbs: + - create + - update + - delete + - patch + - apiGroups: + - tekton.dev + resources: + - clustertasks + - clustertasks/status + verbs: + - create + - update + - delete + - patch + - apiGroups: + - triggers.tekton.dev + resources: + - clustertriggerbindings + verbs: + - create + - update + - delete + - patch + - add +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-dashboard +rules: + - apiGroups: + - apps + resources: + - deployments + verbs: + - list +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.dashboard.tekton.dev/aggregate-to-dashboard: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-extensions +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-pipelines +rules: + - apiGroups: + - apps + resources: + - deployments + verbs: + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-tenant +rules: + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - dashboard.tekton.dev + resources: + - extensions + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + - pods/log + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - pipelineresources + - conditions + - tasks/status + - taskruns/status + - pipelines/status + - pipelineruns/status + - taskruns/finalizers + - pipelineruns/finalizers + verbs: + - get + - list + - watch + - apiGroups: + - triggers.tekton.dev + resources: + - eventlisteners + - triggerbindings + - triggertemplates + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - update + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - pipelineresources + - conditions + - taskruns/finalizers + - pipelineruns/finalizers + - tasks/status + - taskruns/status + - pipelines/status + - pipelineruns/status + verbs: + - create + - update + - delete + - patch + - apiGroups: + - triggers.tekton.dev + resources: + - eventlisteners + - triggerbindings + - triggertemplates + verbs: + - create + - update + - delete + - patch + - add +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-triggers +rules: + - apiGroups: + - apps + resources: + - deployments + verbs: + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-backend +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-dashboard-backend +subjects: + - kind: ServiceAccount + name: tekton-dashboard + namespace: tekton-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: tekton-dashboard + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/name: dashboard + app.kubernetes.io/part-of: tekton-dashboard + app.kubernetes.io/version: v0.11.1 + dashboard.tekton.dev/release: v0.11.1 + version: v0.11.1 + name: tekton-dashboard + namespace: tekton-pipelines +spec: + ports: + - name: http + port: 9097 + protocol: TCP + targetPort: 9097 + selector: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/name: dashboard + app.kubernetes.io/part-of: tekton-dashboard +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: tekton-dashboard + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/name: dashboard + app.kubernetes.io/part-of: tekton-dashboard + app.kubernetes.io/version: v0.11.1 + dashboard.tekton.dev/release: v0.11.1 + version: v0.11.1 + name: tekton-dashboard + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/name: dashboard + app.kubernetes.io/part-of: tekton-dashboard + template: + metadata: + labels: + app: tekton-dashboard + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/name: dashboard + app.kubernetes.io/part-of: tekton-dashboard + app.kubernetes.io/version: v0.11.1 + name: tekton-dashboard + spec: + containers: + - args: + - --port=9097 + - --logout-url= + - --pipelines-namespace=tekton-pipelines + - --triggers-namespace=tekton-pipelines + - --read-only=false + - --csrf-secure-cookie=false + - --log-level=info + - --log-format=json + - --namespace= + - --openshift=false + - --stream-logs=false + - --external-logs= + env: + - name: INSTALLED_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + #image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard@sha256:744eb92d7d0365bbfb2405df4ba4d2a66c01edc26028c362bd5675e2bc1b9626 + image: docker-registry.lan/tekton-dashboard:arm64 + livenessProbe: + httpGet: + path: /health + port: 9097 + name: tekton-dashboard + ports: + - containerPort: 9097 + readinessProbe: + httpGet: + path: /readiness + port: 9097 + securityContext: + runAsNonRoot: true + runAsUser: 65532 + serviceAccountName: tekton-dashboard + volumes: [] + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-pipelines + namespace: tekton-pipelines +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-dashboard-pipelines +subjects: + - kind: ServiceAccount + name: tekton-dashboard + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-dashboard + namespace: tekton-pipelines +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-dashboard-dashboard +subjects: + - kind: ServiceAccount + name: tekton-dashboard + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-triggers + namespace: tekton-pipelines +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-dashboard-triggers +subjects: + - kind: ServiceAccount + name: tekton-dashboard + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-tenant +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-dashboard-tenant +subjects: + - kind: ServiceAccount + name: tekton-dashboard + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: dashboard + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-dashboard + name: tekton-dashboard-extensions +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-dashboard-extensions +subjects: + - kind: ServiceAccount + name: tekton-dashboard + namespace: tekton-pipelines +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: tekton-dashboard +spec: + rules: + - host: tekton.lan + http: + paths: + - backend: + serviceName: http + servicePort: 9097