diff --git a/README.md b/README.md
index 289936a..5d1dd05 100644
--- a/README.md
+++ b/README.md
@@ -18,3 +18,7 @@
| Radarr | Movie collection manager | Private | Plato |
? |
| Jackett | Torrent indexer | Private | Plato | ? |
| Deluge | Torrent client | Private | Plato | ? |
+
+## Notes
+Add node to the list of available load balancer
+`kubectl label node svccontroller.k3s.cattle.io/enablelb=true`
diff --git a/adguard/deployment.yaml b/adguard/deployment.yaml
new file mode 100644
index 0000000..5a6e8bc
--- /dev/null
+++ b/adguard/deployment.yaml
@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: adguard
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: adguard
+ template:
+ metadata:
+ labels:
+ app: adguard
+ spec:
+ containers:
+ - name: adguard
+ image: adguard/adguardhome
+ ports:
+ - containerPort: 53
+ protocol: UDP
+ - containerPort: 53
+ protocol: TCP
+ - containerPort: 3000
+ protocol: TCP
diff --git a/adguard/ingress.yaml b/adguard/ingress.yaml
new file mode 100644
index 0000000..e8fef29
--- /dev/null
+++ b/adguard/ingress.yaml
@@ -0,0 +1,38 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: stripprefix-adguard
+spec:
+ stripPrefix:
+ prefixes:
+ - /
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: adguard-ingress
+ annotations:
+ kubernetes.io/ingress.class: "traefik"
+ traefik.ingress.kubernetes.io/router.middlewares: "default-stripprefix-adguard@kubernetescrd"
+spec:
+ rules:
+ - host: adguard.localhost
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: adguard-svc
+ port:
+ number: 80
+ - http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: adguard-dns
+ port:
+ number: 53
diff --git a/adguard/service.yaml b/adguard/service.yaml
new file mode 100644
index 0000000..7a0539a
--- /dev/null
+++ b/adguard/service.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: adguard-svc
+spec:
+ ports:
+ - name: http
+ protocol: TCP
+ port: 80
+ targetPort: 3000
+ - name: dns
+ protocol: UDP
+ port: 53
+ selector:
+ app: adguard
+ externalIPs:
+ # Node's physical IP / Internet accessible IP / Wireguard accessible IP
+ - 192.168.43.161
diff --git a/certificate.yaml b/certificate.yaml
deleted file mode 100644
index cfb3585..0000000
--- a/certificate.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: kubernetes-dashboard
- namespace: kubernetes-dashboard
-spec:
- secretName: certificate-test-dashboard
- dnsNames:
- - test-cluser-dashboard.localhost
- issuerRef:
- name: clusterissuer-le
- kind: ClusterIssuer
-
diff --git a/dashboard.admin-user-role.yaml b/dashboard.admin-user-role.yaml
deleted file mode 100644
index d2f7e37..0000000
--- a/dashboard.admin-user-role.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: admin-user
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
-subjects:
- - kind: ServiceAccount
- name: admin-user
- namespace: kubernetes-dashboard
diff --git a/dashboard.admin-user.yaml b/dashboard.admin-user.yaml
deleted file mode 100644
index 8372765..0000000
--- a/dashboard.admin-user.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: admin-user
- namespace: kubernetes-dashboard
diff --git a/dashboard/app.yaml b/dashboard/app.yaml
new file mode 100644
index 0000000..96dc144
--- /dev/null
+++ b/dashboard/app.yaml
@@ -0,0 +1,288 @@
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: kubernetes-dashboard
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ k8s-app: kubernetes-dashboard
+ name: kubernetes-dashboard
+ namespace: kubernetes-dashboard
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+ labels:
+ k8s-app: kubernetes-dashboard
+ name: kubernetes-dashboard
+ namespace: kubernetes-dashboard
+spec:
+ ports:
+ - port: 80
+ targetPort: 9090
+ selector:
+ k8s-app: kubernetes-dashboard
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ labels:
+ k8s-app: kubernetes-dashboard
+ name: kubernetes-dashboard-csrf
+ namespace: kubernetes-dashboard
+type: Opaque
+data:
+ csrf: ""
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ labels:
+ k8s-app: kubernetes-dashboard
+ name: kubernetes-dashboard-key-holder
+ namespace: kubernetes-dashboard
+type: Opaque
+
+---
+
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ labels:
+ k8s-app: kubernetes-dashboard
+ name: kubernetes-dashboard-settings
+ namespace: kubernetes-dashboard
+
+---
+
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ labels:
+ k8s-app: kubernetes-dashboard
+ name: kubernetes-dashboard
+ namespace: kubernetes-dashboard
+rules:
+ # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
+ - apiGroups: [""]
+ resources: ["secrets"]
+ resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
+ verbs: ["get", "update", "delete"]
+ # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ resourceNames: ["kubernetes-dashboard-settings"]
+ verbs: ["get", "update"]
+ # Allow Dashboard to get metrics.
