affine/Sunnypup-Helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

initial commit

Browse source 
Signed-off-by: Ava Affine <ava@sunnypup.io>
This commit is contained in:
Ava Apples Affine 2025-07-18 11:27:07 -07:00
commit aca076e864
21 changed files with 1558 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
build.sh
collabora-customizations.yaml
configs/*

23
.helmignore Normal file
View file

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
Chart.lock Normal file
View file

@ -0,0 +1,6 @@
dependencies:
- name: ingress-nginx
repository: https://kubernetes.github.io/ingress-nginx
version: 4.1.0
digest: sha256:8b7073d6a936bbabe553db735ea45d0f50517dcbaafd96f1cbb6b97f1e93023d
generated: "2022-04-27T13:06:29.739620475-07:00"

6
Chart.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: v2
appVersion: "666"
description: sunnypup.io kubernetes configuration
name: sunnypup.io
type: application
version: 1.0.12

14
README.md Normal file
View file

@ -0,0 +1,14 @@
# Sunnypup.io Services Helm Chart
This remains publicly accessible as there are many small and efficient manifests / templates here
that other self hosters can make good use of. Feel free to peruse.
## Dependencies
The following additional helm charts are installed separately.
- NGINX Ingress Controller (the one by the actual NGINX team not nginx-ingress)
- Cert Manager
- Collabora Office
## Configs
Expected in the configs dir are configuration files for Frigate and for Apache Mosquitto.
Both are omitted in this repository.

8
templates/NOTES.txt Normal file
View file

@ -0,0 +1,8 @@
1. Now you must set up /var/lib/sunnypup/
- /var/lib/sunnypup/synapse
- /var/lib/sunnypup/nextcloud
- /var/lib/sunnypup/matrix-discord
- /var/lib/sunnypup/matrix-telegram
- /var/lib/sunnypup/pg
2. Port forward
3. Pray

62
templates/_helpers.tpl Normal file
View file

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "sunnypupio.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "sunnypupio.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "sunnypupio.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "sunnypupio.labels" -}}
helm.sh/chart: {{ include "sunnypupio.chart" . }}
{{ include "sunnypupio.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "sunnypupio.selectorLabels" -}}
app.kubernetes.io/name: {{ include "sunnypupio.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "sunnypupio.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "sunnypupio.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

39
templates/echo.yaml Normal file
View file

@ -0,0 +1,39 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: echo
spec:
replicas: 1
selector:
matchLabels:
app: echo
template:
metadata:
labels:
app: echo
spec:
containers:
- name: echo-server
image: jmalloc/echo-server
ports:
- name: http-port
containerPort: 8080
env:
- name: LOG_HTTP_BODY
value: "true"
- name: LOG_HTTP_HEADERS
value: "true"
---
apiVersion: v1
kind: Service
metadata:
name: echo
spec:
clusterIP: None
ports:
- name: http-port
port: 8080
targetPort: http-port
protocol: TCP
selector:
app: echo

314
templates/forge.yaml Normal file
View file

@ -0,0 +1,314 @@
apiVersion: v1
stringData:
token: {{ .Values.forge.secret }}
kind: Secret
metadata:
name: runner-secret
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: forge
labels:
app: forge
spec:
replicas: 1
selector:
matchLabels:
app: forge
template:
metadata:
labels:
app: forge
spec:
containers:
- name: forgejo
image: codeberg.org/forgejo/forgejo:11
ports:
- name: http-port
containerPort: 3000
- name: ssh-port
containerPort: 22222
volumeMounts:
- name: local-tz
mountPath: /etc/timezone
readOnly: true
- name: local-lt
mountPath: /etc/localtime
readOnly: true
- name: persistence
mountPath: /data
env:
- name: USER_UID
value: "1000"
- name: USER_GID
value: "1000"
- name: FORGEJO__database__DB_TYPE
value: "postgres"
- name: FORGEJO__database__HOST
value: "postgres:5432"
- name: FORGEJO__database__NAME
value: "forgejo"
- name: FORGEJO__database__USER
value: {{ .Values.pg.user }}
- name: FORGEJO__database__PASSWD
value: {{ .Values.pg.pass }}
volumes:
- name: local-tz
persistentVolumeClaim:
claimName: forge-tz-pvc
- name: local-lt
persistentVolumeClaim:
claimName: forge-lt-pvc
- name: persistence
persistentVolumeClaim:
claimName: forge-persistence-pvc
---
apiVersion: v1
kind: Service
metadata:
name: forge
labels:
app: forge
spec:
clusterIP: None
ports:
- name: http-port
port: 3000
targetPort: http-port
protocol: TCP
- name: ssh-port
port: 22222
targetPort: 22222
selector:
app: forge
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: forge-tz
labels:
pvc_type: forge-tz
spec:
capacity:
storage: 10Mi
accessModes:
- ReadOnlyMany
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /etc/timezone
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: forge-lt
labels:
pvc_type: forge-lt
spec:
capacity:
storage: 10Mi
accessModes:
- ReadOnlyMany
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /etc/localtime
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: forge-tz-pvc
spec:
accessModes:
- ReadOnlyMany
volumeMode: Filesystem
storageClassName: ""
volumeName: forge-tz
resources:
requests:
storage: 10Mi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: forge-lt-pvc
spec:
accessModes:
- ReadOnlyMany
volumeMode: Filesystem
storageClassName: ""
volumeName: forge-lt
resources:
requests:
storage: 10Mi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: forge-persistence-pv
labels:
pvc_type: forge-persistence-pv
spec:
capacity:
storage: 1000Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: {{ .Values.forge.path }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: forge-persistence-pvc
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
storageClassName: ""
volumeName: forge-persistence-pv
resources:
requests:
storage: 1000Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: forgejo-runner
labels:
app: forgejo-runner
spec:
replicas: 2
selector:
matchLabels:
app: forgejo-runner
template:
metadata:
name: forgejo-runner
labels:
app: forgejo-runner
spec:
automountServiceAccountToken: false
restartPolicy: Always
initContainers:
- name: runner-register
image: code.forgejo.org/forgejo/runner:6.4.0
command:
- /bin/bash
- -c
args:
- |
while : ; do
forgejo-runner register --no-interactive --token $(RUNNER_SECRET) --name $(RUNNER_NAME) --instance $(FORGEJO_INSTANCE_URL) && break ;
sleep 1 ;
done ;
forgejo-runner generate-config > /data/config.yml ;
sed -i -e "s|network: .*|network: host|" config.yml ;
sed -i -e "s|^ envs:$$| envs:\n DOCKER_HOST: tcp://localhost:2376\n DOCKER_TLS_VERIFY: 1\n DOCKER_CERT_PATH: /certs/client|" config.yml ;
sed -i -e "s|^ options:| options: -v /certs/client:/certs/client|" config.yml ;
sed -i -e "s| valid_volumes: \[\]$$| valid_volumes:\n - /certs/client|" config.yml
env:
- name: RUNNER_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: RUNNER_SECRET
valueFrom:
secretKeyRef:
name: runner-secret
key: token
- name: FORGEJO_INSTANCE_URL
value: http://forge:3000
resources:
limits:
cpu: '0.5'
ephemeral-storage: 100Mi
memory: 64Mi
requests:
cpu: 100m
ephemeral-storage: '0'
memory: 64Mi
volumeMounts:
- name: runner-data
mountPath: /data
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: runner
image: code.forgejo.org/forgejo/runner:6.4.0
command:
- /bin/bash
- -c
args:
- |
while ! nc -z localhost 2376 </dev/null ; do
echo 'waiting for docker daemon...' ;
sleep 5 ;
done ;
forgejo-runner --config config.yml daemon
env:
- name: DOCKER_HOST
value: tcp://localhost:2376
- name: DOCKER_CERT_PATH
value: /certs/client
- name: DOCKER_TLS_VERIFY
value: '1'
resources:
limits:
cpu: '4'
ephemeral-storage: 5Gi
memory: 8Gi
requests:
cpu: 100m
ephemeral-storage: '0'
memory: 64Mi
volumeMounts:
- name: docker-certs
mountPath: /certs
- name: runner-data
mountPath: /data
- name: tmp
mountPath: /tmp
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
- name: daemon
image: docker.io/docker:28.3.0-dind
env:
- name: DOCKER_TLS_CERTDIR
value: /certs
resources:
limits:
cpu: '1'
ephemeral-storage: 3Gi
memory: 4Gi
requests:
cpu: 100m
ephemeral-storage: '0'
memory: 64Mi
securityContext:
privileged: true
volumeMounts:
- name: docker-certs
mountPath: /certs
volumes:
- name: docker-certs
emptyDir: {}
- name: runner-data
emptyDir: {}
- name: tmp
emptyDir: {}

