ivanch/haven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Jose Henrique
2025-09-17 15:23:54 -03:00
commit 5e1ee4c0f2
23 changed files with 2022 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
infra/beszel-agent.yaml Normal file
View File

@@ -0,0 +1,43 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: beszel-agent
namespace: infra
spec:
selector:
matchLabels:
app: beszel-agent
template:
metadata:
labels:
app: beszel-agent
spec:
hostNetwork: true
containers:
- env:
- name: PORT
value: "45876"
- name: KEY
valueFrom:
secretKeyRef:
name: beszel-key
key: SECRET-KEY
image: henrygd/beszel-agent:latest
imagePullPolicy: Always
name: beszel-agent
ports:
- containerPort: 45876
hostPort: 45876
restartPolicy: Always
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
updateStrategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 100%
type: RollingUpdate

86
infra/beszel.yaml Normal file
View File

@@ -0,0 +1,86 @@
---
# 1) Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: beszel
namespace: infra
spec:
replicas: 1
selector:
matchLabels:
app: beszel
template:
metadata:
labels:
app: beszel
spec:
containers:
- name: beszel
image: henrygd/beszel:latest
imagePullPolicy: Always
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
ports:
- containerPort: 8090
name: beszel-port
volumeMounts:
- name: beszel-config
mountPath: /beszel_data
volumes:
- name: beszel-config
persistentVolumeClaim:
claimName: beszel-config
---
# 2) Service
apiVersion: v1
kind: Service
metadata:
name: beszel
namespace: infra
spec:
type: ClusterIP
selector:
app: beszel
ports:
- port: 80
targetPort: beszel-port
---
# 3) PersistentVolumeClaim (for /config)
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: beszel-config
namespace: infra
annotations:
nfs.io/storage-path: "beszel-config"
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
# 4) Ingress (Traefik)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: beszel
namespace: infra
spec:
ingressClassName: nginx
rules:
- host: beszel.haven
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: beszel
port:
number: 80

103
infra/code-config.yaml Normal file
View File

@@ -0,0 +1,103 @@
---
# 1) Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: code-config
namespace: infra
spec:
replicas: 1
selector:
matchLabels:
app: code-config
template:
metadata:
labels:
app: code-config
spec:
containers:
- name: code-config
image: lscr.io/linuxserver/code-server:latest
imagePullPolicy: Always
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: PROXY_DOMAIN
value: "code-config.haven"
- name: DEFAULT_WORKSPACE
value: "/k8s-config"
resources:
requests:
memory: 512Mi
cpu: 200m
limits:
memory: 1Gi
cpu: 500m
ports:
- containerPort: 8443
name: code-port
volumeMounts:
- name: code-config
mountPath: /config
- name: k8s-config
mountPath: /k8s-config
volumes:
- name: code-config
persistentVolumeClaim:
claimName: code-config
- name: k8s-config
nfs:
server: 192.168.15.61
path: /export/config
---
# 2) Service
apiVersion: v1
kind: Service
metadata:
name: code-config
namespace: infra
spec:
type: ClusterIP
selector:
app: code-config
ports:
- port: 8443
targetPort: code-port
---
# 3) PersistentVolumeClaim (for /config)
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: code-config
namespace: infra
annotations:
nfs.io/storage-path: "code-config"
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
# 4) Ingress (Traefik)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: code-config
namespace: infra
spec:
ingressClassName: nginx
rules:
- host: code-config.haven
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: code-config
port:
number: 8443

124
infra/wg-easy.yaml Normal file
View File

@@ -0,0 +1,124 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: wg-easy-pvc
namespace: infra
annotations:
nfs.io/storage-path: "wg-easy-config"
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wg-easy
namespace: infra
spec:
strategy:
type: Recreate
replicas: 1
selector:
matchLabels:
app: wg-easy
template:
metadata:
labels:
app: wg-easy
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- nexus
containers:
- name: wg-easy
image: ghcr.io/wg-easy/wg-easy:latest
imagePullPolicy: Always
ports:
- containerPort: 51820
protocol: UDP
name: wg-port
- containerPort: 51821
protocol: TCP
name: web-port
env:
- name: LANG
value: en
- name: WG_HOST
value: vpn.ivanch.me
- name: WG_MTU
value: "1420"
- name: UI_TRAFFIC_STATS
value: "true"
- name: UI_CHART_TYPE
value: "0"
- name: WG_ENABLE_ONE_TIME_LINKS
value: "true"
- name: UI_ENABLE_SORT_CLIENTS
value: "true"
securityContext:
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
resources:
requests:
cpu: 100m
memory: 256Mi
volumeMounts:
- name: wg-easy-volume
mountPath: /etc/wireguard
restartPolicy: Always
volumes:
- name: wg-easy-volume
persistentVolumeClaim:
claimName: wg-easy-pvc
---
apiVersion: v1
kind: Service
metadata:
name: wg-easy-svc
namespace: infra
spec:
type: LoadBalancer
selector:
app: wg-easy
loadBalancerIP: 192.168.15.202
ports:
- name: wg-port
port: 51820
targetPort: 51820
protocol: UDP
- name: web-port
port: 51821
targetPort: 51821
protocol: TCP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wg-easy-ingress
namespace: infra
spec:
ingressClassName: nginx
rules:
- host: vpn.haven
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wg-easy-svc
port:
number: 51821