lab migration complete

rssnyder · Jan 17, 2025 · c3de83d · c3de83d
1 parent dabe1ef
commit c3de83d
Show file tree

Hide file tree

Showing 35 changed files with 564 additions and 465 deletions.
diff --git a/infra/domains.tf b/infra/domains.tf
@@ -130,15 +130,6 @@ module "bothwellarchive" {
   private_ip = var.instances["hurley"].ip
 }
 
-module "registry" {
-  source = "github.com/rssnyder/isengard//infra/external-internal-dns"
-
-  domain     = digitalocean_domain.rileysnyder_dev.name
-  name       = "registry"
-  public_ip  = var.instances["home"].ip
-  private_ip = var.instances["hurley"].ip
-}
-
 resource "digitalocean_record" "star-k8s" {
   domain = digitalocean_domain.rileysnyder_dev.name
   type   = "A"

diff --git a/infra/var.tf b/infra/var.tf
@@ -6,10 +6,10 @@ variable "instances" {
       ip = "216.82.42.181"
     }
     zira = {
-      ip = "192.168.0.2"
+      ip = "192.168.2.6"
     }
-    cornelius = {
-      ip = "192.168.2.3"
+    t480-0 = {
+      ip = "192.168.2.69"
     }
     hurley = {
       ip = "192.168.2.2"

diff --git a/k8s/baseline/harness.yaml b/k8s/baseline/harness.yaml
@@ -22,3 +22,27 @@ spec:
     replicas: 1
     cpu: 100m
     memory: 1500
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: harness-autostopping
+
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: harness-ccm-autostopping
+  namespace: harness-autostopping
+spec:
+  repo: https://rssnyder.github.io/harness-ccm-autostopping
+  chart: harness-ccm-autostopping
+  targetnamespace: harness-autostopping
+  valuesContent: |-
+    accountId: wlgELJ0TTre5aZhzpt8gVA
+    connectorId: _{{ cluster_context }}_ccm
+    apiToken: {{ k8s.secrets.harness.autostopping_api_key }}
+    controller:
+      image:
+        tag: 1.1.6
diff --git a/k8s/baseline/longhorn.yaml b/k8s/baseline/longhorn.yaml
@@ -25,10 +25,12 @@ spec:
   repo: https://charts.longhorn.io
   chart: longhorn
   targetNamespace: longhorn-system
+  version: v1.7.2
   valuesContent: |-
     service:
       ui:
         type: LoadBalancer
+
     persistence:
       reclaimPolicy: Retain
     defaultSettings:
@@ -39,3 +41,17 @@ spec:
       autoDeletePodWhenVolumeDetachedUnexpectedly: true
       nodeDownPodDeletionPolicy: delete-both-statefulset-and-deployment-pod
       nodeDrainPolicy: always-allow
+
+---
+apiVersion: longhorn.io/v1beta1
+kind: RecurringJob
+metadata:
+  name: default-daily
+  namespace: longhorn-system
+spec:
+  cron: "0 10 * * *"
+  task: "backup"
+  groups:
+  - default
+  retain: 7
+  concurrency: 1
diff --git a/k8s/baseline/prometheus.yaml b/k8s/baseline/prometheus.yaml
@@ -17,6 +17,8 @@ spec:
     commonMetaLabels:
       cluster: {{ cluster_context}}
     server:
+      persistentVolume:
+        storageClass: local-path
       service:
         type: LoadBalancer
         servicePort: 9090

diff --git a/k8s/counter-api/counter.yaml b/k8s/counter-api/counter.yaml
@@ -30,7 +30,7 @@ spec:
               name: postgres
               key: PG_PASSWORD
         - name: PG_HOST
-          value: "192.168.0.3"
+          value: "192.168.2.2"
         - name: PG_USER
           value: counter
         - name: PG_DB

diff --git a/k8s/debug.yaml b/k8s/debug.yaml
@@ -27,6 +27,10 @@ spec:
         - name: config
           mountPath: /config
       volumes:
+      # - name: config
+      #   persistentVolumeClaim:
+      #     claimName: config
       - name: config
-        persistentVolumeClaim:
-          claimName: config
+        nfs:
+          server: 192.168.2.6
+          path: /bucket/k8s/lab/homeassistant
diff --git a/k8s/discord-bot-manager/discord-bot-manager.yaml b/k8s/discord-bot-manager/discord-bot-manager.yaml
@@ -49,19 +49,6 @@ spec:
         - name: api
           containerPort: 7777
 
----
-apiVersion: monitoring.coreos.com/v1
-kind: PodMonitor
-metadata:
-  name: discord-bot-manager
-  namespace: discord-bot-manager
-spec:
-  selector:
-    matchLabels:
-      app: discord-bot-manager
-  podMetricsEndpoints:
-  - port: api
-
 ---
 apiVersion: v1
 kind: Service

diff --git a/k8s/discord-bot/apex.yaml b/k8s/discord-bot/apex.yaml
diff --git a/k8s/dnd-generator/dnd-generator.yaml b/k8s/dnd-generator/dnd-generator.yaml
@@ -23,7 +23,7 @@ spec:
       - name: ghcr-token
       containers:
       - name: api
-        image: ghcr.io/rssnyder/dnd-generator-api:0.0.1-beta.2
+        image: ghcr.io/rssnyder/dnd-generator-api:0.0.1-beta.1
         imagePullPolicy: IfNotPresent
         env:
         - name: PG_PASSWORD
@@ -59,19 +59,6 @@ spec:
         - name: api
           containerPort: 8080
 
