From 9a354489ace8993ce3b2fdd2f47ee019371ea9e5 Mon Sep 17 00:00:00 2001 From: sjenkins Date: Sun, 23 Feb 2025 15:24:32 -0600 Subject: [PATCH] init commit --- doks_spaces/secret-setup.sh | 27 ++++ firmware/configMap.yaml | 50 ++++++++ firmware/deployment.yaml | 55 ++++++++ firmware/persistentVolumeClaim.yaml | 12 ++ firmware/service.yaml | 13 ++ phpIPAM/deployment.yaml | 88 +++++++++++++ phpIPAM/mariadb/deployment.yaml | 68 ++++++++++ phpIPAM/mariadb/secret-setup.sh | 21 +++ phpIPAM/persistentVolumeClaim.yaml | 12 ++ phpIPAM/service.yaml | 13 ++ snipeit/ReadMe.md | 191 ++++++++++++++++++++++++++++ snipeit/mariadb/deployment.yaml | 67 ++++++++++ snipeit/mariadb/job.yaml | 29 +++++ snipeit/mariadb/secret-setup.sh | 21 +++ snipeit/secret-setup.sh | 42 ++++++ snipeit/values.yaml | 146 +++++++++++++++++++++ unifi/deployment.yaml | 118 +++++++++++++++++ unifi/mongodb/deployment.yaml | 119 +++++++++++++++++ unifi/mongodb/secret-setup.sh | 34 +++++ 19 files changed, 1126 insertions(+) create mode 100644 doks_spaces/secret-setup.sh create mode 100644 firmware/configMap.yaml create mode 100644 firmware/deployment.yaml create mode 100644 firmware/persistentVolumeClaim.yaml create mode 100644 firmware/service.yaml create mode 100644 phpIPAM/deployment.yaml create mode 100644 phpIPAM/mariadb/deployment.yaml create mode 100755 phpIPAM/mariadb/secret-setup.sh create mode 100644 phpIPAM/persistentVolumeClaim.yaml create mode 100644 phpIPAM/service.yaml create mode 100644 snipeit/ReadMe.md create mode 100644 snipeit/mariadb/deployment.yaml create mode 100644 snipeit/mariadb/job.yaml create mode 100755 snipeit/mariadb/secret-setup.sh create mode 100755 snipeit/secret-setup.sh create mode 100644 snipeit/values.yaml create mode 100644 unifi/deployment.yaml create mode 100644 unifi/mongodb/deployment.yaml create mode 100755 unifi/mongodb/secret-setup.sh diff --git a/doks_spaces/secret-setup.sh b/doks_spaces/secret-setup.sh new file mode 100644 index 0000000..cce4dac --- /dev/null +++ b/doks_spaces/secret-setup.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +# Static variables +ENDPOINT="https://ams3.digitaloceanspaces.com" + +# Prompt user for access key ID and secret access key +read -p "Enter access key ID: " ACCESS_KEY_ID +read -sp "Enter secret access key: " SECRET_ACCESS_KEY +echo "" + +# Ensure the keys are not empty +if [[ -z "$ACCESS_KEY_ID" || -z "$SECRET_ACCESS_KEY" ]]; then + echo "Error: Access key ID and secret access key are required." + exit 1 +fi + +# Define namespace +NAMESPACE="csi-s3" + +# Create the Kubernetes secret +kubectl create secret generic csi-s3-secret \ + --from-literal=accessKeyID="$ACCESS_KEY_ID" \ + --from-literal=secretAccessKey="$SECRET_ACCESS_KEY" \ + --from-literal=endpoint="$ENDPOINT" \ + --namespace="$NAMESPACE" + +echo "✅ CSI S3 secret created successfully in namespace '$NAMESPACE'." \ No newline at end of file diff --git a/firmware/configMap.yaml b/firmware/configMap.yaml new file mode 100644 index 0000000..aa93c35 --- /dev/null +++ b/firmware/configMap.yaml @@ -0,0 +1,50 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-config + namespace: firmware +data: + nginx.conf: | + user nginx; + worker_processes 1; + + error_log /var/log/nginx/error.log warn; + pid /var/run/nginx.pid; + + events { + worker_connections 1024; + } + + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + include /etc/nginx/conf.d/*.conf; + } + + default.conf: | + server { + listen 80; + server_name localhost; + root /usr/share/nginx/html; + + #charset koi8-r; + #access_log /var/log/nginx/host.access.log main; + + location / { + autoindex on; + autoindex_exact_size off; + autoindex_localtime on; + } + } \ No newline at end of file diff --git a/firmware/deployment.yaml b/firmware/deployment.yaml new file mode 100644 index 0000000..d26fe12 --- /dev/null +++ b/firmware/deployment.yaml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: firmware + namespace: firmware +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx + resources: + limits: + memory: "50Mi" + cpu: "50m" + requests: + memory: "5Mi" + cpu: "10m" + volumeMounts: + - mountPath: /usr/share/nginx/html + name: data-volume + readOnly: true + - mountPath: /etc/nginx/nginx.conf + name: nginx-conf + subPath: nginx.conf + readOnly: true + - mountPath: /etc/nginx/conf.d/default.conf + name: default-conf + subPath: default.conf + readOnly: true + ports: + - containerPort: 80 + volumes: + - name: data-volume + persistentVolumeClaim: + claimName: firmware-csi-s3-pvc + - name: nginx-conf + configMap: + name: nginx-config + items: + - key: nginx.conf + path: nginx.conf + - name: default-conf + configMap: + name: nginx-config + items: + - key: default.conf + path: default.conf \ No newline at end of file diff --git a/firmware/persistentVolumeClaim.yaml b/firmware/persistentVolumeClaim.yaml new file mode 100644 index 0000000..6096b3c --- /dev/null +++ b/firmware/persistentVolumeClaim.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: firmware-csi-s3-pvc + namespace: firmware +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 5Gi + storageClassName: csi-s3 \ No newline at end of file diff --git a/firmware/service.yaml b/firmware/service.yaml new file mode 100644 index 0000000..1db2b05 --- /dev/null +++ b/firmware/service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: firmware + namespace: firmware +spec: + selector: + app: nginx + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: NodePort \ No newline at end of file diff --git a/phpIPAM/deployment.yaml b/phpIPAM/deployment.yaml new file mode 100644 index 0000000..cd1b00d --- /dev/null +++ b/phpIPAM/deployment.yaml @@ -0,0 +1,88 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phpipam-web + namespace: phpipam +spec: + replicas: 1 + selector: + matchLabels: + app: phpipam-web + template: + metadata: + labels: + app: phpipam-web + spec: + containers: + - name: phpipam-web + image: phpipam/phpipam-www:latest + ports: + - containerPort: 80 + env: + - name: TZ + value: "America/Chicago" + - name: IPAM_DATABASE_HOST + value: "mariadb" + - name: IPAM_DATABASE_PASS + valueFrom: + secretKeyRef: + name: mariadb-secret + key: root-password + - name: IPAM_DATABASE_WEBHOST + value: "%" + - name: IPAM_TRUST_X_FORWARDED + value: "true" + - name: IPAM_DISABLE_INSTALLER + value: "1" + resources: + limits: + memory: "512Mi" + cpu: "500m" + requests: + memory: "50Mi" + cpu: "50m" + volumeMounts: + - mountPath: /migrate + name: phpipam-migrate + volumes: + - name: phpipam-migrate + persistentVolumeClaim: + claimName: ipam-csi-s3-pvc +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phpipam-cron + namespace: phpipam +spec: + replicas: 1 + selector: + matchLabels: + app: phpipam-cron + template: + metadata: + labels: + app: phpipam-cron + spec: + containers: + - name: phpipam-cron + image: phpipam/phpipam-cron:latest + env: + - name: TZ + value: "America/Chicago" + - name: IPAM_DATABASE_HOST + value: "phpipam-mariadb" + - name: IPAM_DATABASE_PASS + valueFrom: + secretKeyRef: + name: mariadb-secret + key: root-password + - name: SCAN_INTERVAL + value: "1h" + resources: + limits: + memory: "256Mi" + cpu: "250m" + requests: + memory: "25Mi" + cpu: "25m" \ No newline at end of file diff --git a/phpIPAM/mariadb/deployment.yaml b/phpIPAM/mariadb/deployment.yaml new file mode 100644 index 0000000..3f3b24c --- /dev/null +++ b/phpIPAM/mariadb/deployment.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mariadb-pvc + namespace: phpipam +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: do-block-storage + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mariadb + namespace: phpipam +spec: + replicas: 1 + selector: + matchLabels: + app: mariadb + template: + metadata: + labels: + app: mariadb + spec: + containers: + - name: mariadb + image: mariadb:10.6 + ports: + - containerPort: 3306 + env: + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mariadb-secret + key: root-password + resources: + limits: + memory: "1Gi" + cpu: "1000m" + requests: + memory: "200Mi" + cpu: "200m" + volumeMounts: + - name: mariadb-storage + mountPath: /var/lib/mysql + volumes: + - name: mariadb-storage + persistentVolumeClaim: + claimName: mariadb-pvc + +--- +apiVersion: v1 +kind: Service +metadata: + name: mariadb + namespace: phpipam +spec: + ports: + - port: 3306 + targetPort: 3306 + selector: + app: mariadb + clusterIP: None diff --git a/phpIPAM/mariadb/secret-setup.sh b/phpIPAM/mariadb/secret-setup.sh new file mode 100755 index 0000000..21fc01a --- /dev/null +++ b/phpIPAM/mariadb/secret-setup.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# Prompt user for MariaDB root password +read -sp "Enter MariaDB root password: " ROOT_PASSWORD +echo "" + +# Ensure the password is not empty +if [[ -z "$ROOT_PASSWORD" ]]; then + echo "Error: Password cannot be empty." + exit 1 +fi + +# Define namespace +NAMESPACE="phpipam" + +# Create the Kubernetes secret +kubectl create secret generic mariadb-secret \ + --from-literal=root-password="$ROOT_PASSWORD" \ + --namespace="$NAMESPACE" + +echo "✅ MariaDB secret created successfully in namespace '$NAMESPACE'." \ No newline at end of file diff --git a/phpIPAM/persistentVolumeClaim.yaml b/phpIPAM/persistentVolumeClaim.yaml new file mode 100644 index 0000000..ffac63c --- /dev/null +++ b/phpIPAM/persistentVolumeClaim.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: ipam-csi-s3-pvc + namespace: phpipam +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 5Gi + storageClassName: csi-s3 \ No newline at end of file diff --git a/phpIPAM/service.yaml b/phpIPAM/service.yaml new file mode 100644 index 0000000..f9dd4e7 --- /dev/null +++ b/phpIPAM/service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: phpipam-web + namespace: phpipam +spec: + selector: + app: phpipam-web + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: NodePort \ No newline at end of file diff --git a/snipeit/ReadMe.md b/snipeit/ReadMe.md new file mode 100644 index 0000000..d2dd3e1 --- /dev/null +++ b/snipeit/ReadMe.md @@ -0,0 +1,191 @@ +# Snipe-IT + +[Snipeit-IT](http://www.snipeitapp.com) is free open source IT asset/license management system + +## Generate config.snipeit.key + +In order for Snipe-IT to work correctly you need to set the yaml-key config.snipeit.key in the values.yaml. +This must be a Base64 Encoded key, which you have to set *before deploying* this Chart. +``` +$ docker run -i -t snipe/snipe-it php artisan key:generate --show +``` +Then set the generated key from the output with *--set config.snipeit.key* when you're deploying. +## TL;DR; +``` +$ helm repo add t3n https://storage.googleapis.com/t3n-helm-charts +$ helm install t3n/snipeit --set config.snipeit.key="base64:....." +``` + +## Introduction + +This chart bootstraps a [Snipe-IT](https://github.com/snipe/snipe-it) +deployment on a [Kubernetes](http://kubernetes.io) cluster using the +[Helm](https://helm.sh) package manager. + +## Installing the Chart + +To install the chart with the release name `my-release`: + +``` +$ helm install --name my-release t3n/snipeit --set config.snipeit.key="base64:....." +``` + +The command deploys Snipe-IT on the Kubernetes cluster in the default +configuration. The [configuration](#configuration) section lists the parameters +that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +``` +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and +deletes the release. + +## Configuration + +The following table lists the configurable parameters of the Snipe-IT chart +and their default values. + +| Parameter | Description | Default | +|--------------------------------------|-------------------------------------------------------|--------------------------------| +| `config.mysql.externalDatabase.user` | Username of external MySQL Database User | `snipeit` | +| `config.mysql.externalDatabase.pass` | Password of external MySQL Database User | `""` | +| `config.mysql.externalDatabase.name` | Name of external MySQL Database | `db-snipeit` | +| `config.mysql.externalDatabase.host` | Hostname/IP of external MySQL Database | `mysql` | +| `config.mysql.externalDatabase.port` | Port of external MySQL Database | `3306` | +| `config.snipeit.env` | Snipe-IT Environment to use | `production` | +| `config.snipeit.debug` | Whether to enable Debug mode or not | `false` | +| `config.snipeit.url` | URL of Snipe-IT | `http://snipeit.example.local` | +| `config.snipeit.key` | Application-Key for Snipe-IT | `""` | +| `config.snipeit.timezone` | Snipe-IT Timezone | `Europe/Berlin` | +| `config.snipeit.locale` | Snipe-IT Locale | `en` | +| `config.snipeit.envConfig` | Configure Environment Values | `{}` | +| `config.externalSecrets ` | External Secrets to for db configuration | `[]` | +| `image.repository` | Image Repository | `snipe/snipe-it` | +| `image.tag` | Image Tag | `4.6.16` | +| `image.pullPolicy` | Image Pull Policy | `IfNotPresent` | +| `ingress.enabled` | Whether or not to enable Ingress | `true` | +| `ingress.className` | Ingress Class Name | `""` | +| `ingress.annotations` | Custom Ingress Annotations | `{}` | +| `ingress.path` | Root Path for the Ingress Ressource | `/` | +| `ingress.hosts` | URL where Snipe-IT will be accessed | `example.local` | +| `ingress.tls` | Configuration for SecretName and TLS-Hosts | `[]` | +| `mysql.enabled` | Whether or not to deploy a MySQL Deployment | `true` | +| `mysql.mysqlUser` | MySQL User to create | `snipeit` | +| `mysql.mysqlPassword` | MySQL Password for the User | `""` | +| `mysql.mysqlDatabase` | Name of MySQL Database to create | `db-snipeit` | +| `mysql.persistence.enabled` | Whether or not to enable Persistence | `true` | +| `mysql.persistence.storageClass` | StorageClass for MySQL Deployment persistence | `""` | +| `mysql.persistence.accessMode` | Access Mode of PV | `ReadWriteOnce` | +| `mysql.persistence.size` | Size of the PV | `8Gi` | +| `persistence.enabled` | Whether or not Snipe-IT Data should be persisted | `true` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `persistence.size` | Size of the persistent Snipe-IT Volume | `2Gi` | +| `replicaCount` | Number of Snipe-IT Pods to run | `1` | +| `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` | +| `revisionHistoryLimit` | The number of old Replicas to keep to allow rollback. | `0` | +| `service.type` | Type of service to create | `ClusterIP` | +| `service.annotations` | Annotations of service to create | `{}` | +| `service.clusterIP` | Internal cluster service IP | `nil` | +| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `nil` | +| `service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to lb (if supported) | `[]` | +| `service.externalIPs` | service external IP addresses | `[]` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `affinity` | Affinity settings for pod assignment | `{}` | +| `extraManifests` | Add additional manifests to deploy | `[]` | +| `extraVolumeMounts` | Additional volumeMounts to the container | `[]` | +| `extraVolume` | Additional volumes to the pod | `[]` | +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +``` +$ helm install --name my-release \ + --set service.type=LoadBalancer \ + t3n/snipeit +``` + +The above command sets the service type LoadBalancer. + +Alternatively, a YAML file that specifies the values for the above parameters +can be provided while installing the chart. For example, + +``` +$ helm install --name my-release -f values.yaml t3n/snipeit +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +### Persistence + +The Snipe-IT image stores persistence under `/var/lib/snipeit` path of the +container. A dynamically managed Persistent Volume Claim is used to keep the +data across deployments, by default. This is known to work in GCE, AWS, and +minikube. +Alternatively, a previously configured Persistent Volume Claim can be used. + + +#### Existing PersistentVolumeClaim + +1. Create the PersistentVolume +1. Create the PersistentVolumeClaim +1. Install the chart + +```bash +$ helm install --name my-release \ + --set persistence.existingClaim=PVC_NAME \ + t3n/snipeit +``` + +### Custom Environment Values + +Snipe-IT uses `.env` file to store configuration variables. This includes +Email configuration, advanced configurations like proxy, login throttling etc. +To override the default values for these variables, use the `config.snipeit.envConfig`. + +```yaml +config: + snipeit: + envConfig: + MAIL_HOST: smtp.example.com + MAIL_PORT: 25 + MAIL_USERNAME: username + MAIL_PASSWORD: password + MAIL_FROM_ADDR: snipeit@example.com + MAIL_FROM_NAME: Snipe-IT +``` + +### External Secrets + +To use manually created secrets for the database configuration, use the `config.externalSecret`. +You can create a secret with the following command: + +```bash +kubectl create secret generic my-db-secret \ + --from-literal=MYSQL_USER= \ + --from-literal=MYSQL_DATABASE= \ + --from-literal=MYSQL_PASSWORD= \ + --from-literal=MYSQL_PORT_3306_TCP_ADDR= \ + --from-literal=MYSQL_PORT_3306_TCP_PORT= \ + --from-literal=APP_KEY= +``` + +## Additional manifests +It is possible to add additional manifests into a deployment, to extend the chart. One of the reason is to deploy a manifest specific to a cloud provider ( BackendConfig on GKE for example ). + +```yaml +extraManifests: + - apiVersion: cloud.google.com/v1beta1 + kind: BackendConfig + metadata: + name: "{{ .Release.Name }}-test" + spec: + securityPolicy: + name: "gcp-cloud-armor-policy-test" +``` \ No newline at end of file diff --git a/snipeit/mariadb/deployment.yaml b/snipeit/mariadb/deployment.yaml new file mode 100644 index 0000000..f906306 --- /dev/null +++ b/snipeit/mariadb/deployment.yaml @@ -0,0 +1,67 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mariadb-pvc + namespace: snipeit +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: do-block-storage + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mariadb + namespace: snipeit +spec: + replicas: 1 + selector: + matchLabels: + app: mariadb + template: + metadata: + labels: + app: mariadb + spec: + containers: + - name: mariadb + image: mariadb:10.6 + ports: + - containerPort: 3306 + env: + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mariadb-secret + key: root-password + resources: + limits: + memory: "1Gi" + cpu: "1000m" + requests: + memory: "200Mi" + cpu: "50m" + volumeMounts: + - name: mariadb-storage + mountPath: /var/lib/mysql + volumes: + - name: mariadb-storage + persistentVolumeClaim: + claimName: mariadb-pvc +--- +apiVersion: v1 +kind: Service +metadata: + name: mariadb + namespace: snipeit +spec: + ports: + - port: 3306 + targetPort: 3306 + selector: + app: mariadb + clusterIP: None \ No newline at end of file diff --git a/snipeit/mariadb/job.yaml b/snipeit/mariadb/job.yaml new file mode 100644 index 0000000..85015e6 --- /dev/null +++ b/snipeit/mariadb/job.yaml @@ -0,0 +1,29 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: init-mariadb + namespace: snipeit +spec: + ttlSecondsAfterFinished: 3600 + template: + spec: + containers: + - name: init-mariadb + image: mariadb:10.6 + command: + - sh + - -c + - > + until mysql -h mariadb -P 3306 -u root -p"$MARIADB_ROOT_PASSWORD" -e "CREATE DATABASE IF NOT EXISTS \`db-snipeit\`; CREATE USER IF NOT EXISTS 'snipeit'@'%' IDENTIFIED BY '$SNIPEIT_DB_PASSWORD'; GRANT ALL PRIVILEGES ON \`db-snipeit\`.* TO 'snipeit'@'%'; FLUSH PRIVILEGES;"; do echo "Waiting for MariaDB to be ready..."; sleep 5; done + env: + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mariadb-secret + key: root-password + - name: SNIPEIT_DB_PASSWORD + valueFrom: + secretKeyRef: + name: snipeit-db-secret + key: MYSQL_PASSWORD + restartPolicy: OnFailure \ No newline at end of file diff --git a/snipeit/mariadb/secret-setup.sh b/snipeit/mariadb/secret-setup.sh new file mode 100755 index 0000000..23345db --- /dev/null +++ b/snipeit/mariadb/secret-setup.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# Prompt user for MariaDB root password +read -sp "Enter MariaDB root password: " ROOT_PASSWORD +echo "" + +# Ensure the password is not empty +if [[ -z "$ROOT_PASSWORD" ]]; then + echo "Error: Password cannot be empty." + exit 1 +fi + +# Define namespace +NAMESPACE="snipeit" + +# Create the Kubernetes secret +kubectl create secret generic mariadb-secret \ + --from-literal=root-password="$ROOT_PASSWORD" \ + --namespace="$NAMESPACE" + +echo "✅ MariaDB secret created successfully in namespace '$NAMESPACE'." \ No newline at end of file diff --git a/snipeit/secret-setup.sh b/snipeit/secret-setup.sh new file mode 100755 index 0000000..b1dc2a6 --- /dev/null +++ b/snipeit/secret-setup.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +# Define static values +MYSQL_USER="snipeit" +MYSQL_DATABASE="db-snipeit" +MYSQL_HOST="mariadb" +MYSQL_PORT="3306" + +# Prompt user for MariaDB root password +read -sp "Enter MariaDB root password: " ROOT_PASSWORD +echo "" + +# Ensure the password is not empty +if [[ -z "$ROOT_PASSWORD" ]]; then + echo "Error: Password cannot be empty." + exit 1 +fi + +# Prompt user for APP_KEY +read -sp "Enter APP_KEY: " APP_KEY +echo "" + +# Ensure the APP_KEY is not empty +if [[ -z "$APP_KEY" ]]; then + echo "Error: APP_KEY cannot be empty." + exit 1 +fi + +# Define namespace +NAMESPACE="snipeit" + +# Create the Kubernetes secret +kubectl create secret generic snipeit-db-secret \ + --from-literal=MYSQL_USER="$MYSQL_USER" \ + --from-literal=MYSQL_DATABASE="$MYSQL_DATABASE" \ + --from-literal=MYSQL_PASSWORD="$ROOT_PASSWORD" \ + --from-literal=MYSQL_PORT_3306_TCP_ADDR="$MYSQL_HOST" \ + --from-literal=MYSQL_PORT_3306_TCP_PORT="$MYSQL_PORT" \ + --from-literal=APP_KEY="$APP_KEY" \ + --namespace="$NAMESPACE" + +echo "✅ Secrets created successfully in namespace '$NAMESPACE'." \ No newline at end of file diff --git a/snipeit/values.yaml b/snipeit/values.yaml new file mode 100644 index 0000000..90ba7fd --- /dev/null +++ b/snipeit/values.yaml @@ -0,0 +1,146 @@ +replicaCount: 1 +revisionHistoryLimit: 0 +deploymentStrategy: + type: RollingUpdate + +## PodDisruptionBudget +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget +# maxUnavailable: 1 + +image: + repository: snipe/snipe-it + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +service: + type: NodePort + annotations: {} + +config: + mysql: + ## All of these values are only used when mysql.enabled is set to false + externalDatabase: + user: "snipeit" + pass: "" + name: db-snipeit + host: mariadb + port: 3306 + + snipeit: + env: production + debug: false + url: https://snipeit.anteriorsolutions.com + key: "" + timezone: "America/Chicago" + locale: en + envConfig: {} + ## Name of the secret containing the database connection details + ## kubectl create secret generic my-db-secret \ + ## --from-literal=MYSQL_USER= \ + ## --from-literal=MYSQL_DATABASE= \ + ## --from-literal=MYSQL_PASSWORD= \ + ## --from-literal=MYSQL_PORT_3306_TCP_ADDR= \ + ## --from-literal=MYSQL_PORT_3306_TCP_PORT= \ + ## --from-literal=APP_KEY= + + externalSecrets: "snipeit-db-secret" + +mysql: + ## Whether to deploy a mysql server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters + enabled: false + ## Create a database and a database user + ## + mysqlUser: snipeit + mysqlPassword: "snipeit" + mysqlDatabase: db-snipeit + + persistence: + enabled: true + ## mysql data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessMode: ReadWriteOnce + size: 8Gi + +persistence: + enabled: true + annotations: {} + accessMode: ReadWriteOnce + existingClaim: "" + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + size: 2Gi + + www: + mountPath: /var/lib/snipeit + subPath: www + sessions: + mountPath: /var/www/html/storage/framework/sessions + subPath: sessions + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + path: / + pathType: ImplementationSpecific + hosts: + - example.local + tls: [] + # - secretName: example-local + # hosts: + # - example.local + +mysql-backup: + enabled: false + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +extraAnnotations: {} + # Extra Annotations that will be added to the SnipeIT Pod(s) + # app.kubernetes.io/instance: snipeit +extraManifests: [] + +extraVolumeMounts: [] + # Additional volumeMounts to the container + # - name: secrets-store01-inline + # mountPath: /mnt/secrets-store + +extraVolumes: [] + # Additional volumes to the pod + # - csi: + # driver: secrets-store.csi.k8s.io + # readOnly: true + # volumeAttributes: + # secretProviderClass: "secret-csi-provider" + # name : secrets-store01-inline diff --git a/unifi/deployment.yaml b/unifi/deployment.yaml new file mode 100644 index 0000000..7a9e953 --- /dev/null +++ b/unifi/deployment.yaml @@ -0,0 +1,118 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: unifi-data + namespace: unifi +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: do-block-storage +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: unifi-network-application +spec: + replicas: 1 + selector: + matchLabels: + app: unifi-network-application + template: + metadata: + labels: + app: unifi-network-application + spec: + containers: + - name: unifi-network-application + image: lscr.io/linuxserver/unifi-network-application:7.5.187-ls15 + env: + - name: TZ + value: "America/Chicago" + - name: MONGO_USER + valueFrom: + secretKeyRef: + name: mongodb-secret + key: MONGO_USER + - name: MONGO_PASS + valueFrom: + secretKeyRef: + name: mongodb-secret + key: MONGO_PASS + - name: MONGO_HOST + value: "mongodb" + - name: MONGO_PORT + value: "27017" + - name: MONGO_DBNAME + valueFrom: + secretKeyRef: + name: mongodb-secret + key: MONGO_DBNAME + - name: MONGO_AUTHSOURCE + valueFrom: + secretKeyRef: + name: mongodb-secret + key: MONGO_AUTHSOURCE + - name: MEM_LIMIT + value: "1024" # optional + - name: MEM_STARTUP + value: "1024" # optional + - name: MONGO_TLS + value: "" # optional + volumeMounts: + - name: config-volume + mountPath: /config + ports: + - containerPort: 8443 + - containerPort: 3478 + protocol: UDP + - containerPort: 10001 + protocol: UDP + - containerPort: 8080 + - containerPort: 1900 + protocol: UDP # optional + - containerPort: 8843 # optional + - containerPort: 8880 # optional + - containerPort: 6789 # optional + - containerPort: 5514 + protocol: UDP # optional + resources: + limits: + memory: "1024Mi" + cpu: "500m" + requests: + memory: "512Mi" + cpu: "200m" + volumes: + - name: config-volume + persistentVolumeClaim: + claimName: unifi-data +--- +apiVersion: v1 +kind: Service +metadata: + name: unifi + namespace: unifi +spec: + ports: + - name: https + port: 8443 + targetPort: 8443 + protocol: TCP + - name: http + port: 8080 + targetPort: 8080 + protocol: TCP + - name: stun + port: 3478 + targetPort: 3478 + protocol: UDP + - name: discovery + port: 10001 + targetPort: 10001 + protocol: UDP + type: NodePort + selector: + app: unifi-network-application \ No newline at end of file diff --git a/unifi/mongodb/deployment.yaml b/unifi/mongodb/deployment.yaml new file mode 100644 index 0000000..3fa2cee --- /dev/null +++ b/unifi/mongodb/deployment.yaml @@ -0,0 +1,119 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mongodb-pvc + namespace: unifi +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: do-block-storage +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: init-mongo-script + namespace: unifi +data: + init-mongo.sh: | + #!/bin/bash + + if which mongosh > /dev/null 2>&1; then + mongo_init_bin='mongosh' + else + mongo_init_bin='mongo' + fi + "${mongo_init_bin}" <