+ - apiGroups: [""]
+ resources: ["services"]
+ resourceNames: ["heapster", "dashboard-metrics-scraper"]
+ verbs: ["proxy"]
+ - apiGroups: [""]
+ resources: ["services/proxy"]
+ resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
+ verbs: ["get"]
+
+---
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ labels:
+ k8s-app: kubernetes-dashboard
+ name: kubernetes-dashboard
+rules:
+ # Allow Metrics Scraper to get metrics from the Metrics server
+ - apiGroups: ["metrics.k8s.io"]
+ resources: ["pods", "nodes"]
+ verbs: ["get", "list", "watch"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ k8s-app: kubernetes-dashboard
+ name: kubernetes-dashboard
+ namespace: kubernetes-dashboard
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: kubernetes-dashboard
+subjects:
+ - kind: ServiceAccount
+ name: kubernetes-dashboard
+ namespace: kubernetes-dashboard
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: kubernetes-dashboard
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: kubernetes-dashboard
+subjects:
+ - kind: ServiceAccount
+ name: kubernetes-dashboard
+ namespace: kubernetes-dashboard
+
+---
+
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ k8s-app: kubernetes-dashboard
+ name: kubernetes-dashboard
+ namespace: kubernetes-dashboard
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ k8s-app: kubernetes-dashboard
+ template:
+ metadata:
+ labels:
+ k8s-app: kubernetes-dashboard
+ spec:
+ securityContext:
+ seccompProfile:
+ type: RuntimeDefault
+ containers:
+ - name: kubernetes-dashboard
+ image: kubernetesui/dashboard:v2.5.1
+ ports:
+ - containerPort: 9090
+ protocol: TCP
+ args:
+ - --namespace=kubernetes-dashboard
+ - --enable-insecure-login
+ # Uncomment the following line to manually specify Kubernetes API server Host
+ # If not specified, Dashboard will attempt to auto discover the API server and connect
+ # to it. Uncomment only if the default does not work.
+ # - --apiserver-host=http://my-address:port
+ volumeMounts:
+ # Create on-disk volume to store exec logs
+ - mountPath: /tmp
+ name: tmp-volume
+ livenessProbe:
+ httpGet:
+ path: /
+ port: 9090
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsUser: 1001
+ runAsGroup: 2001
+ volumes:
+ - name: tmp-volume
+ emptyDir: {}
+ serviceAccountName: kubernetes-dashboard
+ nodeSelector:
+ "kubernetes.io/os": linux
+ # Comment the following tolerations if Dashboard must not be deployed on master
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ effect: NoSchedule
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+ labels:
+ k8s-app: dashboard-metrics-scraper
+ name: dashboard-metrics-scraper
+ namespace: kubernetes-dashboard
+spec:
+ ports:
+ - port: 8000
+ targetPort: 8000
+ selector:
+ k8s-app: dashboard-metrics-scraper
+
+---
+
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ labels:
+ k8s-app: dashboard-metrics-scraper
+ name: dashboard-metrics-scraper
+ namespace: kubernetes-dashboard
+spec:
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ k8s-app: dashboard-metrics-scraper
+ template:
+ metadata:
+ labels:
+ k8s-app: dashboard-metrics-scraper
+ spec:
+ securityContext:
+ seccompProfile:
+ type: RuntimeDefault
+ containers:
+ - name: dashboard-metrics-scraper
+ image: kubernetesui/metrics-scraper:v1.0.7
+ ports:
+ - containerPort: 8000
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ scheme: HTTP
+ path: /
+ port: 8000
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
+ volumeMounts:
+ - mountPath: /tmp
+ name: tmp-volume
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsUser: 1001
+ runAsGroup: 2001
+ serviceAccountName: kubernetes-dashboard
+ nodeSelector:
+ "kubernetes.io/os": linux
+ # Comment the following tolerations if Dashboard must not be deployed on master
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ effect: NoSchedule
+ volumes:
+ - name: tmp-volume
+ emptyDir: {}
diff --git a/dashboard/cluster-role-binding.yaml b/dashboard/cluster-role-binding.yaml
new file mode 100644
index 0000000..6db3be5
--- /dev/null
+++ b/dashboard/cluster-role-binding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: admin-user
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+- kind: ServiceAccount
+ name: admin-user
+ namespace: kubernetes-dashboard
diff --git a/dashboard/ingress.yaml b/dashboard/ingress.yaml
new file mode 100644
index 0000000..34967e5
--- /dev/null
+++ b/dashboard/ingress.yaml
@@ -0,0 +1,32 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: stripprefix
+ annotations:
+ kubernetes.io/ingress.class: "traefik"
+spec:
+ stripPrefix:
+ prefixes:
+ - /dashboard
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: kubernetes-dashboard-ingress
+ namespace: kubernetes-dashboard
+ annotations:
+ kubernetes.io/ingress.class: "traefik"
+ "traefik.ingress.kubernetes.io/router.middlewares": default-stripprefix@kubernetescrd
+spec:
+ rules:
+ - host: dashboard.localhost
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: kubernetes-dashboard
+ port:
+ number: 80
diff --git a/dashboard/service-account.yaml b/dashboard/service-account.yaml
new file mode 100644
index 0000000..54cabb7
--- /dev/null
+++ b/dashboard/service-account.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: admin-user
+ namespace: kubernetes-dashboard
diff --git a/ingress.yaml b/ingress.yaml
deleted file mode 100644
index 432f604..0000000
--- a/ingress.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: kubernetes-dashboard
- namespace: kubernetes-dashboard
- labels:
- k3s-app: kubernetes-dashboard
- annotations:
- nginx.ingress.kubernetes.io/backend-protocol: "https"
- nginx.ingress.kubernetes.io/rewrite-target: /
- cert-manager.io/issuer: clusterissuer-le
-spec:
- ingressClassName: nginx
- tls:
- - hosts:
- - test-cluster-dashboard.localhost
- secretName: certificate-test-dashboard
- rules:
- - host: test-cluster-dashboard.localhost
- http:
- paths:
- - pathType: Prefix
- path: /
- backend:
- service:
- name: kubernetes-dashboard
- port:
- number: 443
diff --git a/letsencrypt.yaml b/letsencrypt.yaml
deleted file mode 100644
index 69f02e5..0000000
--- a/letsencrypt.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
- name: cluserissuer-le
- namespace: kubernetes-dashboard
-spec:
- acme:
- server: https://acme-v02.api.letsencrypt.org/directory
- email: tanguy.herbron@outlook.com
- privateKeySecretRef:
- name: letsencrypt-test
- solvers:
- - http01:
- ingress:
- class: traefik
diff --git a/nginx/deployment.yaml b/nginx/deployment.yaml
new file mode 100644
index 0000000..697b02d
--- /dev/null
+++ b/nginx/deployment.yaml
@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: nginx
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: nginx
+ template:
+ metadata:
+ labels:
+ app: nginx
+ spec:
+ containers:
+ - name: nginx
+ image: nginx
+ ports:
+ - containerPort: 80
diff --git a/nginx/ingress.yaml b/nginx/ingress.yaml
new file mode 100644
index 0000000..2dee392
--- /dev/null
+++ b/nginx/ingress.yaml
@@ -0,0 +1,29 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+ name: stripprefix
+spec:
+ stripPrefix:
+ prefixes:
+ - /nginx
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: nginx-ingress
+ annotations:
+ kubernetes.io/ingress.class: "traefik"
+ "traefik.ingress.kubernetes.io/router.middlewares": default-stripprefix@kubernetescrd
+spec:
+ rules:
+ - host: nginx.localhost
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: nginx-svc
+ port:
+ number: 80
diff --git a/nginx/service.yaml b/nginx/service.yaml
new file mode 100644
index 0000000..1d973e2
--- /dev/null
+++ b/nginx/service.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: nginx-svc
+spec:
+ ports:
+ - name: http
+ port: 80
+ selector:
+ app: nginx