176
templates/frigate.yaml Normal file
View file

@ -0,0 +1,176 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: frigate
labels:
app: frigate
spec:
replicas: 1
selector:
matchLabels:
app: frigate
template:
metadata:
labels:
app: frigate
spec:
containers:
- name: frigate
image: ghcr.io/blakeblackshear/frigate:0.15.0-rocm
securityContext:
privileged: true
ports:
- name: http
containerPort: 5000
protocol: TCP
- name: rtmp
containerPort: 1935
protocol: TCP
- name: rtsp
containerPort: 8554
protocol: TCP
- name: webrtc
containerPort: 8555
protocol: TCP
volumeMounts:
- name: frigate-media-storage
mountPath: /media
- name: frigate-conf-storage
mountPath: /config
- name: frigate-configmap
mountPath: /config/config.yml
subPath: config.yml
- name: dshm
mountPath: /dev/shm
- name: cache
mountPath: /tmp/cache
- name: coral
mountPath: /dev/bus/usb
- name: dev-dri
mountPath: /dev/dri
- name: dev-kfd
mountPath: /dev/kfd
volumes:
- name: frigate-media-storage
persistentVolumeClaim:
claimName: frigate-media-pvc
- name: frigate-conf-storage
persistentVolumeClaim:
claimName: frigate-conf-pvc
- name: dshm
emptyDir:
medium: Memory
sizeLimit: 5G
- name: frigate-configmap
configMap:
name: frigate-configmap
# pass through GPU for inference
- name: dev-dri
hostPath:
path: /dev/dri
- name: dev-kfd
hostPath:
path: /dev/kfd
# 1G of memory
- name: cache
emptyDir:
medium: "Memory"
sizeLimit: 1000Mi
# usb coral
- name: coral
hostPath:
path: /dev/bus/usb
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: frigate-media-pv
labels:
pvc_type: frigate-media-pv
spec:
capacity:
storage: 1000Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: {{ .Values.frigate.mediapath }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: frigate-media-pvc
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
storageClassName: ""
volumeName: frigate-media-pv
resources:
requests:
storage: 1000Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: frigate-conf-pv
labels:
pvc_type: frigate-conf-pv
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: {{ .Values.frigate.confpath }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: frigate-conf-pvc
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
storageClassName: ""
volumeName: frigate-conf-pv
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: frigate
labels:
app: frigate
spec:
type: NodePort
ports:
- name: rtmp
port: 1935
protocol: TCP
targetPort: rtmp
nodePort: 30002
- name: rtsp
port: 8554
protocol: TCP
targetPort: rtsp
nodePort: 30003
- name: http
port: 5000
protocol: TCP
targetPort: http
nodePort: 30004
selector:
app: frigate
---
apiVersion: v1
kind: ConfigMap
metadata:
name: frigate-configmap
data:
config.yml: |-
{{ (tpl (.Files.Get "configs/frigate.yaml") . ) | nindent 4 }}

78
templates/homeassistant.yaml Normal file
View file

@ -0,0 +1,78 @@
apiVersion: v1
kind: Service
metadata:
name: homeassistant
labels:
app: homeassistant
spec:
selector:
app: homeassistant
type: ClusterIP
clusterIP: None
ports:
- name: http-port
port: 8123
targetPort: 8123
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: homeassistant-proxy
spec:
replicas: 1
selector:
matchLabels:
app: homeassistant
template:
metadata:
labels:
app: homeassistant
spec:
containers:
- name: nginx
image: nginx
ports:
- name: http-port
containerPort: 8123
volumeMounts:
- name: config-volume
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
volumes:
- name: config-volume
configMap:
name: homeassistant-proxy-nginx-conf
items:
- key: nginx.conf
path: nginx.conf
---
apiVersion: v1
kind: ConfigMap
metadata:
name: homeassistant-proxy-nginx-conf
namespace: default
data:
nginx.conf: |
worker_processes auto;
events {
worker_connections 2048;
}
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
error_log stdout;
access_log stdout;
listen 8123;
listen [::]:8123;
proxy_buffering off;
location / {
proxy_pass http://172.30.32.1:8123;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
}

28
templates/hpa.yaml Normal file
View file

@ -0,0 +1,28 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "sunnypupio.fullname" . }}
labels:
{{- include "sunnypupio.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "sunnypupio.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

0
templates/monitoring.yaml Normal file
View file

96
templates/mqtt.yaml Normal file
View file

@ -0,0 +1,96 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mqtt
labels:
app: frigate
spec:
replicas: 1
selector:
matchLabels:
app: mqtt
template:
metadata:
labels:
app: mqtt
spec:
containers:
- name: mqtt
image: eclipse-mosquitto
ports:
- name: mqtt
containerPort: 1883
- name: webui
containerPort: 9001
volumeMounts:
- name: mqtt-configmap
mountPath: /mosquitto/config/mosquitto.conf
subPath: mosquitto.conf
- name: mqtt-persistence
mountPath: /mosquitto/data
volumes:
- name: mqtt-configmap
configMap:
name: mqtt-configmap
- name: mqtt-persistence
persistentVolumeClaim:
claimName: mqtt-pvc
---
apiVersion: v1
kind: Service
metadata:
name: mqtt
labels:
app: frigate
spec:
type: NodePort
ports:
- name: mqtt
port: 1883
targetPort: mqtt
protocol: TCP
nodePort: 30000
- name: webui
port: 9001
targetPort: webui
protocol: TCP
nodePort: 30001
selector:
app: mqtt
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: mqtt-pv
labels:
pvc_type: mqtt-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: {{ .Values.mqtt.path }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mqtt-pvc
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
storageClassName: ""
volumeName: mqtt-pv
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mqtt-configmap
data:
mosquitto.conf: |-
{{ (tpl (.Files.Get "configs/mqtt.yaml") . ) | nindent 4 }}

101
templates/nextcloud.yaml Normal file
View file

@ -0,0 +1,101 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud
labels:
app: nextcloud
spec:
replicas: 1
selector:
matchLabels:
app: nextcloud
template:
metadata:
labels:
app: nextcloud
spec:
volumes:
- name: nextcloud-storage
persistentVolumeClaim:
claimName: nextcloud-pvc
containers:
- image: nextcloud:apache
name: cron
command:
- /cron.sh
volumeMounts:
- name: nextcloud-storage
mountPath: /var/www/html
- image: nextcloud:apache
name: nextcloud
ports:
- containerPort: 80
env:
- name: REDIS_HOST
value: redis
- name: MYSQL_HOST
value: postgres
- name: MYSQL_PORT
value: "5432"
- name: MYSQL_DATABASE
value: {{ .Values.pg.db }}
- name: MYSQL_PASSWORD
value: {{ .Values.pg.pass }}
- name: MYSQL_USER
value: {{ .Values.pg.user }}
- name: NEXTCLOUD_ADMIN_PASSWORD
value: {{ .Values.nextcloud.pass }}
- name: NEXTCLOUD_ADMIN_USER
value: "admin"
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: {{ .Values.nextcloud.url }}
- name: PHP_MEMORY_LIMIT
value: '2048G'
volumeMounts:
- mountPath: /var/www/html
name: nextcloud-storage
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nextcloud-pv
labels:
pvc_type: nextcloud-pv
spec:
capacity:
storage: 2500Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: {{ .Values.nextcloud.path }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-pvc
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
storageClassName: ""
volumeName: nextcloud-pv
resources:
requests:
storage: 2500Gi
---
apiVersion: v1
kind: Service
metadata:
name: nextcloud
labels:
app: nextcloud
spec:
clusterIP: None
ports:
- port: 80
name: nextcloud
protocol: TCP
type: ClusterIP
selector:
app: nextcloud

87
templates/postgres.yaml Normal file
View file

@ -0,0 +1,87 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: postgres-configuration
labels:
app: postgres
data:
POSTGRES_DB: {{ .Values.pg.db }}
POSTGRES_USER: {{ .Values.pg.user }}
POSTGRES_PASSWORD: {{ .Values.pg.pass }}
POSTGRES_INITDB_ARGS: "--locale=C --encoding=UTF-8"
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: postgres-pv
labels:
pvc_type: postgres-pv
spec:
capacity:
storage: 80Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: {{ .Values.pg.path }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
volumeMode: Filesystem
volumeName: postgres-pv
resources:
requests:
storage: 80Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres
labels:
app: postgres
spec:
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: postgres:14.6
envFrom:
- configMapRef:
name: postgres-configuration
ports:
- containerPort: 5432
name: postgres-tcp
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
volumes:
- name: data
persistentVolumeClaim:
claimName: postgres-pvc
---
apiVersion: v1
kind: Service
metadata:
name: postgres
labels:
app: postgres
spec:
clusterIP: None
ports:
- port: 5432
name: postgres-tcp
type: ClusterIP
selector:
app: postgres

36
templates/redis.yaml Normal file
View file

@ -0,0 +1,36 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: master
image: redis
env:
- name: MASTER
value: "true"
ports:
- containerPort: 6379
---
apiVersion: v1
kind: Service
metadata:
name: redis
spec:
clusterIP: None
ports:
- name: redis-port
port: 6379
targetPort: 6379
protocol: TCP
selector:
app: redis

224
templates/routing.yaml Normal file
View file

@ -0,0 +1,224 @@
#dop_v1_8b514aa82e4930e58f8098a54088a36c01af2fb6020b792f7a7fe4be694ddc52
# BIG NOTE
# CAMS AND FRIGATE REMAIN UNEXPOSED TO WEB
apiVersion: v1
kind: Secret
metadata:
name: digitalocean-dns
namespace: cert-manager
data:
access-token: {{ .Values.digitalocean.access }}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
email: ava@sunnypup.io
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: cert-issuer-account-key
solvers:
- dns01:
digitalocean:
tokenSecretRef:
name: digitalocean-dns
key: access-token
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: sunnypup-certs
spec:
secretName: sunnypup-certs
issuerRef:
name: letsencrypt
kind: ClusterIssuer
dnsNames:
- cloud.sunnypup.io
- office.sunnypup.io
- echo.sunnypup.io
- home.sunnypup.io
- hephaestus.sunnypup.io
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: smsm-certs
spec:
secretName: smsm-certs
issuerRef:
name: letsencrypt
kind: ClusterIssuer
dnsNames:
- stmatthew-sanmateo.org
---
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: forge
labels:
acme.cert-manager.io/http01-solver: "true"
spec:
host: hephaestus.sunnypup.io
tls:
cert-manager:
cluster-issuer: letsencrypt
secret: sunnypup-certs
redirect:
enable: true
upstreams:
- name: forge
service: forge
port: 3000
client-max-body-size: 10M
read-timeout: 120s
routes:
- path: /
action:
pass: forge
---
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: collabora
labels:
acme.cert-manager.io/http01-solver: "true"
spec:
host: office.sunnypup.io
tls:
cert-manager:
cluster-issuer: letsencrypt
secret: sunnypup-certs
redirect:
enable: true
upstreams:
- name: collabora
service: collabora-collabora-online
port: 9980
client-max-body-size: 1G
routes:
- path: /browser
action:
pass: collabora
- path: /hosting/discovery
action:
pass: collabora
- path: /hosting/capabilities
action:
pass: collabora
- path: /cool/adminws
action:
proxy:
upstream: collabora
requestHeaders:
pass: true
set:
- name: Connection
value: "Upgrade"
- name: Upgrade
value: "${http_upgrade}"
- path: ~ ^/cool/(.*)/ws$
action:
proxy:
upstream: collabora
requestHeaders:
pass: true
set:
- name: Connection
value: "Upgrade"
- name: Upgrade
value: "${http_upgrade}"
- path: /cool
action:
pass: collabora
---
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: homeassistant
labels:
acme.cert-manager.io/http01-solver: "true"
spec:
host: home.sunnypup.io
tls:
cert-manager:
cluster-issuer: letsencrypt
secret: sunnypup-certs
redirect:
enable: true
upstreams:
- name: homeassistant
service: homeassistant
port: 8123
routes:
- path: /
location-snippets: |
proxy_buffering off;
proxy_redirect http:// https://;
action:
proxy:
upstream: homeassistant
requestHeaders:
pass: true
---
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: echo
labels:
acme.cert-manager.io/http01-solver: "true"
spec:
host: echo.sunnypup.io
tls:
cert-manager:
cluster-issuer: letsencrypt
secret: sunnypup-certs
upstreams:
- name: echo
service: echo
port: 8080
routes:
- path: /
action:
pass: echo
---
apiVersion: k8s.nginx.org/v1
kind: VirtualServer
metadata:
name: nextcloud
labels:
acme.cert-manager.io/http01-solver: "true"
spec:
host: cloud.sunnypup.io
tls:
cert-manager:
cluster-issuer: letsencrypt
secret: sunnypup-certs
redirect:
enable: true
upstreams:
- name: nextcloud
service: nextcloud
port: 80
client-max-body-size: 4g
routes:
- path: /
action:
pass: nextcloud
---
apiVersion: k8s.nginx.org/v1
kind: TransportServer
metadata:
name: forge-ssh-passthrough
spec:
listener:
name: forge-ssh
protocol: TCP
upstreams:
- name: forge
service: forge
port: 22222
action:
pass: forge

15
templates/tests/test-connection.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "sunnypupio.fullname" . }}-test-connection"
labels:
{{- include "sunnypupio.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "sunnypupio.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

172
templates/wordpress.yaml Normal file
View file

@ -0,0 +1,172 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: mysql-pv
labels:
pvc_type: mysql-pv
spec:
capacity:
storage: 20Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: {{ .Values.wordpress.db.path }}
---
apiVersion: v1
kind: Service
metadata:
name: wordpress-mysql
labels:
app: wordpress
spec:
ports:
- port: 3306
selector:
app: wordpress
tier: mysql
clusterIP: None
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pv-claim
labels:
app: wordpress
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
storageClassName: ""
volumeName: mysql-pv
resources:
requests:
storage: 20Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress-mysql
labels:
app: wordpress
spec:
selector:
matchLabels:
app: wordpress
tier: mysql
strategy:
type: Recreate
template:
metadata:
labels:
app: wordpress
tier: mysql
spec:
containers:
- image: mysql:8.0
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
value: {{ .Values.wordpress.db.rootpassword }}
- name: MYSQL_DATABASE
value: wordpress
- name: MYSQL_USER
value: wordpress
- name: MYSQL_PASSWORD
value: {{ .Values.wordpress.db.password }}
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
volumes:
- name: mysql-persistent-storage
persistentVolumeClaim:
claimName: mysql-pv-claim
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: wordpress-pv
labels:
pvc_type: wordpress-pv
spec:
capacity:
storage: 20Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: {{ .Values.wordpress.path }}
---
apiVersion: v1
kind: Service
metadata:
name: wordpress
labels:
app: wordpress
spec:
ports:
- port: 80
selector:
app: wordpress
tier: frontend
type: LoadBalancer
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: wp-pv-claim
labels:
app: wordpress
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
storageClassName: ""
volumeName: wordpress-pv
resources:
requests:
storage: 20Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress
labels:
app: wordpress
spec:
selector:
matchLabels:
app: wordpress
tier: frontend
strategy:
type: Recreate
template:
metadata:
labels:
app: wordpress
tier: frontend
spec:
containers:
- image: wordpress:6.2.1-apache
name: wordpress
env:
- name: WORDPRESS_DB_HOST
value: wordpress-mysql
- name: WORDPRESS_DB_PASSWORD
value: {{ .Values.wordpress.db.password }}
- name: WORDPRESS_DB_USER
value: wordpress
ports:
- containerPort: 80
name: wordpress
volumeMounts:
- name: wordpress-persistent-storage
mountPath: /var/www/html
volumes:
- name: wordpress-persistent-storage
persistentVolumeClaim:
claimName: wp-pv-claim

70
values.yaml Normal file
View file

@ -0,0 +1,70 @@
# Default values for sunnypup.io.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: nginx
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
service:
type: ClusterIP
port: 80
autoscaling:
enabled: false
pg:
pass: ""
user: sunnypup
db: sunnypup
path: "/srv/sunnypup/pg/"
nextcloud:
url: cloud.sunnypup.io
path: "/srv/sunnypup/nextcloud"
pass: ""
frigate:
mediapath: "/cam/media"
confpath: "/cam/config"
mqtt:
path: "/srv/sunnypup/mqtt"
wordpress:
path: "/srv/sunnypup/wordpress/site"
db:
path: "/srv/sunnypup/wordpress/db"
password: ""
rootpassword: ""
digitalocean:
access: ""
mqtt:
path: "/srv/sunnypup/mqtt"
host: ""
port: 30000
user: ""
password: ""
forge:
path: "/srv/sunnypup/forge"
secret: ""