From cf39034bdfa507d40fe37df4a8b89924d42c6a1f Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Sun, 20 Oct 2024 12:19:12 +0000 Subject: [PATCH] add homepage module and some more integrations [ci skip] --- modules/kubernetes/calibre/main.tf | 19 +++ modules/kubernetes/crowdsec/main.tf | 4 +- modules/kubernetes/crowdsec/values.yaml | 9 ++ modules/kubernetes/homepage/main.tf | 29 ++++ modules/kubernetes/homepage/values.yaml | 153 ++++++++++++++++++ .../monitoring/prometheus_chart_values.tpl | 8 + modules/kubernetes/paperless-ngx/main.tf | 19 +++ .../kubernetes/reverse_proxy/factory/main.tf | 7 +- modules/kubernetes/uptime-kuma/main.tf | 10 ++ 9 files changed, 255 insertions(+), 3 deletions(-) create mode 100644 modules/kubernetes/homepage/main.tf create mode 100644 modules/kubernetes/homepage/values.yaml diff --git a/modules/kubernetes/calibre/main.tf b/modules/kubernetes/calibre/main.tf index 829fdc29..546f5fcc 100644 --- a/modules/kubernetes/calibre/main.tf +++ b/modules/kubernetes/calibre/main.tf @@ -1,4 +1,10 @@ variable "tls_secret_name" {} +variable "homepage_username" { + default = "" +} +variable "homepage_password" { + default = "" +} resource "kubernetes_namespace" "calibre" { metadata { @@ -113,6 +119,19 @@ resource "kubernetes_ingress_v1" "calibre" { annotations = { "kubernetes.io/ingress.class" = "nginx" "nginx.ingress.kubernetes.io/proxy-body-size" : "5000m" + + "gethomepage.dev/enabled" = "true" + "gethomepage.dev/description" = "Book library" + # gethomepage.dev/group: Media + "gethomepage.dev/icon" : "calibre-web.png" + "gethomepage.dev/name" = "Calibre" + "gethomepage.dev/widget.type" = "calibreweb" + "gethomepage.dev/widget.url" = "https://calibre.viktorbarzin.me" + "gethomepage.dev/widget.username" = var.homepage_username + "gethomepage.dev/widget.password" = var.homepage_password + "gethomepage.dev/pod-selector" = "" + # gethomepage.dev/weight: 10 # optional + # gethomepage.dev/instance: "public" # optional } } diff --git a/modules/kubernetes/crowdsec/main.tf b/modules/kubernetes/crowdsec/main.tf index 37cf9d29..4fecd996 100644 --- a/modules/kubernetes/crowdsec/main.tf +++ b/modules/kubernetes/crowdsec/main.tf @@ -1,4 +1,6 @@ variable "tls_secret_name" {} +variable "homepage_username" {} +variable "homepage_password" {} module "tls_secret" { source = "../setup_tls_secret" @@ -65,7 +67,7 @@ resource "helm_release" "crowdsec" { repository = "https://crowdsecurity.github.io/helm-charts" chart = "crowdsec" - values = [templatefile("${path.module}/values.yaml", {})] + values = [templatefile("${path.module}/values.yaml", { homepage_username = var.homepage_username, homepage_password = var.homepage_password })] } # resource "kubernetes_ingress_v1" "metabase" { diff --git a/modules/kubernetes/crowdsec/values.yaml b/modules/kubernetes/crowdsec/values.yaml index 0c580d69..c841ac7b 100644 --- a/modules/kubernetes/crowdsec/values.yaml +++ b/modules/kubernetes/crowdsec/values.yaml @@ -31,6 +31,15 @@ lapi: nginx.ingress.kubernetes.io/backend-protocol: "HTTP" nginx.ingress.kubernetes.io/auth-url: "https://oauth2.viktorbarzin.me/oauth2/auth" nginx.ingress.kubernetes.io/auth-signin: "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" + gethomepage.dev/enabled: "true" + gethomepage.dev/description: "Web Application Firewall" + gethomepage.dev/icon: "crowdsec.png" + gethomepage.dev/name: "CrowdSec" + gethomepage.dev/widget.type: "crowdsec" + gethomepage.dev/widget.url: "http://crowdsec-service.crowdsec.svc.cluster.local:8080" + gethomepage.dev/widget.username: "${homepage_username}" + gethomepage.dev/widget.password: "${homepage_password}" + gethomepage.dev/pod-selector: "" ingressClassName: "nginx" host: "crowdsec.viktorbarzin.me" tls: diff --git a/modules/kubernetes/homepage/main.tf b/modules/kubernetes/homepage/main.tf new file mode 100644 index 00000000..a61592b1 --- /dev/null +++ b/modules/kubernetes/homepage/main.tf @@ -0,0 +1,29 @@ + +variable "tls_secret_name" {} + +module "tls_secret" { + source = "../setup_tls_secret" + namespace = "homepage" + tls_secret_name = var.tls_secret_name +} + +resource "kubernetes_namespace" "homepage" { + metadata { + name = "homepage" + labels = { + "istio-injection" : "disabled" + } + } +} + +resource "helm_release" "homepage" { + namespace = "homepage" + create_namespace = false + name = "homepage" + atomic = true + + repository = "http://jameswynn.github.io/helm-charts" + chart = "homepage" + + values = [templatefile("${path.module}/values.yaml", { tls_secret_name = var.tls_secret_name })] +} diff --git a/modules/kubernetes/homepage/values.yaml b/modules/kubernetes/homepage/values.yaml new file mode 100644 index 00000000..b1ca466d --- /dev/null +++ b/modules/kubernetes/homepage/values.yaml @@ -0,0 +1,153 @@ +image: + repository: ghcr.io/gethomepage/homepage + # tag: v0.6.0 + +# Enable RBAC. RBAC is necessary to use Kubernetes integration +enableRbac: true + +extraClusterRoles: + # - apiGroups: + # - some-group + # resources: + # - some-resource + # verbs: + # - get + +serviceAccount: + # Specify a different service account name. When blank it will default to the release + # name if *create* is enabled, otherwise it will refer to the default service account. + name: "" + # Create service account. Needed when RBAC is enabled. + create: false + +service: + main: + ports: + http: + port: 3000 + +controller: + strategy: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + +# Enable the ingress to expose Homepage to the network. +ingress: + main: + enabled: true + labels: + # This label will enable discover of this deployment in Homepage + gethomepage.dev/enabled: "true" + annotations: + # These annotations will configure how this deployment is shown in Homepage + gethomepage.dev/name: "Homepage" + gethomepage.dev/description: "A modern, secure, highly customizable application dashboard." + gethomepage.dev/group: "A New Group" + gethomepage.dev/icon: "homepage.png" + ingressClassName: "nginx" + hosts: + - host: &host "home.viktorbarzin.me" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - *host + secretName: ${tls_secret_name} + +# All the config files for Homepage can be specified under their relevant config block. +config: + # To use an existing ConfigMap uncomment this line and specify the name + # useExistingConfigMap: existing-homepage-configmap + bookmarks: + - Developer: + - Github: + - abbr: Viktor Barzin + href: https://github.com/viktorbarzin + services: + # - My First Group: + # - My First Service: + # href: http://localhost/ + # description: Homepage is awesome + + # - My Second Group: + # - My Second Service: + # href: http://localhost/ + # description: Homepage is the best + + # - My Third Group: + # - My Third Service: + # href: http://localhost/ + # description: Homepage is 😎 + widgets: + - resources: + # change backend to 'kubernetes' to use Kubernetes integration. Requires RBAC. + # backend: resources + backend: kubernetes + expanded: true + cpu: true + memory: true + - search: + provider: duckduckgo + target: _blank + ## Uncomment to enable Kubernetes integration + - kubernetes: + cluster: + show: true + cpu: true + memory: true + showLabel: true + label: "cluster" + nodes: + show: true + cpu: true + memory: true + showLabel: true + kubernetes: + # change mode to 'cluster' to use RBAC service account + # mode: disable + mode: cluster + docker: + settings: + +# -- Main environment variables. Template enabled. +# Syntax options: +# A) TZ: UTC +# B) PASSWD: '{{ .Release.Name }}' +# C) PASSWD: +# configMapKeyRef: +# name: config-map-name +# key: key-name +# D) PASSWD: +# valueFrom: +# secretKeyRef: +# name: secret-name +# key: key-name +# ... +# E) - name: TZ +# value: UTC +# F) - name: TZ +# value: '{{ .Release.Name }}' +env: + +# To include environment variables from other configs or other secrets for use in +# Homepage's variable substitutions. Refer to them here. +# envFrom: +# - secretRef: +# name: my-secret +# - configMapRef: +# name: my-configmap + +persistence: + logs: + enabled: true + type: emptyDir + mountPath: /app/config/logs +# resources: +# requests: +# memory: 10Mi +# cpu: 10m +# limits: +# memory: 200Mi +# cpu: 500m diff --git a/modules/kubernetes/monitoring/prometheus_chart_values.tpl b/modules/kubernetes/monitoring/prometheus_chart_values.tpl index