jleechpe/k3s
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Switch postgres and redis to kustomize

Browse source
This commit is contained in:
JLP 2025-03-30 13:00:00 -04:00
parent a002006169
commit 296ad3c364
No known key found for this signature in database
GPG key ID: 414E00D1FF7519DC
16 changed files with 424 additions and 192 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
charts/gpu-runtime.yaml
View file

@ -2,9 +2,15 @@ apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: nvidia-device-plugin
namespace: kube-system
namespace: charts
spec:
chart: nvidia-device-plugin
repo: https://nvidia.github.io/k8s-device-plugin
valuesContent: |-
runtimeClassName: nvidia
namespaceOverride: kube-system
tolerations:
- key: "gpu"
value: "true"
operator: "Equal"
effect: "NoSchedule"

26
kustomize/statefulset/httproute-http.yaml Normal file
View file

@ -0,0 +1,26 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http
spec:
parentRefs:
- name: homelab-gateway
sectionName: web
kind: Gateway
namespace: homelab
hostnames:
- web.leechpepin.com
rules:
- filters:
- type: RequestHeaderModifier
requestHeaderModifier:
set:
- name: "X-Forwarded-Proto"
value: "https"
backendRefs:
- name: web
port: 80
matches:
- path:
type: PathPrefix
value: /

20
kustomize/statefulset/httproute-https.yaml Normal file
View file

@ -0,0 +1,20 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: https
spec:
parentRefs:
- name: homelab-gateway
sectionName: websecure
kind: Gateway
namespace: homelab
hostnames:
- web.leechpepin.com
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: web
port: 80

14
kustomize/statefulset/kustomization.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- statefulset.yaml
- service.yaml
- httproute-http.yaml
- httproute-https.yaml
- secret.yaml
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/managed-by: kustomize

27
kustomize/statefulset/secret.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: secrets.infisical.com/v1alpha1
kind: InfisicalSecret
metadata:
name: secrets
namespace: infisical
labels:
label-to-be-passed-to-managed-secret: homelab
annotations:
example.com/annotation-to-be-passed-to-managed-secret: "homelab"
spec:
hostAPI: https://app.infisical.com/api
resyncInterval: 10
authentication:
# Universal Auth
universalAuth:
secretsScope:
projectSlug: homelab-n-f-yj
envSlug: prod
secretsPath: "/apps/appname" # Root is "/"
recursive: false # Whether or not to use recursive mode (Fetches all secrets in an environment from a given secret path, and all folders inside the path) / defaults to false
credentialsRef:
secretName: universal-auth-credentials
secretNamespace: infisical
managedSecretReference:
secretName: app-secrets
secretNamespace: ns
creationPolicy: "Orphan" ## Owner | Orphan

11
kustomize/statefulset/service.yaml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: svc
spec:
type: ClusterIP
ports:
- port: 80
name: test
targetPort: test
protocol: TCP

23
kustomize/statefulset/statefulset.yaml Normal file
View file

@ -0,0 +1,23 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: ss
namespace: core
spec:
serviceName: ss-svc
replicas: 1
template:
spec:
restartPolicy: Always
volumeClaimTemplates:
- metadata:
name: ss-data
annotations:
name: ss-data
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-private
resources:
requests:
storage: 5Gi

2
namespaces/ai/tabby/config.toml
View file

@ -13,5 +13,5 @@ api_endpoint = "http://ollama-svc:11434/v1"
# Embedding model
[model.embedding.http]
kind = "ollama/embedding"
model_name = "ordis/jina-embeddings-v2-base-code"
model_name = "ordis/jina-embeddings-v2-base-code:latest"
api_endpoint = "http://ollama-svc:11434"

