From aef3651518f8380054fd94aaec2e19bdc726b637 Mon Sep 17 00:00:00 2001 From: Laur IVAN Date: Tue, 24 Feb 2026 13:56:21 +0100 Subject: [PATCH] chore: Add skeletons for future containers fix: Corrected observability namespace - Add atuin but not enabled yet. --- kubernetes/apps/communication/README.md | 22 +++++ kubernetes/apps/dev/README.md | 6 ++ kubernetes/apps/dev/atuin/app.ks.yaml | 24 ++++++ .../apps/dev/atuin/app/helmrelease.yaml | 80 +++++++++++++++++++ .../apps/dev/atuin/app/kustomization.yaml | 7 ++ .../apps/dev/atuin/app/ocirepository.yaml | 14 ++++ kubernetes/apps/dev/atuin/kustomization.yaml | 6 ++ kubernetes/apps/dev/kustomization.yaml | 8 ++ kubernetes/apps/dev/namespace.yaml | 7 ++ kubernetes/apps/home-automation/README.md | 9 +++ kubernetes/apps/media/README.md | 21 +++++ .../apps/observability/kustomization.yaml | 2 +- 12 files changed, 205 insertions(+), 1 deletion(-) create mode 100644 kubernetes/apps/communication/README.md create mode 100644 kubernetes/apps/dev/README.md create mode 100644 kubernetes/apps/dev/atuin/app.ks.yaml create mode 100644 kubernetes/apps/dev/atuin/app/helmrelease.yaml create mode 100644 kubernetes/apps/dev/atuin/app/kustomization.yaml create mode 100644 kubernetes/apps/dev/atuin/app/ocirepository.yaml create mode 100644 kubernetes/apps/dev/atuin/kustomization.yaml create mode 100644 kubernetes/apps/dev/kustomization.yaml create mode 100644 kubernetes/apps/dev/namespace.yaml create mode 100644 kubernetes/apps/home-automation/README.md create mode 100644 kubernetes/apps/media/README.md diff --git a/kubernetes/apps/communication/README.md b/kubernetes/apps/communication/README.md new file mode 100644 index 0000000..321a071 --- /dev/null +++ b/kubernetes/apps/communication/README.md @@ -0,0 +1,22 @@ +# Communication + +Here we have: + +- notification apps (tied to monitoring) +- selfhosted social media (like mastodon/bluesky...) +- blogs + +## Blogs + +This should contain public content stuff like blogs. It should: + +1. replace laurivan.com +2. replace sillyjokes.??? +3. Have a content creation thing +4. is available on envoy-external (aka web-accessible) + +**Notes**: + +1. Depends on DB and a robust backup +2. must contain only production-ready stuff +3. Need to figure out how to do it for multiple domanis... \ No newline at end of file diff --git a/kubernetes/apps/dev/README.md b/kubernetes/apps/dev/README.md new file mode 100644 index 0000000..38c8dac --- /dev/null +++ b/kubernetes/apps/dev/README.md @@ -0,0 +1,6 @@ +# About + +This should contain different deployments relevant for development. + +- [atuin](https://github.com/onedr0p/home-ops/tree/5f5f0e040bd8013737037d11712ece57e2f631da/kubernetes/apps/default/atuin) +- \ No newline at end of file diff --git a/kubernetes/apps/dev/atuin/app.ks.yaml b/kubernetes/apps/dev/atuin/app.ks.yaml new file mode 100644 index 0000000..078fbb3 --- /dev/null +++ b/kubernetes/apps/dev/atuin/app.ks.yaml @@ -0,0 +1,24 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: atuin +spec: + components: + - ../../../../components/volsync + dependsOn: + - name: rook-ceph-cluster + namespace: rook-ceph + interval: 1h + path: ./kubernetes/apps/dev/atuin/app + postBuild: + substitute: + APP: atuin + prune: true + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + targetNamespace: default + wait: false \ No newline at end of file diff --git a/kubernetes/apps/dev/atuin/app/helmrelease.yaml b/kubernetes/apps/dev/atuin/app/helmrelease.yaml new file mode 100644 index 0000000..d527789 --- /dev/null +++ b/kubernetes/apps/dev/atuin/app/helmrelease.yaml @@ -0,0 +1,80 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s-labs/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: atuin +spec: + chartRef: + kind: OCIRepository + name: atuin + interval: 1h + values: + controllers: + atuin: + containers: + app: + image: + repository: ghcr.io/atuinsh/atuin + tag: v18.12.0@sha256:e953fa9e36ef571d3cb2f9746426129025b8101ad4b88cd0da6783d524cca431 + env: + ATUIN_HOST: "0.0.0.0" + ATUIN_PORT: &port 80 + ATUIN_OPEN_REGISTRATION: "true" + ATUIN_DB_URI: sqlite:///config/atuin.db + TZ: America/New_York + args: + - start + probes: + liveness: + enabled: true + spec: + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 5 + readiness: + enabled: true + custom: true + spec: + httpGet: + path: /healthz + port: *port + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + startup: + enabled: true + spec: + failureThreshold: 30 + periodSeconds: 10 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: {drop: ["ALL"]} + resources: + requests: + cpu: 10m + limits: + memory: 256Mi + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch + service: + app: + ports: + http: + port: *port + route: + app: + hostnames: + - "{{ .Release.Name }}.${SECRET_DOMAIN}" + parentRefs: + - name: envoy-internal + namespace: network + persistence: + config: + existingClaim: "{{ .Release.Name }}" \ No newline at end of file diff --git a/kubernetes/apps/dev/atuin/app/kustomization.yaml b/kubernetes/apps/dev/atuin/app/kustomization.yaml new file mode 100644 index 0000000..4879312 --- /dev/null +++ b/kubernetes/apps/dev/atuin/app/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml + - ./ocirepository.yaml \ No newline at end of file diff --git a/kubernetes/apps/dev/atuin/app/ocirepository.yaml b/kubernetes/apps/dev/atuin/app/ocirepository.yaml new file mode 100644 index 0000000..7913514 --- /dev/null +++ b/kubernetes/apps/dev/atuin/app/ocirepository.yaml @@ -0,0 +1,14 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: OCIRepository +metadata: + name: atuin +spec: + interval: 15m + layerSelector: + mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip + operation: copy + ref: + tag: 4.6.2 + url: oci://ghcr.io/bjw-s-labs/helm/app-template \ No newline at end of file diff --git a/kubernetes/apps/dev/atuin/kustomization.yaml b/kubernetes/apps/dev/atuin/kustomization.yaml new file mode 100644 index 0000000..bffe7fc --- /dev/null +++ b/kubernetes/apps/dev/atuin/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ./app.ks.yaml \ No newline at end of file diff --git a/kubernetes/apps/dev/kustomization.yaml b/kubernetes/apps/dev/kustomization.yaml new file mode 100644 index 0000000..ce9fa08 --- /dev/null +++ b/kubernetes/apps/dev/kustomization.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: dev + +resources: + - ./namespace.yaml + # TODO: - ./atuin - enable it when the storage is set up diff --git a/kubernetes/apps/dev/namespace.yaml b/kubernetes/apps/dev/namespace.yaml new file mode 100644 index 0000000..7fad8e4 --- /dev/null +++ b/kubernetes/apps/dev/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: _ + annotations: + kustomize.toolkit.fluxcd.io/prune: disabled \ No newline at end of file diff --git a/kubernetes/apps/home-automation/README.md b/kubernetes/apps/home-automation/README.md new file mode 100644 index 0000000..8f63e94 --- /dev/null +++ b/kubernetes/apps/home-automation/README.md @@ -0,0 +1,9 @@ +# Introduction + +This folder/namespace shall contain all HA-related applications, like: + +- Home Assistant +- mosquitto (MQTT broker) +- zigbee/z-wave daemons if necessary + +**NOTE**: Only the minimal stuff shall be exposed on the envoy-internal gateway. \ No newline at end of file diff --git a/kubernetes/apps/media/README.md b/kubernetes/apps/media/README.md new file mode 100644 index 0000000..bbc4666 --- /dev/null +++ b/kubernetes/apps/media/README.md @@ -0,0 +1,21 @@ +# Introduction + +This shall contain all media-related applications: + +- Plex +- *arr stuff +- tatuuli - still don't know what purpose it serves +- digital library things +- transcoding for optimisation to available media (e.g. 1080p right now, 4k in the future) +- maybe create a decay algorithm to remove old and unwatched stuff + +Can also contain +- mermaid ui +- figma equivalent +- immich (it will most likely be here) + +**NOTES**: + +1. in principle, stuff should be exposed on the internal gateway +2. mirror and replace the current "services" vm which is full of docker containers +3. it depends on a successful connection via NFS to the storage machine diff --git a/kubernetes/apps/observability/kustomization.yaml b/kubernetes/apps/observability/kustomization.yaml index 24d0121..1fb33de 100644 --- a/kubernetes/apps/observability/kustomization.yaml +++ b/kubernetes/apps/observability/kustomization.yaml @@ -1,7 +1,7 @@ --- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: monitoring-system +namespace: observability resources: - ./namespace.yaml