add homepage module and some more integrations [ci skip]
This commit is contained in:
parent
045d271d52
commit
cf39034bdf
9 changed files with 255 additions and 3 deletions
|
|
@ -1,4 +1,10 @@
|
||||||
variable "tls_secret_name" {}
|
variable "tls_secret_name" {}
|
||||||
|
variable "homepage_username" {
|
||||||
|
default = ""
|
||||||
|
}
|
||||||
|
variable "homepage_password" {
|
||||||
|
default = ""
|
||||||
|
}
|
||||||
|
|
||||||
resource "kubernetes_namespace" "calibre" {
|
resource "kubernetes_namespace" "calibre" {
|
||||||
metadata {
|
metadata {
|
||||||
|
|
@ -113,6 +119,19 @@ resource "kubernetes_ingress_v1" "calibre" {
|
||||||
annotations = {
|
annotations = {
|
||||||
"kubernetes.io/ingress.class" = "nginx"
|
"kubernetes.io/ingress.class" = "nginx"
|
||||||
"nginx.ingress.kubernetes.io/proxy-body-size" : "5000m"
|
"nginx.ingress.kubernetes.io/proxy-body-size" : "5000m"
|
||||||
|
|
||||||
|
"gethomepage.dev/enabled" = "true"
|
||||||
|
"gethomepage.dev/description" = "Book library"
|
||||||
|
# gethomepage.dev/group: Media
|
||||||
|
"gethomepage.dev/icon" : "calibre-web.png"
|
||||||
|
"gethomepage.dev/name" = "Calibre"
|
||||||
|
"gethomepage.dev/widget.type" = "calibreweb"
|
||||||
|
"gethomepage.dev/widget.url" = "https://calibre.viktorbarzin.me"
|
||||||
|
"gethomepage.dev/widget.username" = var.homepage_username
|
||||||
|
"gethomepage.dev/widget.password" = var.homepage_password
|
||||||
|
"gethomepage.dev/pod-selector" = ""
|
||||||
|
# gethomepage.dev/weight: 10 # optional
|
||||||
|
# gethomepage.dev/instance: "public" # optional
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,6 @@
|
||||||
variable "tls_secret_name" {}
|
variable "tls_secret_name" {}
|
||||||
|
variable "homepage_username" {}
|
||||||
|
variable "homepage_password" {}
|
||||||
|
|
||||||
module "tls_secret" {
|
module "tls_secret" {
|
||||||
source = "../setup_tls_secret"
|
source = "../setup_tls_secret"
|
||||||
|
|
@ -65,7 +67,7 @@ resource "helm_release" "crowdsec" {
|
||||||
repository = "https://crowdsecurity.github.io/helm-charts"
|
repository = "https://crowdsecurity.github.io/helm-charts"
|
||||||
chart = "crowdsec"
|
chart = "crowdsec"
|
||||||
|
|
||||||
values = [templatefile("${path.module}/values.yaml", {})]
|
values = [templatefile("${path.module}/values.yaml", { homepage_username = var.homepage_username, homepage_password = var.homepage_password })]
|
||||||
}
|
}
|
||||||
|
|
||||||
# resource "kubernetes_ingress_v1" "metabase" {
|
# resource "kubernetes_ingress_v1" "metabase" {
|
||||||
|
|
|
||||||
|
|
@ -31,6 +31,15 @@ lapi:
|
||||||
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
|
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
|
||||||
nginx.ingress.kubernetes.io/auth-url: "https://oauth2.viktorbarzin.me/oauth2/auth"
|
nginx.ingress.kubernetes.io/auth-url: "https://oauth2.viktorbarzin.me/oauth2/auth"
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
|
nginx.ingress.kubernetes.io/auth-signin: "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
|
||||||
|
gethomepage.dev/enabled: "true"
|
||||||
|
gethomepage.dev/description: "Web Application Firewall"
|
||||||
|
gethomepage.dev/icon: "crowdsec.png"
|
||||||
|
gethomepage.dev/name: "CrowdSec"
|
||||||
|
gethomepage.dev/widget.type: "crowdsec"
|
||||||
|
gethomepage.dev/widget.url: "http://crowdsec-service.crowdsec.svc.cluster.local:8080"
|
||||||
|
gethomepage.dev/widget.username: "${homepage_username}"
|
||||||
|
gethomepage.dev/widget.password: "${homepage_password}"
|
||||||
|
gethomepage.dev/pod-selector: ""
|
||||||
ingressClassName: "nginx"
|
ingressClassName: "nginx"
|
||||||
host: "crowdsec.viktorbarzin.me"
|
host: "crowdsec.viktorbarzin.me"
|
||||||
tls:
|
tls:
|
||||||
|
|
|
||||||
29
modules/kubernetes/homepage/main.tf
Normal file
29
