building an debian-stable image

_CI-CD/debian-stable/Dockerfile

@@ -0,0 +1,9 @@
+FROM debian:stable-slim
+
+RUN sed -i 's@deb.debian.org@apt-cache.lan/deb.debian.org@g' /etc/apt/sources.list && \
+	sed -i 's@security.debian.org@apt-cache.lan/security.debian.org@g' /etc/apt/sources.list && \
+	apt-get update && apt-get install -y \
+	dig procps nmap bash iputils-ping && \
+	apt-get clean -y && \ 
+	rm -rf /var/lib/apt/lists/* && \
+	rm -rf /var/cache/apt/*

_CI-CD/debian-stable/tekton-debian-stable.yaml

@@ -0,0 +1,84 @@
+apiVersion: tekton.dev/v1alpha1
+kind: PipelineResource
+metadata:
+  name: chaos-kubernetes-git
+spec:
+  type: git
+  params:
+    - name: revision
+      value: master
+    - name: url
+      value: http://git-ui.lan/chaos/kubernetes.git
+    - name: submodules
+      value: "false"
+---
+apiVersion: tekton.dev/v1alpha1
+kind: PipelineResource
+metadata:
+  name: img-debian-stable
+spec:
+  type: image
+  params:
+    - name: url
+      value: cr.lan/debian-stable
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: build-debian-stable
+spec:
+  params:
+    - name: pathToContainerFile
+      type: string
+      default: $(resources.inputs.source.path)/_CI-CD/debian-stable/Dockerfile
+    - name: pathToContext
+      type: string
+      default: $(resources.inputs.source.path)/_CI-CD/debian-stable
+  resources:
+    inputs:
+      - name: source
+        type: git
+    outputs:
+      - name: builtImage
+        type: image
+  steps:
+    - name: build-and-push
+      image: gcr.io/kaniko-project/executor:arm64
+      command:
+        - /kaniko/executor
+      args:
+        - --dockerfile=$(params.pathToContainerFile)
+        - --destination=$(resources.outputs.builtImage.url)
+        - --context=$(params.pathToContext)
+        - --skip-tls-verify
+  #workspaces:
+  #  - name: workspace
+  #    mountPath: /workspace
+---
+apiVersion: tekton.dev/v1beta1
+kind: TaskRun
+metadata:
+  name: img-debian-stable
+spec:
+  taskRef:
+    name: build-debian-stable
+  params:
+    - name: pathToContainerFile
+      value: Dockerfile
+  resources:
+    inputs:
+      - name: source
+        resourceRef:
+          name: chaos-kubernetes-git
+    outputs:
+      - name: builtImage
+        resourceRef:
+          name: img-debian-stable
+#  workspaces:
+#  - name: workspace
+#    persistentVolumeClaim:
+#      claimName: tektoncd-workspaces
+#    subPath: workspaces
+          
+          
+          

_sys/descheduler-cronjob.yaml

@@ -5,7 +5,7 @@ metadata:
   name: descheduler-cronjob
   namespace: kube-system
 spec:
-  schedule: "*/2 * * * *"
+  schedule: "40 */1 * * *"
   concurrencyPolicy: "Forbid"
   jobTemplate:
     spec:

apps/distcc/distcc-deployment.yaml

@@ -5,9 +5,8 @@ metadata:
     app: distcc
     release: stable
   name: distcc
-  namespace: default
 spec:
-  replicas: 5
+  replicas: 4
   selector:
     matchLabels:
       app: distcc
@@ -21,7 +20,7 @@ spec:
     spec:
       containers:
       - name: distcc
-        image: cr.lan/distcc:aarch64
+        image: cr.lan/distcc
         imagePullPolicy: Always
 #env:
 #- name: OPTIONS
@@ -35,10 +34,10 @@ spec:
           protocol: TCP
         resources:
           limits:
-            cpu: 1
+            cpu: 4
             memory: 128Mi
           requests:
-            cpu: 1
+            cpu: 50m
             memory: 64Mi
       dnsPolicy: ClusterFirst
       restartPolicy: Always
@@ -55,26 +54,25 @@ spec:
                 values:
                 - distcc
             topologyKey: kubernetes.io/hostname
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: distcc
-    release: stable
-  namespace: default
-  name: distcc
-spec:
-  externalTrafficPolicy: Cluster
-  ports:
-  - name: distcc-data
-    port: 3632
-    targetPort: 3632
-    protocol: TCP
-  - name: distcc-stats
-    port: 3633
-    targetPort: 3633
-    protocol: TCP
-  selector:
-    app: distcc
-  type: LoadBalancer
+#---
+#apiVersion: v1
+#kind: Service
+#metadata:
+#  labels:
+#    app: distcc
+#    release: stable
+#  name: distcc
+#spec:
+#  externalTrafficPolicy: Cluster
+#  ports:
+#  - name: distcc-data
+#    port: 3632
+#    targetPort: 3632
+#    protocol: TCP
+#  - name: distcc-stats
+#    port: 3633
+#    targetPort: 3633
+#    protocol: TCP
+#  selector:
+#    app: distcc
+#  type: LoadBalancer

apps/gitea.yaml

@@ -32,6 +32,16 @@ spec:
               value: "1000"
             - name: TZ
               value: "Europe/Berlin"
+            - name: DB_TYPE
+              value: postgres
+            - name: DB_HOST
+              value: postgres.live-env.svc.cluster.local:5432
+            - name: DB_NAME
+              value: gitea
+            - name: DB_USER
+              value: gitea
+            - name: DB_PASSWD
+              value: giteaEu94XSS4gKpheSBoMsIs
           volumeMounts:
             - name: gitea
               mountPath: /data
@@ -84,6 +94,7 @@ metadata:
     app: gitea
 spec:
   type: LoadBalancer
+  loadBalancerIP: 172.23.255.2
   ports:
     - port: 3000
       targetPort: http

apps/mariadb/mariadb-deployment.yaml

@@ -98,4 +98,4 @@ spec:
   claimRef:
     kind: PersistentVolumeClaim
     name: mariadb-data
-    namespace: default
+    namspace: live-env

apps/mariadb/mariadb/Dockerfile

@@ -6,6 +6,8 @@ RUN groupadd -r mysql && useradd -r -g mysql mysql
 
 # https://bugs.debian.org/830696 (apt uses gpgv by default in newer releases, rather than gpg)
 RUN set -ex; \
+	sed -i 's@deb.debian.org@apt-cache.lan/deb.debian.org@g' /etc/apt/sources.list; \
+	sed -i 's@security.debian.org@apt-cache.lan/security.debian.org@g' /etc/apt/sources.list; \
 	apt-get update; \
 	if ! which gpg; then \
 		apt-get install -y --no-install-recommends gnupg; \
@@ -93,6 +95,7 @@ RUN set -ex; \
 		| xargs -rt -0 sed -Ei 's/^(bind-address|log)/#&/'; \
 # don't reverse lookup hostnames, they are usually another container
 	echo '[mysqld]\nskip-host-cache\nskip-name-resolve' > /etc/mysql/conf.d/docker.cnf; \
+	mkdir -p /run/mysqld; \
 	apt-get clean -y;
 	
 VOLUME /var/lib/mysql

apps/mosquitto/deployment.yaml

@@ -6,7 +6,6 @@ metadata:
     app: mosquitto
     release: mqtt
   name: mqtt-mosquitto
-  namespace: default
 spec:
   replicas: 1
   selector:
@@ -63,7 +62,7 @@ spec:
           name: mosquitto-data
           subPath: mosquitto/data
       - name: mosquitto-exporter
-        image: cr.lan/mosquitto-exporter
+        image: cr.lan/mosquitto-exporter:arm64
         imagePullPolicy: Always
         ports:
         - containerPort: 9234
@@ -96,7 +95,6 @@ metadata:
     labels:
         app: mosquitto
         release: mqtt
-    namespace: default
     name: mqtt-mosquitto
 spec:
     externalTrafficPolicy: Cluster
@@ -121,7 +119,6 @@ metadata:
     app: mosquitto
     release: mqtt
   name: mqtt-mosquitto
-  namespace: default
 spec:
   accessModes:
   - ReadWriteOnce
@@ -135,7 +132,6 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
     name: mqtt-mosquitto
-    namespace: default
     labels:
       app: mosquitto
       release: mqtt

apps/mosquitto/tekton-image-build-prometheus-exporter.yaml

@@ -45,12 +45,13 @@ spec:
       script: |
         #!/usr/bin/env bash
         cd $(resources.inputs.source.path)
+        ls -al
         export GOARCH=arm64 
         export GOPATH=/usr/src/gopath
         export GOCACHE=/usr/src/gocache
         go env
-        go get
-        make -j4 build CGO_ENABLED=1
+        go get github.com/sapcc/mosquitto-exporter
+        make -j4 build CGO_ENABLED=0
     - name: build-and-push
       image: gcr.io/kaniko-project/executor:arm64
       command:

apps/pihole-deployment.yaml

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: pihole-password
-  namespace: default
+  namespace: live-env 
 type: Opaque
 data:
   password: YWRtaW4yMDIw
@@ -172,7 +172,7 @@ metadata:
   labels:
     app: pihole
   name: pihole-tcp
-  namespace: default
+  namespace: live-env 
 spec:
   type: LoadBalancer
   loadBalancerIP: 172.23.255.253
@@ -204,7 +204,7 @@ metadata:
   labels:
     app: pihole
   name: pihole-udp
-  namespace: default
+  namespace: live-env 
 spec:
   type: LoadBalancer
   loadBalancerIP: 172.23.255.253

apps/postgresql/postgresql-deploy.yaml

@@ -40,7 +40,7 @@ spec:
       volumes:
       - name: postgres-disk
         persistentVolumeClaim:
-          claimName: postgres
+          claimName: postgres-data
 #  volumeClaimTemplates:
 #  - metadata:
 #      name: postgres-disk
@@ -54,17 +54,37 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: postgres
+  name: postgres-data
   labels:
     app: postgres
 spec:
   storageClassName: nfs-ssd
+  volumeName: postgres-data
   accessModes:
   - ReadWriteOnce
   resources:
     requests:
-      storage: 20Mi
-# service.yml
+      storage: 40Gi
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: postgres-data 
+spec:
+  storageClassName: "nfs-ssd"
+  nfs:
+    path: /data/raid1-ssd/k8s-data/postgres-data
+    server: ebin01
+  capacity:
+    storage: 40Gi
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  persistentVolumeReclaimPolicy: Retain
+  claimRef:
+    kind: PersistentVolumeClaim
+    name: postgres-data
+    namespace: live-env
 ---
 apiVersion: v1
 kind: Service
@@ -77,6 +97,7 @@ spec:
   selector:
     env: live
   type: LoadBalancer
+  loadBalancerIP: 172.23.255.4
   ports:
   - port: 5432
     targetPort: 5432