more freakin refactoring

.gitmodules

@@ -25,9 +25,6 @@
 [submodule "docker-apt-cacher-ng"]
 	path = docker-apt-cacher-ng
 	url = https://github.com/sameersbn/docker-apt-cacher-ng.git
-[submodule "kube-router"]
-	path = kube-router
-	url = https://github.com/cloudnativelabs/kube-router.git
 [submodule "mosquitto/charts"]
 	path = mosquitto/charts
 	url = https://github.com/smizy/charts.git

_sys/kube-router-accounts.yaml

@@ -0,0 +1,53 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kube-router
+  namespace: kube-system
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: kube-router
+rules:
+  - apiGroups:
+    - ""
+    resources:
+      - namespaces
+      - pods
+      - services
+      - nodes
+      - endpoints
+    verbs:
+      - list
+      - get
+      - watch
+  - apiGroups:
+    - "networking.k8s.io"
+    resources:
+      - networkpolicies
+    verbs:
+      - list
+      - get
+      - watch
+  - apiGroups:
+    - extensions
+    resources:
+      - networkpolicies
+    verbs:
+      - get
+      - list
+      - watch
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: kube-router
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kube-router
+subjects:
+- kind: ServiceAccount
+  name: kube-router
+  namespace: kube-system

_sys/kube-router-all-service-daemonset.yaml

@@ -0,0 +1,130 @@
+#https://gist.github.com/jjo/8c616aaf795284bb5b85d02143745f63
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kube-router-cfg
+  namespace: kube-system
+  labels:
+    tier: node
+    k8s-app: kube-router
+data:
+  cni-conf.json: |
+    {
+       "cniVersion":"0.3.0",
+       "name":"mynet",
+       "plugins":[
+          {
+             "name":"kubernetes",
+             "type":"bridge",
+             "bridge":"kube-bridge",
+             "isDefaultGateway":true,
+             "ipam":{
+                "type":"host-local"
+             }
+          }
+       ]
+    }
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: kube-router
+  namespace: kube-system
+  labels:
+    k8s-app: kube-router
+spec:
+  selector:
+    matchLabels:
+      k8s-app: kube-router
+  template:
+    metadata:
+      labels:
+        k8s-app: kube-router
+    spec:
+      priorityClassName: system-node-critical
+      containers:
+      - name: kube-router
+        image: docker.io/cloudnativelabs/kube-router:v1.0.1
+        args:
+          - "--run-router=true"
+          - "--run-firewall=true"
+          - "--run-service-proxy=true"
+          - "--bgp-graceful-restart=true"
+          - "--kubeconfig=/var/lib/kube-router/kubeconfig"
+        securityContext:
+          privileged: true
+        imagePullPolicy: Always
+        env:
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        - name: KUBE_ROUTER_CNI_CONF_FILE
+          value: /etc/cni/net.d/10-kuberouter.conflist
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 20244
+          initialDelaySeconds: 10
+          periodSeconds: 3
+        volumeMounts:
+        - name: lib-modules
+          mountPath: /lib/modules
+          readOnly: true
+        - name: cni-conf-dir
+          mountPath: /etc/cni/net.d
+        - name: kubeconfig
+          mountPath: /var/lib/kube-router/kubeconfig
+          readOnly: true
+        - name: xtables-lock
+          mountPath: /run/xtables.lock
+          readOnly: false
+      initContainers:
+      - name: install-cni
+        image: docker.io/cloudnativelabs/kube-router:v1.0.1
+        imagePullPolicy: Always
+        command:
+        - /bin/sh
+        - -c
+        - set -e -x;
+          if [ ! -f /etc/cni/net.d/10-kuberouter.conflist ]; then
+            if [ -f /etc/cni/net.d/*.conf ]; then
+              rm -f /etc/cni/net.d/*.conf;
+            fi;
+            TMP=/etc/cni/net.d/.tmp-kuberouter-cfg;
+            cp /etc/kube-router/cni-conf.json ${TMP};
+            mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist;
+          fi
+        volumeMounts:
+        - name: cni-conf-dir
+          mountPath: /etc/cni/net.d
+        - name: kube-router-cfg
+          mountPath: /etc/kube-router
+      hostNetwork: true
+      serviceAccountName: kube-router
+      serviceAccount: kube-router
+      tolerations:
+      - effect: NoSchedule
+        operator: Exists
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - effect: NoExecute
+        operator: Exists
+      volumes:
+      - name: lib-modules
+        hostPath:
+          path: /lib/modules
+      - name: cni-conf-dir
+        hostPath:
+          path: /etc/cni/net.d
+      - name: kube-router-cfg
+        configMap:
+          name: kube-router-cfg
+      - name: kubeconfig
+        hostPath:
+          path: /var/lib/kube-router/kubeconfig
+      - name: xtables-lock
+        hostPath:
+          path: /run/xtables.lock
+          type: FileOrCreate
+

apps/docker-registry/registry-deployment.yaml

@@ -122,11 +122,11 @@ kind: Ingress
 metadata:
     name: docker-registry
     namespace: docker-registry
-    annotations:
+    #annotations:
-      nginx.ingress.kubernetes.io/proxy‑connect‑timeout: 30
+    #  nginx.ingress.kubernetes.io/proxy‑connect‑timeout: 30
-      nginx.ingress.kubernetes.io/proxy‑read‑timeout: 1800
+    #  nginx.ingress.kubernetes.io/proxy‑read‑timeout: 1800
-      nginx.ingress.kubernetes.io/proxy‑send‑timeout: 1800
+    #  nginx.ingress.kubernetes.io/proxy‑send‑timeout: 1800
-      nginx.ingress.kubernetes.io/proxy-body-size: 0 
+    #  nginx.ingress.kubernetes.io/proxy-body-size: '5g' 
 spec:
     rules:
     - host: docker-registry.lan

apps/mariadb/mariadb-deployment.yaml

@@ -57,11 +57,11 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: mariadb-pv-claim
-  annotations:
+  #annotations:
-        volume.beta.kubernetes.io/storage-provisioner: "nfs-storage"
+  #      volume.beta.kubernetes.io/storage-provisioner: "nfs-storage"
-        volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
+  #      volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
 spec:
-  storageClassName: "fast"
+  storageClassName: csi-s3-slow 
   accessModes:
     - ReadWriteOnce
   resources:

apps/mosquitto/deployment.yaml

@@ -113,8 +113,8 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  annotations:
+    #annotations:
-    volume.beta.kubernetes.io/storage-provisioner: nfs-storage
+    #  volume.beta.kubernetes.io/storage-provisioner: nfs-storage
   labels:
     app: mosquitto
     release: mqtt
@@ -126,7 +126,7 @@ spec:
   resources:
     requests:
       storage: 2Gi
-  storageClassName: managed-nfs-storage
+  storageClassName: csi-s3-slow 
   volumeMode: Filesystem
 ---
 apiVersion: v1
@@ -140,7 +140,8 @@ metadata:
 data:
   mosquitto.conf: |-
     log_dest none
+    user root
     port 1883
-    persistence false 
+    persistence true 
     persistence_location /mosquitto/data/
 

apps/pihole-deployment.yaml

@@ -46,7 +46,7 @@ spec:
           value: 208.67.222.222
         - name: DNS2
           value: 208.67.220.220
-        image: pihole/pihole:v5.1.1
+        image: pihole/pihole:latest
         imagePullPolicy: Always
         livenessProbe:
           failureThreshold: 10
@@ -107,8 +107,8 @@ spec:
           subPath: addn-hosts
       dnsConfig:
         nameservers:
-        - 127.0.0.1
+        - 208.67.222.222 
-        - 192.168.10.1
+        - 208.67.220.220
       dnsPolicy: None
       restartPolicy: Always
       schedulerName: default-scheduler
@@ -144,10 +144,11 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: pihole-data 
-  #annotations:
+  annotations:
-  #  volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
+    volume.beta.kubernetes.io/storage-class: "managed-nfs-storage"
 spec:
-  storageClassName: csi-s3-slow
+    #storageClassName: csi-s3-slow
+  storageClassName: managed-nfs-storage
   accessModes:
   - ReadWriteOnce
   resources:

csi-s3/storage-csi-s3/cmd/s3driver/Dockerfile

@@ -2,7 +2,7 @@ FROM debian:buster-slim
 LABEL maintainers="Cyrill Troxler <cyrilltroxler@gmail.com>"
 LABEL description="csi-s3 slim image"
 
-RUN echo 'Acquire::http::proxy "http://172.23.255.1:3142";' >/etc/apt/apt.conf.d/proxy
+#RUN echo 'Acquire::http::proxy "http://172.23.255.1:3142";' >/etc/apt/apt.conf.d/proxy
 # s3fs and some other dependencies
 RUN apt-get update && \
   apt-get install -y \
@@ -10,5 +10,5 @@ RUN apt-get update && \
   apt-get clean -y && \
   rm -rf /var/lib/apt/lists/*
 
-COPY ./_output/s3driver /s3driver
+COPY ./s3driver /s3driver
 ENTRYPOINT ["/s3driver"]

csi-s3/storage-csi-s3/cmd/s3driver/Dockerfile.full

@@ -1,7 +1,7 @@
 FROM debian:buster-slim as s3backer
 ARG S3BACKER_VERSION=1.5.4
 
-RUN echo 'Acquire::http::proxy "http://172.23.255.1:3142";' >/etc/apt/apt.conf.d/proxy
+#RUN echo 'Acquire::http::proxy "http://172.23.255.1:3142";' >/etc/apt/apt.conf.d/proxy
 RUN apt-get update && apt-get install -y \
   build-essential \
   autoconf \

csi-s3/storage-csi-s3/deploy/kubernetes/csi-s3.yaml

@@ -94,6 +94,7 @@ spec:
                 fieldRef:
                   fieldPath: spec.nodeName
           imagePullPolicy: "Always"
+          #imagePullPolicy: "IfNotPresent"
           volumeMounts:
             - name: plugin-dir
               mountPath: /csi

csi-s3/storage-csi-s3/deploy/kubernetes/provisioner.yaml

@@ -79,7 +79,7 @@ spec:
           env:
             - name: ADDRESS
               value: /var/lib/kubelet/plugins/ch.ctrox.csi.s3-driver/csi.sock
-          imagePullPolicy: "IfNotPresent"
+          imagePullPolicy: "Always"
           volumeMounts:
             - name: socket-dir
               mountPath: /var/lib/kubelet/plugins/ch.ctrox.csi.s3-driver

dashboard-adminuser-serviceaccount.yaml

@@ -1,5 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: admin-user
-  namespace: kubernetes-dashboard

dashboard-adminuser.yaml

@@ -10,3 +10,9 @@ subjects:
 - kind: ServiceAccount
   name: admin-user
   namespace: kubernetes-dashboard
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: admin-user
+  namespace: kubernetes-dashboard