DGSE/kubernetes
1
0
Fork 0
Code Issues 3 Pull Requests 8 Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: DGSE:renovate/argoproj-argo-cd-3.x
Branches Tags
DGSE:main DGSE:renovate/nextcloud-8.x DGSE:renovate/vaultwarden-0.x DGSE:renovate/penpot-0.x DGSE:renovate/external-secrets-2.x DGSE:renovate/cloudnative-pg-0.x DGSE:renovate/external-secrets-1.x DGSE:renovate/argoproj-argo-cd-3.x DGSE:renovate/vault-0.x
...
pull from: DGSE:main
Branches Tags
DGSE:renovate/nextcloud-8.x DGSE:renovate/vaultwarden-0.x DGSE:renovate/penpot-0.x DGSE:renovate/external-secrets-2.x DGSE:renovate/cloudnative-pg-0.x DGSE:renovate/external-secrets-1.x DGSE:main DGSE:renovate/argoproj-argo-cd-3.x DGSE:renovate/vault-0.x

6 Commits
renovate/a ... main

Author SHA1 Message Date
Daniël Groothuis
9073ff9094 chore(osx): Added OSX container 2026-02-02 11:52:14 +01:00
Daniël Groothuis
52b3ee5eaa chore(osx): Added OSX container 2026-02-02 11:51:30 +01:00
Daniël Groothuis
078148732b chore(osx): Added OSX container 2026-02-02 11:47:26 +01:00
Daniël Groothuis
5a5caf45ee chore(osx): Added OSX container 2026-02-02 11:46:29 +01:00
Daniël Groothuis
2080d3d913 chore(osx): Added OSX container 2026-02-02 11:43:49 +01:00
Daniël Groothuis
797dc958d2 chore(osx): Added OSX container 2026-02-02 11:39:46 +01:00
23 changed files with 208 additions and 444 deletions
Expand all files Collapse all files

6
clusters/artemis/apps/osx/app-project.yaml → clusters/artemis/apps/kaneo/app-project.yaml
View File

@@ -2,15 +2,15 @@
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: AppProject kind: AppProject
metadata: metadata:
name: osx name: kaneo
spec: spec:
description: osx container to proxy shortcuts description: Project Management
sourceRepos: sourceRepos:
- '*' - '*'
sourceNamespaces: sourceNamespaces:
- '*' - '*'
destinations: destinations:
- namespace: 'osx' - namespace: 'kaneo'
server: '*' server: '*'
clusterResourceWhitelist: clusterResourceWhitelist:
- group: '*' - group: '*'

10
clusters/artemis/apps/osx/application.yaml → clusters/artemis/apps/kaneo/application.yaml
View File

@@ -1,20 +1,20 @@
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: Application kind: Application
metadata: metadata:
name: osx name: kaneo
namespace: osx namespace: kaneo
labels: labels:
platform.dgse.cloud/cluster: artemis platform.dgse.cloud/cluster: artemis
finalizers: finalizers:
- resources-finalizer.argocd.argoproj.io - resources-finalizer.argocd.argoproj.io
spec: spec:
project: osx project: kaneo
source: source:
repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git' repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
path: manifests/artemis/osx path: manifests/artemis/kaneo
targetRevision: main targetRevision: main
destination: destination:
namespace: osx namespace: kaneo
name: in-cluster name: in-cluster
syncPolicy: syncPolicy:
syncOptions: syncOptions:

0
clusters/artemis/apps/osx/kustomization.yaml → clusters/artemis/apps/kaneo/kustomization.yaml
View File

4
clusters/artemis/apps/kustomization.yaml
View File

@@ -13,9 +13,7 @@ resources:
- pocket-id - pocket-id
- vaultwarden - vaultwarden
- mailu - mailu
# - ntfy
- penpot - penpot
- immich - immich
- digital-garden - digital-garden
# - nextcloud - kaneo
# - osx

16
manifests/artemis/kaneo/kustomization.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
name: kaneo
#resources:
# - secret.yaml
helmCharts:
- name: charts/kaneo
repo: https://github.com/usekaneo/kaneo
version: 0.1.0
releaseName: kaneo
namespace: kaneo
valuesFile: values.yaml

183
manifests/artemis/kaneo/values.yaml Normal file
View File

@@ -0,0 +1,183 @@
# Global values
nameOverride: ""
fullnameOverride: ""
replicaCount: 1
# Autoscaling configuration
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 10
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# Pod configuration
podAnnotations: {}
podSecurityContext: {}
nodeSelector: {}
tolerations: []
affinity: {}
# Service account configuration
serviceAccount:
create: true
annotations: {}
name: ""
# PostgreSQL database configuration
postgresql:
# Set to true to deploy PostgreSQL as part of this chart
enabled: true
image:
repository: postgres
tag: 16-alpine
pullPolicy: IfNotPresent
# Database configuration
auth:
database: kaneo
username: kaneo_user
password: kaneo_password
# Use existing secret for database credentials (optional)
existingSecret: ""
secretKeys:
adminPasswordKey: postgres-password
userPasswordKey: password
# Persistence for PostgreSQL data
persistence:
enabled: true
size: 8Gi
storageClass: ""
accessMode: ReadWriteOnce
# PostgreSQL service configuration
service:
type: ClusterIP
port: 5432
# Resources for PostgreSQL
resources: {}
# resources:
# limits:
# cpu: 500m
# memory: 512Mi
# requests:
# cpu: 100m
# memory: 128Mi
# API backend configuration
api:
image:
repository: ghcr.io/usekaneo/api
tag: latest
pullPolicy: IfNotPresent
securityContext: {}
service:
type: ClusterIP
port: 1337
targetPort: 1337
# Resources are optional and disabled by default
resources: {}
# resources:
# limits:
# cpu: 500m
# memory: 512Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Environment variables for the API
env:
jwtAccess: appelflap
existingSecret:
enabled: false
name: ""
key: jwt-access
disableRegistration: false
# Database configuration
database:
# Use external PostgreSQL (set postgresql.enabled to false)
# Important: when using external postgres, make sure you have set up the db user correctly:
# CREATE DATABASE kaneo;
# CREATE USER kaneo_user WITH PASSWORD 'your_password';
# GRANT ALL PRIVILEGES ON DATABASE kaneo TO kaneo_user;
# \c kaneo;
# GRANT USAGE ON SCHEMA public TO kaneo_user;
# GRANT CREATE ON SCHEMA public TO kaneo_user;
# ALTER SCHEMA public OWNER TO kaneo_user;
external:
enabled: false
host: ""
port: 5432
database: kaneo
username: kaneo_user
password: ""
# Use existing secret for external database credentials in the form of a uri, e.g.: "postgresql://user:pass@host:port/db"
existingSecret:
enabled: false
name: ""
passwordKey: postgres_uri
livenessProbe:
httpGet:
path: /me
port: api
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /me
port: api
initialDelaySeconds: 5
periodSeconds: 10
# Web frontend configuration
web:
image:
repository: ghcr.io/usekaneo/web
tag: latest
pullPolicy: IfNotPresent
# Environment variables for the Web
env:
# Optional: Override the default API URL (http://localhost:1337)
# The /api path will be automatically appended to the URL
# Make sure this url matches the ingress host
# apiUrl: "https://kaneo.example.com"
apiUrl: ""
securityContext: {}
service:
type: ClusterIP
port: 80
targetPort: 80
# Resources are optional and disabled by default
resources: {}
# resources:
# limits:
# cpu: 300m
# memory: 256Mi
# requests:
# cpu: 100m
# memory: 128Mi
livenessProbe:
httpGet:
path: /
port: web
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /
port: web
initialDelaySeconds: 5
periodSeconds: 10
# Ingress configuration
ingress:
enabled: true
className: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt
hosts:
# Use the same host in the web env variable apiUrl (with http:// or https://)
- host: projects.dgse.cloud
paths:
- path: /?(.*)
pathType: ImplementationSpecific
service: web
port: 80
- path: /api/?(.*)
pathType: ImplementationSpecific
service: api
port: 1337
tls:
- projects.dgse.cloud

21
manifests/artemis/kener/db-cluster.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: kener-postgres
spec:
instances: 1
managed:
roles:
- name: kener
superuser: true
login: true
bootstrap:
initdb:
database: kener
owner: kener
secret:
name: kener-postgres-user
storage:
size: 4Gi
storageClass: local-path

79
manifests/artemis/kener/deployment.yaml
View File

@@ -1,79 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kener
spec:
selector:
matchLabels:
app: kener
template:
metadata:
labels:
app: kener
spec:
containers:
- name: kener
image: rajnandan1/kener:latest
ports:
- containerPort: 3000
name: http
volumeMounts:
- name: kener-uploads
mountPath: "/app/uploads"
env:
- name: ORIGIN
valueFrom:
secretKeyRef:
name: kener-secret
key: ORIGIN
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: kener-secret
key: DATABASE_URL
- name: KENER_SECRET_KEY
valueFrom:
secretKeyRef:
name: kener-secret
key: KENER_SECRET_KEY
- name: SMTP_HOST
valueFrom:
secretKeyRef:
name: kener-secret
key: SMTP_HOST
- name: SMTP_PORT
valueFrom:
secretKeyRef:
name: kener-secret
key: SMTP_PORT
- name: SMTP_USER
valueFrom:
secretKeyRef:
name: kener-secret
key: SMTP_USER
- name: SMTP_PASS
valueFrom:
secretKeyRef:
name: kener-secret
key: SMTP_PASS
- name: SMTP_SECURE
valueFrom:
secretKeyRef:
name: kener-secret
key: SMTP_SECURE
- name: SMTP_FROM_EMAIL
valueFrom:
secretKeyRef:
name: kener-secret
key: SMTP_FROM_EMAIL
- name: TZ
valueFrom:
secretKeyRef:
name: kener-secret
key: TZ
volumes:
- name: kener-uploads
persistentVolumeClaim:
claimName: kener-pvc

22
manifests/artemis/kener/ingress.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt
name: kener-ingress
spec:
rules:
- host: monitor.dgse.cloud
http:
paths:
- backend:
service:
name: kener
port:
number: 3000
path: /
pathType: Prefix
tls:
- hosts:
- monitor.dgse.cloud
secretName: letsencrypt

13
manifests/artemis/kener/kustomization.yaml
View File

@@ -1,13 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
name: kener
resources:
- secret.yaml
- db-cluster.yaml
- service.yaml
- pvc.yaml
- deployment.yaml
- ingress.yaml

11
manifests/artemis/kener/pvc.yaml
View File

@@ -1,11 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kener-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi

74
manifests/artemis/kener/secret.yaml
View File

@@ -1,74 +0,0 @@
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: kener-secret
spec:
refreshInterval: 1h
secretStoreRef:
name: platform
kind: ClusterSecretStore
target:
name: kener-secret
data:
- secretKey: ORIGIN
remoteRef:
key: kener
property: ORIGIN
- secretKey: DATABASE_URL
remoteRef:
key: kener
property: DATABASE_URL
- secretKey: KENER_SECRET_KEY
remoteRef:
key: kener
property: KENER_SECRET_KEY
- secretKey: SMTP_HOST
remoteRef:
key: kener
property: SMTP_HOST
- secretKey: SMTP_PORT
remoteRef:
key: kener
property: SMTP_PORT
- secretKey: SMTP_USER
remoteRef:
key: kener
property: SMTP_USER
- secretKey: SMTP_PASS
remoteRef:
key: kener
property: SMTP_PASS
- secretKey: SMTP_SECURE
remoteRef:
key: kener
property: SMTP_SECURE
- secretKey: SMTP_FROM_EMAIL
remoteRef:
key: kener
property: SMTP_FROM_EMAIL
- secretKey: TZ
remoteRef:
key: kener
property: TZ
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: kener-postgres-user
spec:
refreshInterval: 1h
secretStoreRef:
name: platform
kind: ClusterSecretStore
target:
name: kener-postgres-user
data:
- secretKey: username
remoteRef:
key: kener
property: postgres_username
- secretKey: password
remoteRef:
key: kener
property: postgres_password

12
manifests/artemis/kener/service.yaml
View File

@@ -1,12 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: kener
spec:
selector:
app: kener
ports:
- protocol: TCP
port: 3000
targetPort: 3000

8
manifests/artemis/ntfy/basicauth.yaml
View File

@@ -1,8 +0,0 @@
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: basic-auth
spec:
basicAuth:
secret: basic-auth

12
manifests/artemis/ntfy/configmap.yaml
View File

@@ -1,12 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ntfy
data:
server.yml: |
# Template: https://github.com/binwiederhier/ntfy/blob/main/server/server.yml
base-url: https://notifications.dgse.cloud
enable-login: true
enable-signup: false
upstream-base-url: "https://ntfy.sh"

33
manifests/artemis/ntfy/deployment.yaml
View File

@@ -1,33 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ntfy
spec:
selector:
matchLabels:
app: ntfy
template:
metadata:
labels:
app: ntfy
spec:
containers:
- name: ntfy
image: binwiederhier/ntfy
args: ["serve"]
resources:
limits:
memory: "128Mi"
cpu: "500m"
ports:
- containerPort: 80
name: http
volumeMounts:
- name: config
mountPath: "/etc/ntfy"
readOnly: true
volumes:
- name: config
configMap:
name: ntfy

18
manifests/artemis/ntfy/ingress.yaml
View File

@@ -1,18 +0,0 @@
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: ntfy-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`notifications.dgse.cloud`)
kind: Rule
middlewares:
- name: basic-auth
services:
- name: ntfy
port: 80
tls:
secretName: letsencrypt

12
manifests/artemis/ntfy/service.yaml
View File

@@ -1,12 +0,0 @@
---
# Basic service for port 80
apiVersion: v1
kind: Service
metadata:
name: ntfy
spec:
selector:
app: ntfy
ports:
- port: 80
targetPort: 80

58
manifests/artemis/osx/deployment.yaml
View File

@@ -1,58 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: macos
labels:
name: macos
spec:
replicas: 1
selector:
matchLabels:
app: macos
template:
metadata:
labels:
app: macos
spec:
containers:
- name: macos
image: dockurr/macos
env:
- name: VERSION
value: "14"
- name: DISK_SIZE
value: "64G"
- name: KVM
value: "N"
ports:
- containerPort: 8006
name: http
protocol: TCP
- containerPort: 5900
name: vnc
protocol: TCP
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: true
volumeMounts:
- mountPath: /storage
name: storage
- mountPath: /dev/kvm
name: dev-kvm
- mountPath: /dev/net/tun
name: dev-tun
terminationGracePeriodSeconds: 120
volumes:
- name: storage
persistentVolumeClaim:
claimName: macos-pvc
- hostPath:
path: /dev/kvm
name: dev-kvm
- hostPath:
path: /dev/net/tun
type: CharDevice
name: dev-tun

22
manifests/artemis/osx/ingress.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt
name: osx-ingress
spec:
rules:
- host: osx.dgse.cloud
http:
paths:
- backend:
service:
name: macos
port:
number: 8006
path: /
pathType: Prefix
tls:
- hosts:
- osx.dgse.cloud
secretName: letsencrypt

8
manifests/artemis/osx/kustomization.yaml
View File

@@ -1,8 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- service.yaml
- deployment.yaml
- pvc.yaml

11
manifests/artemis/osx/pvc.yaml
View File

@@ -1,11 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: macos-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 64Gi

19
manifests/artemis/osx/service.yaml
View File

@@ -1,19 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: macos
spec:
internalTrafficPolicy: Cluster
ports:
- name: http
port: 8006
protocol: TCP
targetPort: 8006
- name: vnc
port: 5900
protocol: TCP
targetPort: 5900
selector:
app: macos
type: ClusterIP