----
-apiVersion: monitoring.coreos.com/v1
-kind: PodMonitor
-metadata:
-  name: dnd-generator-api
-  namespace: dnd-generator
-spec:
-  selector:
-    matchLabels:
-      app: dnd-generator-api
-  podMetricsEndpoints:
-  - port: api
-
 ---
 apiVersion: v1
 kind: Service

diff --git a/k8s/example/example.yaml b/k8s/example/example.yaml
@@ -4,7 +4,7 @@ metadata:
   name: example
 
 ---
-# get some persistance storage
+# get some persistent storage
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -18,6 +18,51 @@ spec:
     requests:
       storage: 1M
 
+---
+# create a postgres database for the app
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: db
+  namespace: example
+spec:
+  instances: 1
+  storage:
+    size: 1Gi
+    storageClass: local-path
+  monitoring:
+    enablePodMonitor: true
+  backup:
+    retentionPolicy: "7d"
+    barmanObjectStore:
+      destinationPath: "s3://cnpg/micro/example"
+      endpointURL: https://s3.rileysnyder.dev
+      s3Credentials:
+        accessKeyId:
+          name: minio
+          key: AWS_ACCESS_KEY_ID
+        secretAccessKey:
+          name: minio
+          key: AWS_SECRET_ACCESS_KEY
+      wal:
+        compression: gzip
+      data:
+        compression: gzip
+
+---
+# and schedule a daily backup
+apiVersion: postgresql.cnpg.io/v1
+kind: ScheduledBackup
+metadata:
+  name: db
+  namespace: example
+spec:
+  schedule: "0 8 * * * *"
+  backupOwnerReference: cluster
+  immediate: false
+  cluster:
+    name: db
+
 ---
 # run some container in the cluster
 apiVersion: apps/v1
@@ -41,6 +86,27 @@ spec:
         env:
         - name: EXAMPLE
           value: something
+        # add postgres connection details
+        - name: PG_DB
+          valueFrom:
+            secretKeyRef:
+              name: db-app
+              key: dbname
+        - name: PG_USER
+          valueFrom:
+            secretKeyRef:
+              name: db-app
+              key: username
+        - name: PG_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: db-app
+              key: password
+        - name: PG_HOST
+          valueFrom:
+            secretKeyRef:
+              name: db-app
+              key: host
         ports:
         - name: web
           containerPort: 80

diff --git a/k8s/homeassistant/homeassistant.yaml b/k8s/homeassistant/homeassistant.yaml
@@ -19,7 +19,7 @@ spec:
       labels:
         app: homeassistant
     spec:
-      nodeName: charlie
+      nodeName: jack
       hostNetwork: true
       containers:
       - name: home-assistant
@@ -45,6 +45,10 @@ spec:
       - name: config
         persistentVolumeClaim:
           claimName: config
+      # - name: config
+      #   nfs:
+      #     server: 192.168.2.6
+      #     path: /bucket/k8s/lab/homeassistant
       - name: usb
         hostPath:
           path: /dev/ttyUSB0
@@ -56,6 +60,7 @@ metadata:
   name: config
   namespace: homeassistant
 spec:
+  volumeName: pvc-ffe07a23-cc0b-44c6-bc6e-3ae60effb9ba
   accessModes:
     - ReadWriteOnce
   storageClassName: longhorn

diff --git a/k8s/immich/immich.yaml b/k8s/immich/immich.yaml
@@ -28,8 +28,7 @@ spec:
   instances: 1
   enableSuperuserAccess: true
   storage:
-    # storageClass: longhorn
-    size: 1Gi
+    size: 2Gi
   monitoring:
     enablePodMonitor: true
   bootstrap:
@@ -43,16 +42,53 @@ spec:
     shared_preload_libraries:
       - "vectors.so"
   backup:
+    retentionPolicy: "30d"
     barmanObjectStore:
-      destinationPath: "immich/db"
-      endpointURL: cnpg.us-east1.s3.rileysnyder.dev
+      destinationPath: "s3://cnpg/immich-new"
+      endpointURL: https://s3.rileysnyder.dev
       s3Credentials:
         accessKeyId:
           name: minio
-          key: ACCESS_KEY_ID
+          key: AWS_ACCESS_KEY_ID
         secretAccessKey:
           name: minio
-          key: ACCESS_SECRET_KEY
+          key: AWS_SECRET_ACCESS_KEY
+      wal:
+        compression: gzip
+      data:
+        compression: gzip
+
+# for recovery
+
+  bootstrap:
+    recovery:
+      source: db
+
+  externalClusters:
+    - name: db
+      barmanObjectStore:
+        destinationPath: "s3://cnpg/immich"
+        endpointURL: https://s3.rileysnyder.dev
+        s3Credentials:
+          accessKeyId:
+            name: minio
+            key: AWS_ACCESS_KEY_ID
+          secretAccessKey:
+            name: minio
+            key: AWS_SECRET_ACCESS_KEY
+
+---
+apiVersion: postgresql.cnpg.io/v1
+kind: ScheduledBackup
+metadata:
+  name: db-hourly
+  namespace: immich
+spec:
+  schedule: "0 0 * * * *"
+  backupOwnerReference: cluster
+  immediate: true
+  cluster:
+    name: db
 
 ---
 apiVersion: apps/v1
@@ -110,10 +146,6 @@ kind: Service
 metadata:
   name: http
   namespace: immich
-  annotations:
-    tailscale.com/expose: "true"
-    tailscale.com/hostname: "immich"
-    external-dns.alpha.kubernetes.io/hostname: immich.r.ss
 spec:
   type: LoadBalancer
   selector: