adding docker-ingress namespace

.gitignore

@@ -3,7 +3,11 @@ default/*tt*
 certs/ca*
 
 lab/*
+sandbox/*
 !lab/nfs-pod.yaml
 
 rbac
-cronjobs
+cronjobs
+
+*.crt
+*.key

README.md

@@ -51,6 +51,8 @@ The repository name references my local TLD, `.haven` ;)
     - MetalLB components
 - cert-manager
     - cert-manager components
+- docker-ingress
+    - nginx ingress controller components for Docker-based services
 
 ## Todo
 - Move ArchiveBox data to its own PVC on the NAS

alloy/README.md

@@ -0,0 +1,3 @@
+helm repo add grafana https://grafana.github.io/helm-charts
+helm repo update
+helm install alloy grafana/alloy --namespace alloy -f values.yaml

alloy/values.yaml

@@ -0,0 +1,107 @@
+alloy:
+  clustering:
+    enabled: false # Single node deployment
+
+  configMap:
+    create: true
+    content: |-
+      discovery.kubernetes "all_pods" {
+        role = "pod"
+
+        selectors {
+          role  = "pod"
+          field = "spec.nodeName=" + coalesce(env("HOSTNAME"), constants.hostname)
+        }
+      }
+
+      discovery.relabel "all_pods" {
+        targets = discovery.kubernetes.all_pods.targets
+
+        rule {
+          source_labels = ["__meta_kubernetes_namespace"]
+          target_label  = "namespace"
+        }
+        rule {
+          source_labels = ["__meta_kubernetes_pod_name"]
+          target_label  = "pod"
+        }
+        rule {
+          source_labels = ["__meta_kubernetes_pod_container_name"]
+          target_label  = "container"
+        }
+        rule {
+          source_labels = ["__meta_kubernetes_pod_label_app_kubernetes_io_name"]
+          target_label  = "app"
+        }
+      }
+
+      loki.source.kubernetes "all_logs" {
+        targets    = discovery.relabel.all_pods.output
+        forward_to = [loki.write.main.receiver]
+      }
+
+      discovery.kubernetes "shared_pods" {
+        role = "pod"
+        selectors {
+          role  = "pod"
+          field = "metadata.namespace=chacal"
+        }
+      }
+
+      discovery.relabel "shared_pods" {
+        targets = discovery.kubernetes.shared_pods.targets
+
+        rule {
+          source_labels = ["__meta_kubernetes_namespace"]
+          target_label  = "namespace"
+        }
+        rule {
+          source_labels = ["__meta_kubernetes_pod_name"]
+          target_label  = "pod"
+        }
+        rule {
+          source_labels = ["__meta_kubernetes_pod_container_name"]
+          target_label  = "container"
+        }
+        rule {
+          source_labels = ["__meta_kubernetes_pod_label_app_kubernetes_io_name"]
+          target_label  = "app"
+        }
+      }
+
+      loki.source.kubernetes "shared_logs" {
+        targets    = discovery.relabel.shared_pods.output
+        forward_to = [loki.write.shared.receiver]
+      }
+
+      loki.write "main" {
+        endpoint {
+          url = "http://loki.monitoring.svc.cluster.local:3100/loki/api/v1/push"
+          headers = {
+            "X-Scope-OrgID" = "main",
+          }
+        }
+      }
+
+      loki.write "shared" {
+        endpoint {
+          url = "http://loki.monitoring.svc.cluster.local:3100/loki/api/v1/push"
+          headers = {
+            "X-Scope-OrgID" = "chacal",
+          }
+        }
+      }
+
+  mounts:
+    varlog: true # Mount host /var/log for pod logs
+
+  controller:
+    type: daemonset # Run on every node
+
+  resources:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+    limits:
+      cpu: 200m
+      memory: 256Mi

docker-ingress/changedetection.yaml

@@ -0,0 +1,44 @@
+# docker-node: iris.haven
+# port: 4100
+
+# Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: changedetection-service
+  namespace: docker-ingress
+spec:
+  ports:
+    - port: 80
+      targetPort: 4100
+---
+# Endpoints
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: changedetection-service
+  namespace: docker-ingress
+subsets:
+  - addresses:
+      - ip: 192.168.15.101
+    ports:
+      - port: 4100
+---
+# Ingress
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: changedetection-ingress
+  namespace: docker-ingress
+spec:
+  rules:
+    - host: change.haven
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: changedetection-service
+                port:
+                  number: 80

docker-ingress/dockge.yaml

@@ -0,0 +1,44 @@
+# docker-node: iris.haven
+# port: 4100
+
+# Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: dockge-service
+  namespace: docker-ingress
+spec:
+  ports:
+    - port: 80
+      targetPort: 5001
+---
+# Endpoints
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: dockge-service
+  namespace: docker-ingress
+subsets:
+  - addresses:
+      - ip: 192.168.15.101
+    ports:
+      - port: 5001
+---
+# Ingress
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: dockge-ingress
+  namespace: docker-ingress
+spec:
+  rules:
+    - host: dockge.haven
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: dockge-service
+                port:
+                  number: 80

docker-ingress/paperless.yaml

@@ -0,0 +1,44 @@
+# docker-node: iris.haven
+# port: 4100
+
+# Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: paperless-service
+  namespace: docker-ingress
+spec:
+  ports:
+    - port: 80
+      targetPort: 4200
+---
+# Endpoints
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: paperless-service
+  namespace: docker-ingress
+subsets:
+  - addresses:
+      - ip: 192.168.15.101
+    ports:
+      - port: 4200
+---
+# Ingress
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: paperless-ingress
+  namespace: docker-ingress
+spec:
+  rules:
+    - host: paperless.haven
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: paperless-service
+                port:
+                  number: 80

docker-ingress/transmission.yaml

@@ -0,0 +1,44 @@
+# docker-node: iris.haven
+# port: 4100
+
+# Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: transmission-service
+  namespace: docker-ingress
+spec:
+  ports:
+    - port: 80
+      targetPort: 3210
+---
+# Endpoints
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: transmission-service
+  namespace: docker-ingress
+subsets:
+  - addresses:
+      - ip: 192.168.15.60
+    ports:
+      - port: 3210
+---
+# Ingress
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: transmission-ingress
+  namespace: docker-ingress
+spec:
+  rules:
+    - host: transmission.haven
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: transmission-service
+                port:
+                  number: 80

infra/beszel-agent.yaml

@@ -22,7 +22,7 @@ spec:
             secretKeyRef:
               name: beszel-key
               key: SECRET-KEY
-        image: henrygd/beszel-agent:0.14.1
+        image: henrygd/beszel-agent:0.17.0
         imagePullPolicy: Always
         name: beszel-agent
         ports:

infra/beszel.yaml

@@ -26,7 +26,7 @@ spec:
                 - amd64
       containers:
         - name: beszel
-          image: ghcr.io/henrygd/beszel/beszel:0.14.1
+          image: ghcr.io/henrygd/beszel/beszel:0.17.0
           imagePullPolicy: Always
           ports:
             - containerPort: 8090