modules/kubernetes/homepage/main.tf
Normal file
|
|
@ -0,0 +1,29 @@
|
||||||
|
|
||||||
|
variable "tls_secret_name" {}
|
||||||
|
|
||||||
|
module "tls_secret" {
|
||||||
|
source = "../setup_tls_secret"
|
||||||
|
namespace = "homepage"
|
||||||
|
tls_secret_name = var.tls_secret_name
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "kubernetes_namespace" "homepage" {
|
||||||
|
metadata {
|
||||||
|
name = "homepage"
|
||||||
|
labels = {
|
||||||
|
"istio-injection" : "disabled"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "helm_release" "homepage" {
|
||||||
|
namespace = "homepage"
|
||||||
|
create_namespace = false
|
||||||
|
name = "homepage"
|
||||||
|
atomic = true
|
||||||
|
|
||||||
|
repository = "http://jameswynn.github.io/helm-charts"
|
||||||
|
chart = "homepage"
|
||||||
|
|
||||||
|
values = [templatefile("${path.module}/values.yaml", { tls_secret_name = var.tls_secret_name })]
|
||||||
|
}
|
||||||
153
modules/kubernetes/homepage/values.yaml
Normal file
153
modules/kubernetes/homepage/values.yaml
Normal file
|
|
@ -0,0 +1,153 @@
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/gethomepage/homepage
|
||||||
|
# tag: v0.6.0
|
||||||
|
|
||||||
|
# Enable RBAC. RBAC is necessary to use Kubernetes integration
|
||||||
|
enableRbac: true
|
||||||
|
|
||||||
|
extraClusterRoles:
|
||||||
|
# - apiGroups:
|
||||||
|
# - some-group
|
||||||
|
# resources:
|
||||||
|
# - some-resource
|
||||||
|
# verbs:
|
||||||
|
# - get
|
||||||
|
|
||||||
|
serviceAccount:
|
||||||
|
# Specify a different service account name. When blank it will default to the release
|
||||||
|
# name if *create* is enabled, otherwise it will refer to the default service account.
|
||||||
|
name: ""
|
||||||
|
# Create service account. Needed when RBAC is enabled.
|
||||||
|
create: false
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
ports:
|
||||||
|
http:
|
||||||
|
port: 3000
|
||||||
|
|
||||||
|
controller:
|
||||||
|
strategy: RollingUpdate
|
||||||
|
rollingUpdate:
|
||||||
|
maxSurge: 25%
|
||||||
|
maxUnavailable: 25%
|
||||||
|
|
||||||
|
# Enable the ingress to expose Homepage to the network.
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
labels:
|
||||||
|
# This label will enable discover of this deployment in Homepage
|
||||||
|
gethomepage.dev/enabled: "true"
|
||||||
|
annotations:
|
||||||
|
# These annotations will configure how this deployment is shown in Homepage
|
||||||
|
gethomepage.dev/name: "Homepage"
|
||||||
|
gethomepage.dev/description: "A modern, secure, highly customizable application dashboard."
|
||||||
|
gethomepage.dev/group: "A New Group"
|
||||||
|
gethomepage.dev/icon: "homepage.png"
|
||||||
|
ingressClassName: "nginx"
|
||||||
|
hosts:
|
||||||
|
- host: &host "home.viktorbarzin.me"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *host
|
||||||
|
secretName: ${tls_secret_name}
|
||||||
|
|
||||||
|
# All the config files for Homepage can be specified under their relevant config block.
|
||||||
|
config:
|
||||||
|
# To use an existing ConfigMap uncomment this line and specify the name
|
||||||
|
# useExistingConfigMap: existing-homepage-configmap
|
||||||
|
bookmarks:
|
||||||
|
- Developer:
|
||||||
|
- Github:
|
||||||
|
- abbr: Viktor Barzin
|
||||||
|
href: https://github.com/viktorbarzin
|
||||||
|
services:
|
||||||
|
# - My First Group:
|
||||||
|
# - My First Service:
|
||||||
|
# href: http://localhost/
|
||||||
|
# description: Homepage is awesome
|
||||||
|
|
||||||
|
# - My Second Group:
|
||||||
|
# - My Second Service:
|
||||||
|
# href: http://localhost/
|
||||||
|
# description: Homepage is the best
|
||||||
|
|
||||||
|
# - My Third Group:
|
||||||
|
# - My Third Service:
|
||||||
|
# href: http://localhost/
|
||||||
|
# description: Homepage is 😎
|
||||||
|
widgets:
|
||||||
|
- resources:
|
||||||
|
# change backend to 'kubernetes' to use Kubernetes integration. Requires RBAC.
|
||||||
|
# backend: resources
|
||||||
|
backend: kubernetes
|
||||||
|
expanded: true
|
||||||
|
cpu: true
|
||||||
|
memory: true
|
||||||
|
- search:
|
||||||
|
provider: duckduckgo
|
||||||
|
target: _blank
|
||||||
|
## Uncomment to enable Kubernetes integration
|
||||||
|
- kubernetes:
|
||||||
|
cluster:
|
||||||
|
show: true
|
||||||
|
cpu: true
|
||||||
|
memory: true
|
||||||
|
showLabel: true
|
||||||
|
label: "cluster"
|
||||||
|
nodes:
|
||||||
|
show: true
|
||||||
|
cpu: true
|
||||||
|
memory: true
|
||||||
|
showLabel: true
|
||||||
|
kubernetes:
|
||||||
|
# change mode to 'cluster' to use RBAC service account
|
||||||
|
# mode: disable
|
||||||
|
mode: cluster
|
||||||
|
docker:
|
||||||
|
settings:
|
||||||
|
|
||||||
|
# -- Main environment variables. Template enabled.
|
||||||
|
# Syntax options:
|
||||||
|
# A) TZ: UTC
|
||||||
|
# B) PASSWD: '{{ .Release.Name }}'
|
||||||
|
# C) PASSWD:
|
||||||
|
# configMapKeyRef:
|
||||||
|
# name: config-map-name
|
||||||
|
# key: key-name
|
||||||
|
# D) PASSWD:
|
||||||
|
# valueFrom:
|
||||||
|
# secretKeyRef:
|
||||||
|
# name: secret-name
|
||||||
|
# key: key-name
|
||||||
|
# ...
|
||||||
|
# E) - name: TZ
|
||||||
|
# value: UTC
|
||||||
|
# F) - name: TZ
|
||||||
|
# value: '{{ .Release.Name }}'
|
||||||
|
env:
|
||||||
|
|
||||||
|
# To include environment variables from other configs or other secrets for use in
|
||||||
|
# Homepage's variable substitutions. Refer to them here.
|
||||||
|
# envFrom:
|
||||||
|
# - secretRef:
|
||||||
|
# name: my-secret
|
||||||
|
# - configMapRef:
|
||||||
|
# name: my-configmap
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
logs:
|
||||||
|
enabled: true
|
||||||
|
type: emptyDir
|
||||||
|
mountPath: /app/config/logs
|
||||||
|
# resources:
|
||||||
|
# requests:
|
||||||
|
# memory: 10Mi
|
||||||
|
# cpu: 10m
|
||||||
|
# limits:
|
||||||
|
# memory: 200Mi
|
||||||
|
# cpu: 500m
|
||||||
|
|
@ -89,6 +89,14 @@ server:
|
||||||
# nginx.ingress.kubernetes.io/auth-tls-secret: "default/ca-secret"
|
# nginx.ingress.kubernetes.io/auth-tls-secret: "default/ca-secret"
|
||||||
nginx.ingress.kubernetes.io/auth-url: "https://oauth2.viktorbarzin.me/oauth2/auth"
|
nginx.ingress.kubernetes.io/auth-url: "https://oauth2.viktorbarzin.me/oauth2/auth"
|
||||||
nginx.ingress.kubernetes.io/auth-signin: "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
|
nginx.ingress.kubernetes.io/auth-signin: "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
|
||||||
|
|
||||||
|
gethomepage.dev/enabled: "true"
|
||||||
|
gethomepage.dev/description: "Prometheus"
|
||||||
|
gethomepage.dev/icon: "prometheus.png"
|
||||||
|
gethomepage.dev/name: "Prometheus"
|
||||||
|
gethomepage.dev/widget.type: "prometheus"
|
||||||
|
gethomepage.dev/widget.url: "http://prometheus-server.monitoring.svc.cluster.local:80"
|
||||||
|
gethomepage.dev/pod-selector: ""
|
||||||
tls:
|
tls:
|
||||||
- secretName: "tls-secret"
|
- secretName: "tls-secret"
|
||||||
hosts:
|
hosts:
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,9 @@
|
||||||
variable "tls_secret_name" {}
|
variable "tls_secret_name" {}
|
||||||
variable "db_password" {}
|
variable "db_password" {}
|
||||||
|
# variable "homepage_token" {}
|
||||||
|
variable "homepage_username" {}
|
||||||
|
variable "homepage_password" {}
|
||||||
|
|
||||||
|
|
||||||
resource "kubernetes_namespace" "paperless-ngx" {
|
resource "kubernetes_namespace" "paperless-ngx" {
|
||||||
metadata {
|
metadata {
|
||||||
|
|
@ -144,6 +148,21 @@ resource "kubernetes_ingress_v1" "paperless-ngx" {
|
||||||
"nginx.ingress.kubernetes.io/proxy-body-size" : "100000m"
|
"nginx.ingress.kubernetes.io/proxy-body-size" : "100000m"
|
||||||
# see https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#rate-limiting for all annotations
|
# see https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#rate-limiting for all annotations
|
||||||
# "nginx.ingress.kubernetes.io/limit-rpm": "5"
|
# "nginx.ingress.kubernetes.io/limit-rpm": "5"
|
||||||
|
|
||||||
|
"gethomepage.dev/enabled" = "true"
|
||||||
|
"gethomepage.dev/description" = "Document library"
|
||||||
|
# gethomepage.dev/group: Media
|
||||||
|
"gethomepage.dev/icon" : "paperless-ngx.png"
|
||||||
|
"gethomepage.dev/name" = "Paperless-ngx"
|
||||||
|
"gethomepage.dev/widget.type" = "paperlessngx"
|
||||||
|
"gethomepage.dev/widget.url" = "https://pdf.viktorbarzin.me"
|
||||||
|
# "gethomepage.dev/widget.token" = var.homepage_token
|
||||||
|
"gethomepage.dev/widget.username" = var.homepage_username
|
||||||
|
"gethomepage.dev/widget.password" = var.homepage_password
|
||||||
|
"gethomepage.dev/widget.fields" = "[\"total\"]"
|
||||||
|
"gethomepage.dev/pod-selector" = ""
|
||||||
|
# gethomepage.dev/weight: 10 # optional
|
||||||
|
# gethomepage.dev/instance: "public" # optional
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -30,6 +30,9 @@ variable "proxy_timeout" {
|
||||||
type = number
|
type = number
|
||||||
default = 60
|
default = 60
|
||||||
}
|
}
|
||||||
|
variable "extra_annotations" {
|
||||||
|
default = {}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
resource "kubernetes_service" "proxied-service" {
|
resource "kubernetes_service" "proxied-service" {
|
||||||
|
|
@ -58,7 +61,7 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
|
||||||
metadata {
|
metadata {
|
||||||
name = var.name
|
name = var.name
|
||||||
namespace = var.namespace
|
namespace = var.namespace
|
||||||
annotations = {
|
annotations = merge({
|
||||||
"nginx.ingress.kubernetes.io/backend-protocol" = "${var.backend_protocol}"
|
"nginx.ingress.kubernetes.io/backend-protocol" = "${var.backend_protocol}"
|
||||||
"kubernetes.io/ingress.class" = "nginx"
|
"kubernetes.io/ingress.class" = "nginx"
|
||||||
# "nginx.ingress.kubernetes.io/auth-url" : var.protected ? "https://oauth2.viktorbarzin.me/oauth2/auth" : null
|
# "nginx.ingress.kubernetes.io/auth-url" : var.protected ? "https://oauth2.viktorbarzin.me/oauth2/auth" : null
|
||||||
|
|
@ -72,7 +75,7 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
|
||||||
"nginx.ingress.kubernetes.io/proxy-send-timeout" : var.proxy_timeout
|
"nginx.ingress.kubernetes.io/proxy-send-timeout" : var.proxy_timeout
|
||||||
"nginx.ingress.kubernetes.io/proxy-read-timeout" : var.proxy_timeout
|
"nginx.ingress.kubernetes.io/proxy-read-timeout" : var.proxy_timeout
|
||||||
|
|
||||||
}
|
}, var.extra_annotations)
|
||||||
}
|
}
|
||||||
|
|
||||||
spec {
|
spec {
|
||||||
|
|
|
||||||
|
|
@ -97,6 +97,16 @@ resource "kubernetes_ingress_v1" "uptime-kuma" {
|
||||||
"nginx.ingress.kubernetes.io/affinity" = "cookie"
|
"nginx.ingress.kubernetes.io/affinity" = "cookie"
|
||||||
"nginx.ingress.kubernetes.io/affinity-mode" = "persistent"
|
"nginx.ingress.kubernetes.io/affinity-mode" = "persistent"
|
||||||
"nginx.ingress.kubernetes.io/session-cookie-name" = "_sa_nginx"
|
"nginx.ingress.kubernetes.io/session-cookie-name" = "_sa_nginx"
|
||||||
|
|
||||||
|
"gethomepage.dev/enabled" = "true"
|
||||||
|
"gethomepage.dev/description" = "Uptime monitor"
|
||||||
|
# gethomepage.dev/group: Media
|
||||||
|
"gethomepage.dev/icon" : "uptime-kuma.png"
|
||||||
|
"gethomepage.dev/name" = "Uptime Kuma"
|
||||||
|
"gethomepage.dev/widget.type" = "uptimekuma"
|
||||||
|
"gethomepage.dev/widget.url" = "https://uptime.viktorbarzin.me"
|
||||||
|
"gethomepage.dev/widget.slug" = "cluster-internal"
|
||||||
|
"gethomepage.dev/pod-selector" = ""
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue