chart fixes and readme edits

2023-10-20 00:03:15 -04:00
parent 0462913304
commit 42b6aa33a0
24 changed files with 697 additions and 258 deletions
--- a/helm/jellyfin/templates/jellyfin.yaml
+++ b/helm/jellyfin/templates/jellyfin.yaml
@@ -17,6 +17,15 @@ spec:
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
+      tolerations:
+      - key: "node.kubernetes.io/unreachable"
+        operator: "Exists"
+        effect: "NoExecute"
+        tolerationSeconds: 1
+      - key: "node.kubernetes.io/not-ready"
+        operator: "Exists"
+        effect: "NoExecute"
+        tolerationSeconds: 1
      containers:
      - name: jellyfin
        image: {{ .Values.jellyfin.image }}
--- a/helm/minecraft/templates/deployment.yaml
+++ b/helm/minecraft/templates/deployment.yaml
@@ -13,6 +13,15 @@ spec:
      labels:
        app: {{ .Release.Name }}
    spec:
+      tolerations:
+      - key: "node.kubernetes.io/unreachable"
+        operator: "Exists"
+        effect: "NoExecute"
+        tolerationSeconds: 1
+      - key: "node.kubernetes.io/not-ready"
+        operator: "Exists"
+        effect: "NoExecute"
+        tolerationSeconds: 1
      initContainers:
      - name: get-version
        image: {{ .Values.get_server.image }}
--- a/helm/minecraft/templates/pvc.yaml
+++ b/helm/minecraft/templates/pvc.yaml
@@ -5,7 +5,7 @@ metadata:
  annotations:
    "helm.sh/resource-policy": keep
 spec:
-  storageClassName: zfs-iscsi-enc1
+  storageClassName: zfs-nfs-enc1
  accessModes:
    - ReadWriteOnce
  resources:
--- a/helm/minecraft/values.yaml
+++ b/helm/minecraft/values.yaml
@@ -19,7 +19,7 @@ server_props: |
  op-permission-level=4
  pvp=true
  snooper-enabled=true
-  level-type=default
+  level-type=amplified
  hardcore=false
  enable-command-block=false
  max-players=20
--- a/helm/nextcloud/templates/_helpers.tpl
+++ b/helm/nextcloud/templates/_helpers.tpl
@@ -8,29 +8,40 @@
 {{ define "DATABASE_HOST" }}{{ .Release.Name }}-postgres{{ end }}
 {{ define "POSTGRES_USER" }}postgres{{ end }}

-{{/* Postgres password lookup - uses existing password if possible */}}
-{{ define "POSTGRES_PASSWORD" -}}
-{{- $POSTGRES_SECRETS := (lookup "v1" "Secret" .Release.Namespace ( include "POSTGRES_NAME" . )).data -}}
-{{- printf (ternary (dict "POSTGRES_PASSWORD" (randAlphaNum 64 | b64enc)) $POSTGRES_SECRETS (not $POSTGRES_SECRETS)).POSTGRES_PASSWORD -}}
-{{- end }}
-
 {{/* Generated Nextcloud Config */}}
 {{ define "NEXTCLOUD_NAME" }}{{ printf "%s-nextcloud" .Release.Name | lower }}{{ end }}
 {{ define "ADMIN_USER" }}admin{{ end }}

-{{/* Nextcloud admin password lookup - uses existing password if possible */}}
-{{- define "NEXTCLOUD_ADMIN_PASSWORD" -}}
-{{/* ternary (create a dict with random NEXTCLOUD_ADMIN_PASSWORD) (actual dictionary) (test whether NEXTCLOUD_SECRETS exists) */}}
-{{- $NEXTCLOUD_SECRETS := (lookup "v1" "Secret" .Release.Namespace ( include "NEXTCLOUD_NAME" . )).data -}}
-{{- printf (ternary (dict "NEXTCLOUD_ADMIN_PASSWORD" (randAlphaNum 64 | b64enc)) $NEXTCLOUD_SECRETS (not $NEXTCLOUD_SECRETS)).NEXTCLOUD_ADMIN_PASSWORD -}}
-{{- end -}}
-
 {{/* Generated Redis Config */}}
 {{ define "REDIS_NAME" }}{{ printf "%s-redis" .Release.Name | lower }}{{ end }}
 {{ define "REDIS_HOST" }}{{ .Release.Name }}-redis{{ end }}

-{{/* Redis password lookup - uses existing password if possible */}}
-{{- define "REDIS_PASSWORD" -}}
-{{- $REDIS_SECRETS := (lookup "v1" "Secret" .Release.Namespace ( include "REDIS_NAME" . )).data -}}
-{{- printf (ternary (dict "REDIS_PASSWORD" (randAlphaNum 64 | b64enc)) $REDIS_SECRETS (not $REDIS_SECRETS)).REDIS_PASSWORD -}}
+{{/* Postgres password lookup - uses existing password if possible */}}
+{{ define "POSTGRES_PASSWORD" -}}
+{{- $POSTGRES_SECRET := (lookup "v1" "Secret" .Release.Namespace ( include "POSTGRES_NAME" . )).data -}}
+{{- if $POSTGRES_SECRET -}}
+    {{- printf $POSTGRES_SECRET.POSTGRES_PASSWORD | b64enc -}}
+{{- else -}}
+    {{- printf (required ".Values.postgres.password is required" .Values.postgres.password) | b64enc -}}
 {{- end -}}
+{{- end }}
+
+{{/* Nextcloud admin password lookup - uses existing password if possible */}}
+{{ define "NEXTCLOUD_ADMIN_PASSWORD" -}}
+{{- $NEXTCLOUD_SECRETS := (lookup "v1" "Secret" .Release.Namespace ( include "NEXTCLOUD_NAME" . )).data -}}
+{{- if $NEXTCLOUD_SECRETS -}}
+    {{- printf $NEXTCLOUD_SECRETS.NEXTCLOUD_ADMIN_PASSWORD | b64enc -}}
+{{- else -}}
+    {{- printf (required ".Values.nextcloud.admin.password is required" .Values.nextcloud.admin.password) | b64enc -}}
+{{- end -}}
+{{- end }}
+
+{{/* Redis password lookup - uses existing password if possible */}}
+{{ define "REDIS_PASSWORD" -}}
+{{- $REDIS_SECRETS := (lookup "v1" "Secret" .Release.Namespace ( include "REDIS_NAME" . )).data -}}
+{{- if $REDIS_SECRETS -}}
+    {{- printf $REDIS_SECRETS.REDIS_PASSWORD | b64enc -}}
+{{- else -}}
+    {{- printf (required ".Values.redis.password is required" .Values.redis.password) | b64enc -}}
+{{- end -}}
+{{- end }}
--- a/helm/nextcloud/templates/deployment.yaml
+++ b/helm/nextcloud/templates/deployment.yaml
@@ -13,6 +13,15 @@ spec:
      labels:
        app.kubernetes.io/name: nextcloud
    spec:
+      tolerations:
+      - key: "node.kubernetes.io/unreachable"
+        operator: "Exists"
+        effect: "NoExecute"
+        tolerationSeconds: 1
+      - key: "node.kubernetes.io/not-ready"
+        operator: "Exists"
+        effect: "NoExecute"
+        tolerationSeconds: 1
      containers:
      - name: nextcloud
        image: {{ .Values.nextcloud.image }}
@@ -94,8 +103,10 @@ spec:
        persistentVolumeClaim:
          claimName: {{ .Release.Name }}-postgres-iops
      - name: redis
-        persistentVolumeClaim:
-          claimName: {{ .Release.Name }}-redis-iops
+        emptyDir:
+          sizeLimit: 2Gi
+        # persistentVolumeClaim:
+        #   claimName: {{ .Release.Name }}-redis-iops
      - name: postgres-init
        secret:
          secretName: {{ .Release.Name }}-postgres-init
--- a/helm/nextcloud/templates/nextcloud-data-pvc.yaml
+++ b/helm/nextcloud/templates/nextcloud-data-pvc.yaml
@@ -5,9 +5,9 @@ metadata:
  annotations:
    "helm.sh/resource-policy": keep
 spec:
-  storageClassName: zfs-iscsi-enc0
+  storageClassName: {{ .Values.nextcloud.data.storageClassName }}
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
-      storage: 2Ti
+      storage: {{ .Values.nextcloud.data.storage }}
--- a/helm/nextcloud/templates/nextcloud-html-pvc.yaml
+++ b/helm/nextcloud/templates/nextcloud-html-pvc.yaml
@@ -5,9 +5,9 @@ metadata:
  annotations:
    "helm.sh/resource-policy": keep
 spec:
-  storageClassName: zfs-iscsi-enc1
+  storageClassName: {{ .Values.nextcloud.html.storageClassName }}
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
-      storage: 16Gi
+      storage: {{ .Values.nextcloud.html.storage }}
--- a/helm/nextcloud/templates/nextcloud-secret.yaml
+++ b/helm/nextcloud/templates/nextcloud-secret.yaml
@@ -9,4 +9,3 @@ data:
  NEXTCLOUD_ADMIN_PASSWORD: {{ include "NEXTCLOUD_ADMIN_PASSWORD" . | quote }}
  POSTGRES_PASSWORD: {{ include "POSTGRES_PASSWORD" . | quote }}
  REDIS_HOST_PASSWORD: {{ include "REDIS_PASSWORD" . | quote }}
-  SMTP_PASSWORD: {{ .Values.SMTP_PASSWORD | b64enc | quote }}
--- a/helm/nextcloud/templates/postgres-pvc.yaml
+++ b/helm/nextcloud/templates/postgres-pvc.yaml
@@ -5,9 +5,9 @@ metadata:
  annotations:
    "helm.sh/resource-policy": keep
 spec:
-  storageClassName: zfs-iscsi-enc1
+  storageClassName: {{ .Values.postgres.storageClassName }}
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
-      storage: 32Gi
+      storage: {{ .Values.postgres.storage }}
--- a/helm/nextcloud/templates/redis-pvc.yaml
+++ b/helm/nextcloud/templates/redis-pvc.yaml
@@ -5,9 +5,9 @@ metadata:
  annotations:
    "helm.sh/resource-policy": keep
 spec:
-  storageClassName: zfs-iscsi-enc1
+  storageClassName: {{ .Values.redis.storageClassName }}
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
-      storage: 32Gi
+      storage: {{ .Values.redis.storage }}
--- a/helm/nextcloud/values.yaml
+++ b/helm/nextcloud/values.yaml
@@ -1,3 +1,21 @@
 nextcloud:
  image: nextcloud:26.0.7
  domain: nextcloud.reeseapps.com
+  html:
+    storageClassName: zfs-iscsi-enc1
+    storage: 16Gi
+  data:
+    storageClassName: zfs-iscsi-enc1
+    storage: 2Ti
+  admin:
+    password: ""
+
+postgres:
+  storageClassName: zfs-iscsi-enc1
+  storage: 32Gi
+  password: ""
+
+redis:
+  storageClassName: zfs-iscsi-enc1
+  storage: 32Gi
+  password: ""
--- a/helm/snapdrop/templates/configmap.yaml
+++ b/helm/snapdrop/templates/configmap.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-snapdrop
+  annotations:
+    "helm.sh/resource-policy": keep
+data:
+  PUID: "1000"
+  PGID: "1000"
+  TZ: Etc/UTC
--- a/helm/snapdrop/templates/deployment.yaml
+++ b/helm/snapdrop/templates/deployment.yaml
@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: snapdrop
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: snapdrop
+    spec:
+      containers:
+      - name: snapdrop
+        image: {{ .Values.snapdrop.image }}
+        ports:
+          - containerPort: 80
+            name: http
+        envFrom:
+          - configMapRef:
+              name: {{ .Release.Name }}-snapdrop
+        volumeMounts:
+          - mountPath: /config
+            name: config
+        resources:
+          requests:
+            memory: "1Gi"
+            cpu: "1m"
+          limits:
+            memory: "4Gi"
+            cpu: "4"
+      volumes:
+      - name: config
+        persistentVolumeClaim:
+          claimName: {{ .Release.Name }}-config
--- a/helm/snapdrop/templates/ingress.yaml
+++ b/helm/snapdrop/templates/ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Release.Name }}
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.org/client-max-body-size: "0"
+spec:
+  rules:
+  - host: {{ .Values.snapdrop.domain }}
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: snapdrop
+            port:
+              name: http
+  tls:
+  - hosts:
+    - {{ .Values.snapdrop.domain }}
+    secretName: snapdrop-tls-cert
--- a/helm/snapdrop/templates/pvc.yaml
+++ b/helm/snapdrop/templates/pvc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ .Release.Name }}-config
+  annotations:
+    "helm.sh/resource-policy": keep
+spec:
+  storageClassName: zfs-iscsi-enc0
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 8Gi
--- a/helm/snapdrop/templates/service.yaml
+++ b/helm/snapdrop/templates/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: snapdrop
+  ports:
+  - name: http
+    protocol: TCP
+    port: 80
+    targetPort: http
--- a/helm/snapdrop/templates/snapdrop.yaml
+++ b/helm/snapdrop/templates/snapdrop.yaml
@@ -1,111 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ .Release.Name }}-snapdrop
-  annotations:
-    "helm.sh/resource-policy": keep
-data:
-  PUID: "1000"
-  PGID: "1000"
-  TZ: Etc/UTC
-
---
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ .Release.Name }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: snapdrop
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: snapdrop
-    spec:
-      containers:
-      - name: snapdrop
-        image: {{ .Values.snapdrop.image }}
-        ports:
-          - containerPort: 80
-            name: http
-        envFrom:
-          - configMapRef:
-              name: {{ .Release.Name }}-snapdrop
-        volumeMounts:
-          - mountPath: /config
-            name: config
-        resources:
-          requests:
-            memory: "1Gi"
-            cpu: "1m"
-          limits:
-            memory: "4Gi"
-            cpu: "4"
-      volumes:
-      - name: config
-        persistentVolumeClaim:
-          claimName: {{ .Release.Name }}-config
-
---
-
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: {{ .Release.Name }}-config
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  storageClassName: zfs-iscsi-enc0
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 8Gi
-
---
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Release.Name }}
-spec:
-  type: ClusterIP
-  selector:
-    app.kubernetes.io/name: snapdrop
-  ports:
-  - name: http
-    protocol: TCP
-    port: 80
-    targetPort: http
-
---
-
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ .Release.Name }}
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-    kubernetes.io/ingress.class: nginx
-    nginx.ingress.kubernetes.io/proxy-body-size: "0"
-    nginx.org/client-max-body-size: "0"
-spec:
-  rules:
-  - host: {{ .Values.snapdrop.domain }}
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: snapdrop
-            port:
-              name: http
-  tls:
-  - hosts:
-    - {{ .Values.snapdrop.domain }}
-    secretName: snapdrop-tls-cert