b0950b63..44335c96 100644 --- a/modules/kubernetes/monitoring/prometheus_chart_values.tpl +++ b/modules/kubernetes/monitoring/prometheus_chart_values.tpl @@ -89,6 +89,14 @@ server: # nginx.ingress.kubernetes.io/auth-tls-secret: "default/ca-secret" nginx.ingress.kubernetes.io/auth-url: "https://oauth2.viktorbarzin.me/oauth2/auth" nginx.ingress.kubernetes.io/auth-signin: "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" + + gethomepage.dev/enabled: "true" + gethomepage.dev/description: "Prometheus" + gethomepage.dev/icon: "prometheus.png" + gethomepage.dev/name: "Prometheus" + gethomepage.dev/widget.type: "prometheus" + gethomepage.dev/widget.url: "http://prometheus-server.monitoring.svc.cluster.local:80" + gethomepage.dev/pod-selector: "" tls: - secretName: "tls-secret" hosts: diff --git a/modules/kubernetes/paperless-ngx/main.tf b/modules/kubernetes/paperless-ngx/main.tf index 3142e1dd..866a335a 100644 --- a/modules/kubernetes/paperless-ngx/main.tf +++ b/modules/kubernetes/paperless-ngx/main.tf @@ -1,5 +1,9 @@ variable "tls_secret_name" {} variable "db_password" {} +# variable "homepage_token" {} +variable "homepage_username" {} +variable "homepage_password" {} + resource "kubernetes_namespace" "paperless-ngx" { metadata { @@ -144,6 +148,21 @@ resource "kubernetes_ingress_v1" "paperless-ngx" { "nginx.ingress.kubernetes.io/proxy-body-size" : "100000m" # see https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#rate-limiting for all annotations # "nginx.ingress.kubernetes.io/limit-rpm": "5" + + "gethomepage.dev/enabled" = "true" + "gethomepage.dev/description" = "Document library" + # gethomepage.dev/group: Media + "gethomepage.dev/icon" : "paperless-ngx.png" + "gethomepage.dev/name" = "Paperless-ngx" + "gethomepage.dev/widget.type" = "paperlessngx" + "gethomepage.dev/widget.url" = "https://pdf.viktorbarzin.me" + # "gethomepage.dev/widget.token" = var.homepage_token + "gethomepage.dev/widget.username" = var.homepage_username + "gethomepage.dev/widget.password" = var.homepage_password + "gethomepage.dev/widget.fields" = "[\"total\"]" + "gethomepage.dev/pod-selector" = "" + # gethomepage.dev/weight: 10 # optional + # gethomepage.dev/instance: "public" # optional } } diff --git a/modules/kubernetes/reverse_proxy/factory/main.tf b/modules/kubernetes/reverse_proxy/factory/main.tf index 4615dcf6..75943212 100644 --- a/modules/kubernetes/reverse_proxy/factory/main.tf +++ b/modules/kubernetes/reverse_proxy/factory/main.tf @@ -30,6 +30,9 @@ variable "proxy_timeout" { type = number default = 60 } +variable "extra_annotations" { + default = {} +} resource "kubernetes_service" "proxied-service" { @@ -58,7 +61,7 @@ resource "kubernetes_ingress_v1" "proxied-ingress" { metadata { name = var.name namespace = var.namespace - annotations = { + annotations = merge({ "nginx.ingress.kubernetes.io/backend-protocol" = "${var.backend_protocol}" "kubernetes.io/ingress.class" = "nginx" # "nginx.ingress.kubernetes.io/auth-url" : var.protected ? "https://oauth2.viktorbarzin.me/oauth2/auth" : null @@ -72,7 +75,7 @@ resource "kubernetes_ingress_v1" "proxied-ingress" { "nginx.ingress.kubernetes.io/proxy-send-timeout" : var.proxy_timeout "nginx.ingress.kubernetes.io/proxy-read-timeout" : var.proxy_timeout - } + }, var.extra_annotations) } spec { diff --git a/modules/kubernetes/uptime-kuma/main.tf b/modules/kubernetes/uptime-kuma/main.tf index e2ead307..a4fc1836 100644 --- a/modules/kubernetes/uptime-kuma/main.tf +++ b/modules/kubernetes/uptime-kuma/main.tf @@ -97,6 +97,16 @@ resource "kubernetes_ingress_v1" "uptime-kuma" { "nginx.ingress.kubernetes.io/affinity" = "cookie" "nginx.ingress.kubernetes.io/affinity-mode" = "persistent" "nginx.ingress.kubernetes.io/session-cookie-name" = "_sa_nginx" + + "gethomepage.dev/enabled" = "true" + "gethomepage.dev/description" = "Uptime monitor" + # gethomepage.dev/group: Media + "gethomepage.dev/icon" : "uptime-kuma.png" + "gethomepage.dev/name" = "Uptime Kuma" + "gethomepage.dev/widget.type" = "uptimekuma" + "gethomepage.dev/widget.url" = "https://uptime.viktorbarzin.me" + "gethomepage.dev/widget.slug" = "cluster-internal" + "gethomepage.dev/pod-selector" = "" } }