108
namespaces/core/postgres.yaml
View file

@ -1,108 +0,0 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: postgres
namespace: core
spec:
serviceName: postgres
replicas: 1
selector:
matchLabels:
name: postgres
template:
metadata:
labels:
name: postgres
spec:
restartPolicy: Always
containers:
- name: postgres
image: postgres:17.4
ports:
- name: http
containerPort: 5432
protocol: TCP
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: postgres-data
subPath: "data"
env:
- name: POSTGRES_USER
value: postgres
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: ROOT_PASSWORD
name: postgres-secrets
startupProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U ${POSTGRES_USER}
livenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U ${POSTGRES_USER}
readinessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U ${POSTGRES_USER}
volumeClaimTemplates:
- metadata:
name: postgres-data
annotations:
name: postgres-data
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-private
resources:
requests:
storage: 2Gi
---
apiVersion: v1
kind: Service
metadata:
name: postgres
namespace: core
spec:
type: ClusterIP
selector:
name: postgres
ports:
- port: 5432
name: http
targetPort: http
protocol: TCP
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TCPRoute
metadata:
name: postgres
namespace: core
spec:
parentRefs:
- name: homelab-gateway
sectionName: postgres
kind: Gateway
namespace: homelab
# hostnames:
# - postgres.leechpepin.local
rules:
# - matches:
# - path:
# type: PathPrefix
# value: /
- backendRefs:
- name: postgres
namespace: core
port: 5432

16
namespaces/core/postgres/extras/tcproute.yaml Normal file
View file

@ -0,0 +1,16 @@
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TCPRoute
metadata:
name: tcproute
namespace: core
spec:
parentRefs:
- name: homelab-gateway
sectionName: postgres
kind: Gateway
namespace: homelab
rules:
- backendRefs:
- name: postgres-svc
namespace: core
port: 5432

97
namespaces/core/postgres/kustomization.yaml Normal file
View file

@ -0,0 +1,97 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
transformers:
- |-
apiVersion: builtin
kind: NamespaceTransformer
metadata:
name: notImportantHere
namespace: core
unsetOnly: true
namePrefix: postgres-
resources:
- ../../../kustomize/statefulset/
- extras/tcproute.yaml
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/appName: postgres
- pairs:
app.kubernetes.io/appNamespace: core
patches:
- path: patches/statefulset.yaml
target:
kind: StatefulSet
name: ss
- path: patches/httproutes-delete.yaml
target:
kind: HTTPRoute
replacements:
- source:
kind: StatefulSet
name: ss
fieldPath: metadata.labels.[app.kubernetes.io/appNamespace]
targets:
- select:
kind: InfisicalSecret
fieldPaths:
- spec.managedSecretReference.secretNamespace
- select:
kind: InfisicalSecret
options:
delimiter: "/"
index: 1
fieldPaths:
- spec.authentication.universalAuth.secretsScope.secretsPath
- source:
kind: StatefulSet
name: ss
fieldPath: metadata.labels.[app.kubernetes.io/appName]
targets:
- select:
kind: StatefulSet
options:
delimiter: "-"
index: 0
fieldPaths:
- spec.volumeClaimTemplates.0.metadata.annotations.name
- spec.volumeClaimTemplates.0.metadata.name
- spec.serviceName
- select:
kind: InfisicalSecret
options:
delimiter: "-"
index: 0
fieldPaths:
- spec.managedSecretReference.secretName
- select:
kind: InfisicalSecret
options:
delimiter: "/"
index: 2
fieldPaths:
- spec.authentication.universalAuth.secretsScope.secretsPath
- source:
kind: StatefulSet
name: ss
fieldPath: spec.template.spec.containers.0.ports.0.name
targets:
- select:
kind: Service
fieldPaths:
- spec.ports.0.name
- spec.ports.0.targetPort
- source:
kind: StatefulSet
name: ss
fieldPath: spec.template.spec.containers.0.ports.0.containerPort
targets:
- select:
kind: Service
fieldPaths:
- spec.ports.0.port

5
namespaces/core/postgres/patches/httproutes-delete.yaml Normal file
View file

@ -0,0 +1,5 @@
$patch: delete
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: https

46
namespaces/core/postgres/patches/statefulset.yaml Normal file
View file

@ -0,0 +1,46 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: app
spec:
template:
spec:
securityContext:
fsGroup: 999
containers:
- name: postgres
image: postgres:17.4
ports:
- name: postgres
containerPort: 5432
protocol: TCP
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: postgres-data
subPath: "data"
env:
- name: POSTGRES_USER
value: postgres
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: ROOT_PASSWORD
name: postgres-secrets
startupProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U ${POSTGRES_USER}
livenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U ${POSTGRES_USER}
readinessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U ${POSTGRES_USER}

82
namespaces/core/redis.yaml
View file

@ -1,82 +0,0 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: redis
namespace: core
spec:
serviceName: redis
replicas: 1
selector:
matchLabels:
name: redis
template:
metadata:
labels:
name: redis
spec:
restartPolicy: Always
containers:
- name: redis
image: redis:7.4.2-alpine3.21
ports:
- name: http
containerPort: 6379
protocol: TCP
volumeMounts:
- mountPath: /data
name: redis-data
subPath: "data"
volumeClaimTemplates:
- metadata:
name: redis-data
annotations:
name: redis-data
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-private
resources:
requests:
storage: 0.5Gi
---
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: core
spec:
type: ClusterIP
selector:
name: redis
ports:
- port: 6379
name: http
targetPort: http
protocol: TCP
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: redis
namespace: core
spec:
parentRefs:
- name: homelab-gateway
sectionName: redis
kind: Gateway
namespace: homelab
hostnames:
- redis.leechpepin.local
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- name: redis
namespace: core
port: 6379

112
namespaces/core/redis/kustomization.yaml Normal file
View file

@ -0,0 +1,112 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
transformers:
- |-
apiVersion: builtin
kind: NamespaceTransformer
metadata:
name: notImportantHere
namespace: core
unsetOnly: true
namePrefix: redis-
resources:
- ../../../kustomize/statefulset/
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/appName: redis
- pairs:
app.kubernetes.io/appNamespace: core
patches:
- path: patches/statefulset.yaml
target:
kind: StatefulSet
name: ss
replacements:
- source:
kind: StatefulSet
name: ss
fieldPath: metadata.labels.[app.kubernetes.io/appNamespace]
targets:
- select:
kind: InfisicalSecret
fieldPaths:
- spec.managedSecretReference.secretNamespace
- select:
kind: InfisicalSecret
options:
delimiter: "/"
index: 1
fieldPaths:
- spec.authentication.universalAuth.secretsScope.secretsPath
- source:
kind: StatefulSet
name: ss
fieldPath: metadata.labels.[app.kubernetes.io/appName]
targets:
- select:
kind: StatefulSet
options:
delimiter: "-"
index: 0
fieldPaths:
- spec.volumeClaimTemplates.0.metadata.annotations.name
- spec.volumeClaimTemplates.0.metadata.name
- spec.serviceName
- select:
kind: InfisicalSecret
options:
delimiter: "-"
index: 0
fieldPaths:
- spec.managedSecretReference.secretName
- select:
kind: InfisicalSecret
options:
delimiter: "/"
index: 2
fieldPaths:
- spec.authentication.universalAuth.secretsScope.secretsPath
- select:
kind: HTTPRoute
options:
create: true
delimiter: "."
index: 0
fieldPaths:
- spec.hostnames.0
- source:
kind: StatefulSet
name: ss
fieldPath: spec.template.spec.containers.0.ports.0.name
targets:
- select:
kind: Service
fieldPaths:
- spec.ports.0.name
- spec.ports.0.targetPort
- source:
kind: Service
targets:
- select:
kind: HTTPRoute
fieldPaths:
- spec.rules.0.backendRefs.0.name
- source:
kind: StatefulSet
name: ss
fieldPath: spec.template.spec.containers.0.ports.0.containerPort
targets:
- select:
kind: Service
fieldPaths:
- spec.ports.0.port
- select:
kind: HTTPRoute
fieldPaths:
- spec.rules.0.backendRefs.0.port

19
namespaces/core/redis/patches/statefulset.yaml Normal file
View file

@ -0,0 +1,19 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: app
spec:
template:
spec:
restartPolicy: Always
containers:
- name: redis
image: redis:7.4.2-alpine3.21
ports:
- name: redis
containerPort: 6379
protocol: TCP
volumeMounts:
- mountPath: /data
name: redis-data
subPath: "data"