Compare commits
66 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 gitea-admin
|
ab3692fb10 | ||
|
gitea-admin
|
b7381996b7 | ||
|
gitea-admin
|
c05b242e97 | ||
|
gitea-admin
|
606fe76fed | ||
|
gitea-admin
|
7c29b1a332 | ||
|
gitea-admin
|
a3dffd9030 | ||
|
gitea-admin
|
0cb2a06a33 | ||
|
gitea-admin
|
25c2e1ce7d | ||
|
gitea-admin
|
5a78ea7024 | ||
|
gitea-admin
|
43d39afc17 | ||
|
gitea-admin
|
a4f2d6f2d5 | ||
|
gitea-admin
|
65fc0a3e40 | ||
|
gitea-admin
|
7dc06904a0 | ||
|
gitea-admin
|
b076539668 | ||
|
gitea-admin
|
dad1ece70d | ||
|
gitea-admin
|
085e826575 | ||
|
gitea-admin
|
4385d6e513 | ||
|
gitea-admin
|
6c12deffbc | ||
|
gitea-admin
|
19ca33471e | ||
|
gitea-admin
|
158f52bc3f | ||
|
gitea-admin
|
236bc2ed78 | ||
|
gitea-admin
|
a31a30d727 | ||
|
gitea-admin
|
8a45a906f5 | ||
|
gitea-admin
|
349a951607 | ||
|
gitea-admin
|
ad4aa44ae8 | ||
|
gitea-admin
|
e03e66b7ac | ||
|
gitea-admin
|
d030ea8629 | ||
|
gitea-admin
|
f968b77da4 | ||
|
gitea-admin
|
95b6d62075 | ||
|
gitea-admin
|
9e5f6f637b | ||
|
gitea-admin
|
eb19f1f7bc | ||
|
gitea-admin
|
e82110871f | ||
|
gitea-admin
|
ad50b521b5 | ||
|
gitea-admin
|
9c6ae5bba6 | ||
|
gitea-admin
|
12d8ee0414 | ||
|
gitea-admin
|
ebb12d26af | ||
|
gitea-admin
|
c07a019b1a | ||
|
gitea-admin
|
1c883cf071 | ||
|
gitea-admin
|
ca5e3f4638 | ||
|
gitea-admin
|
f59bc33039 | ||
|
gitea-admin
|
8a6d17c366 | ||
|
gitea-admin
|
d552a2b03a | ||
|
gitea-admin
|
f489715864 | ||
|
gitea-admin
|
2a90fa8c53 | ||
|
gitea-admin
|
efb5abae5e | ||
|
gitea-admin
|
72194bf59f | ||
|
gitea-admin
|
7402e16cf4 | ||
|
gitea-admin
|
6f560c8c68 | ||
|
gitea-admin
|
e29c00cae0 | ||
|
gitea-admin
|
81481bf274 | ||
|
gitea-admin
|
e88ee7c408 | ||
|
gitea-admin
|
47368da4e3 | ||
|
gitea-admin
|
a4db5a303d | ||
|
gitea-admin
|
294fe564da | ||
|
gitea-admin
|
e39182ecbf | ||
|
gitea-admin
|
f881ff31dc | ||
|
gitea-admin
|
dddd39e385 | ||
|
gitea-admin
|
bf88086a3d | ||
|
gitea-admin
|
df571132b7 | ||
|
gitea-admin
|
c4684fb0cf | ||
|
gitea-admin
|
7217c9c9bf | ||
|
gitea-admin
|
406b643aaf | ||
|
gitea-admin
|
5cbb25af84 | ||
|
gitea-admin
|
efd3ccf0da | ||
|
gitea-admin
|
742cdf485f | ||
|
gitea-admin
|
28f608f0a1 |
@@ -0,0 +1,29 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: excalidraw
|
||||
namespace: apps
|
||||
labels:
|
||||
app: excalidraw
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: excalidraw
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: excalidraw
|
||||
spec:
|
||||
containers:
|
||||
- name: excalidraw
|
||||
image: excalidraw/excalidraw:latest
|
||||
ports:
|
||||
- containerPort: 80
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
@@ -0,0 +1,26 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: excalidraw
|
||||
namespace: apps
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
spec:
|
||||
ingressClassName: traefik
|
||||
tls:
|
||||
- hosts:
|
||||
- excalidraw.khalisio.com
|
||||
secretName: excalidraw-tls
|
||||
rules:
|
||||
- host: excalidraw.khalisio.com
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: excalidraw
|
||||
port:
|
||||
number: 80
|
||||
@@ -0,0 +1,13 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: excalidraw
|
||||
namespace: apps
|
||||
spec:
|
||||
selector:
|
||||
app: excalidraw
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
targetPort: 80
|
||||
type: ClusterIP
|
||||
@@ -0,0 +1,48 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bazarr
|
||||
namespace: media
|
||||
labels:
|
||||
app: bazarr
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bazarr
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bazarr
|
||||
spec:
|
||||
containers:
|
||||
- name: bazarr
|
||||
image: lscr.io/linuxserver/bazarr:1.5.0
|
||||
ports:
|
||||
- containerPort: 6767
|
||||
env:
|
||||
- name: PUID
|
||||
value: "1000"
|
||||
- name: PGID
|
||||
value: "1000"
|
||||
- name: TZ
|
||||
value: "America/New_York"
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 256Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /config
|
||||
- name: media
|
||||
mountPath: /media
|
||||
volumes:
|
||||
- name: config
|
||||
persistentVolumeClaim:
|
||||
claimName: bazarr-config
|
||||
- name: media
|
||||
persistentVolumeClaim:
|
||||
claimName: media-data
|
||||
@@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: bazarr-config
|
||||
namespace: media
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: longhorn
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
@@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: bazarr
|
||||
namespace: media
|
||||
labels:
|
||||
app: bazarr
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 6767
|
||||
targetPort: 6767
|
||||
protocol: TCP
|
||||
selector:
|
||||
app: bazarr
|
||||
@@ -0,0 +1,56 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: emby
|
||||
namespace: media
|
||||
labels:
|
||||
app: emby
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: emby
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: emby
|
||||
spec:
|
||||
containers:
|
||||
- name: emby
|
||||
image: lscr.io/linuxserver/emby:latest
|
||||
ports:
|
||||
- containerPort: 8096
|
||||
env:
|
||||
- name: PUID
|
||||
value: "1000"
|
||||
- name: PGID
|
||||
value: "1000"
|
||||
- name: TZ
|
||||
value: "America/New_York"
|
||||
resources:
|
||||
requests:
|
||||
cpu: 500m
|
||||
memory: 1Gi
|
||||
limits:
|
||||
cpu: "2"
|
||||
memory: 2Gi
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /config
|
||||
# TODO: Update mount path to your actual media storage location
|
||||
- name: media-movies
|
||||
mountPath: /media/movies
|
||||
- name: media-tv
|
||||
mountPath: /media/tv
|
||||
volumes:
|
||||
- name: config
|
||||
persistentVolumeClaim:
|
||||
claimName: emby-config
|
||||
- name: media-movies
|
||||
# TODO: Change to your actual storage (NFS, local path, etc.)
|
||||
emptyDir: {}
|
||||
- name: media-tv
|
||||
emptyDir: {}
|
||||
- name: media
|
||||
persistentVolumeClaim:
|
||||
claimName: media-data
|
||||
@@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: emby-config
|
||||
namespace: media
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: longhorn
|
||||
resources:
|
||||
requests:
|
||||
storage: 20Gi
|
||||
@@ -0,0 +1,20 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: emby
|
||||
namespace: media
|
||||
labels:
|
||||
app: emby
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 8096
|
||||
targetPort: 8096
|
||||
protocol: TCP
|
||||
name: http
|
||||
- port: 8920
|
||||
targetPort: 8920
|
||||
protocol: TCP
|
||||
name: https
|
||||
selector:
|
||||
app: emby
|
||||
@@ -0,0 +1,48 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: lidarr
|
||||
namespace: media
|
||||
labels:
|
||||
app: lidarr
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: lidarr
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: lidarr
|
||||
spec:
|
||||
containers:
|
||||
- name: lidarr
|
||||
image: lscr.io/linuxserver/lidarr:2.7.0
|
||||
ports:
|
||||
- containerPort: 8686
|
||||
env:
|
||||
- name: PUID
|
||||
value: "1000"
|
||||
- name: PGID
|
||||
value: "1000"
|
||||
- name: TZ
|
||||
value: "America/New_York"
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 256Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /config
|
||||
- name: media
|
||||
mountPath: /media
|
||||
volumes:
|
||||
- name: config
|
||||
persistentVolumeClaim:
|
||||
claimName: lidarr-config
|
||||
- name: media
|
||||
persistentVolumeClaim:
|
||||
claimName: media-data
|
||||
@@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: lidarr-config
|
||||
namespace: media
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: longhorn
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
@@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: lidarr
|
||||
namespace: media
|
||||
labels:
|
||||
app: lidarr
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 8686
|
||||
targetPort: 8686
|
||||
protocol: TCP
|
||||
selector:
|
||||
app: lidarr
|
||||
@@ -0,0 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: media
|
||||
labels:
|
||||
app.kubernetes.io/managed-by: orion
|
||||
team: media
|
||||
@@ -0,0 +1,43 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: prowlarr
|
||||
namespace: media
|
||||
labels:
|
||||
app: prowlarr
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: prowlarr
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: prowlarr
|
||||
spec:
|
||||
containers:
|
||||
- name: prowlarr
|
||||
image: lscr.io/linuxserver/prowlarr:1.29.0
|
||||
ports:
|
||||
- containerPort: 9696
|
||||
env:
|
||||
- name: PUID
|
||||
value: "1000"
|
||||
- name: PGID
|
||||
value: "1000"
|
||||
- name: TZ
|
||||
value: "America/New_York"
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 256Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /config
|
||||
volumes:
|
||||
- name: config
|
||||
persistentVolumeClaim:
|
||||
claimName: prowlarr-config
|
||||
@@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: prowlarr-config
|
||||
namespace: media
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: longhorn
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
@@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: prowlarr
|
||||
namespace: media
|
||||
labels:
|
||||
app: prowlarr
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 9696
|
||||
targetPort: 9696
|
||||
protocol: TCP
|
||||
selector:
|
||||
app: prowlarr
|
||||
@@ -0,0 +1,48 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: radarr
|
||||
namespace: media
|
||||
labels:
|
||||
app: radarr
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: radarr
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: radarr
|
||||
spec:
|
||||
containers:
|
||||
- name: radarr
|
||||
image: lscr.io/linuxserver/radarr:5.15.0
|
||||
ports:
|
||||
- containerPort: 7878
|
||||
env:
|
||||
- name: PUID
|
||||
value: "1000"
|
||||
- name: PGID
|
||||
value: "1000"
|
||||
- name: TZ
|
||||
value: "America/New_York"
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 256Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /config
|
||||
- name: media
|
||||
mountPath: /media
|
||||
volumes:
|
||||
- name: config
|
||||
persistentVolumeClaim:
|
||||
claimName: radarr-config
|
||||
- name: media
|
||||
persistentVolumeClaim:
|
||||
claimName: media-data
|
||||
@@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: radarr-config
|
||||
namespace: media
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: longhorn
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
@@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: radarr
|
||||
namespace: media
|
||||
labels:
|
||||
app: radarr
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 7878
|
||||
targetPort: 7878
|
||||
protocol: TCP
|
||||
selector:
|
||||
app: radarr
|
||||
@@ -0,0 +1,48 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: readarr
|
||||
namespace: media
|
||||
labels:
|
||||
app: readarr
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: readarr
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: readarr
|
||||
spec:
|
||||
containers:
|
||||
- name: readarr
|
||||
image: lscr.io/linuxserver/readarr:0.4.0
|
||||
ports:
|
||||
- containerPort: 8787
|
||||
env:
|
||||
- name: PUID
|
||||
value: "1000"
|
||||
- name: PGID
|
||||
value: "1000"
|
||||
- name: TZ
|
||||
value: "America/New_York"
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 256Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /config
|
||||
- name: media
|
||||
mountPath: /media
|
||||
volumes:
|
||||
- name: config
|
||||
persistentVolumeClaim:
|
||||
claimName: readarr-config
|
||||
- name: media
|
||||
persistentVolumeClaim:
|
||||
claimName: media-data
|
||||
@@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: readarr-config
|
||||
namespace: media
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: longhorn
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
@@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: readarr
|
||||
namespace: media
|
||||
labels:
|
||||
app: readarr
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 8787
|
||||
targetPort: 8787
|
||||
protocol: TCP
|
||||
selector:
|
||||
app: readarr
|
||||
@@ -0,0 +1,48 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: sonarr
|
||||
namespace: media
|
||||
labels:
|
||||
app: sonarr
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: sonarr
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: sonarr
|
||||
spec:
|
||||
containers:
|
||||
- name: sonarr
|
||||
image: lscr.io/linuxserver/sonarr:4.0.11
|
||||
ports:
|
||||
- containerPort: 8989
|
||||
env:
|
||||
- name: PUID
|
||||
value: "1000"
|
||||
- name: PGID
|
||||
value: "1000"
|
||||
- name: TZ
|
||||
value: "America/New_York"
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 256Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /config
|
||||
- name: media
|
||||
mountPath: /media
|
||||
volumes:
|
||||
- name: config
|
||||
persistentVolumeClaim:
|
||||
claimName: sonarr-config
|
||||
- name: media
|
||||
persistentVolumeClaim:
|
||||
claimName: media-data
|
||||
@@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: sonarr-config
|
||||
namespace: media
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: longhorn
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
@@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: sonarr
|
||||
namespace: media
|
||||
labels:
|
||||
app: sonarr
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 8989
|
||||
targetPort: 8989
|
||||
protocol: TCP
|
||||
selector:
|
||||
app: sonarr
|
||||
@@ -0,0 +1,6 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: apps
|
||||
labels:
|
||||
name: apps
|
||||
@@ -1,52 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: tailscale-operator
|
||||
namespace: tailscale
|
||||
labels:
|
||||
app: tailscale-operator
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: tailscale-operator
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: tailscale-operator
|
||||
spec:
|
||||
serviceAccountName: tailscale-operator
|
||||
containers:
|
||||
- name: operator
|
||||
image: ghcr.io/tailscale/k8s-operator:v1.78.3
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: TS_CLIENT_ID_FILE
|
||||
value: /etc/tailscale/oauth/client_id
|
||||
- name: TS_CLIENT_SECRET_FILE
|
||||
value: /etc/tailscale/oauth/client_secret
|
||||
volumeMounts:
|
||||
- name: oauth-secret
|
||||
mountPath: /etc/tailscale/oauth
|
||||
readOnly: true
|
||||
resources: {}
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
terminationGracePeriodSeconds: 30
|
||||
volumes:
|
||||
- name: oauth-secret
|
||||
secret:
|
||||
secretName: tailscale-operator-secret
|
||||
items:
|
||||
- key: CLIENT_ID_FILE
|
||||
path: client_id
|
||||
- key: CLIENT_SECRET_FILE
|
||||
path: client_secret
|
||||
@@ -1,49 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: tailscale
|
||||
labels:
|
||||
app.kubernetes.io/name: tailscale-operator
|
||||
app.kubernetes.io/part-of: infrastructure
|
||||
management: gitops
|
||||
managed-by: orion
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: tailscale-operator
|
||||
namespace: tailscale
|
||||
labels:
|
||||
app.kubernetes.io/name: tailscale-operator
|
||||
app.kubernetes.io/part-of: infrastructure
|
||||
management: gitops
|
||||
managed-by: orion
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: tailscale-operator
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: tailscale-operator
|
||||
spec:
|
||||
serviceAccountName: tailscale-operator
|
||||
containers:
|
||||
- name: operator
|
||||
image: ghcr.io/tailscale/k8s-operator:1.78.1
|
||||
env:
|
||||
- name: TS_AUTH_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: tailscale-auth
|
||||
key: TS_AUTH_KEY
|
||||
- name: TS_USERSPACE
|
||||
value: "true"
|
||||
resources:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 64Mi
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
@@ -1,4 +1,4 @@
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: tailscale-auth
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: tailscale
|
||||
@@ -19,20 +19,19 @@ spec:
|
||||
containers:
|
||||
- name: operator
|
||||
image: ghcr.io/tailscale/k8s-operator:v1.78.3
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: metadata.namespace
|
||||
- name: TS_CLIENT_ID_FILE
|
||||
- name: CLIENT_ID_FILE
|
||||
value: /etc/tailscale/oauth/client-id
|
||||
- name: TS_CLIENT_SECRET_FILE
|
||||
- name: CLIENT_SECRET_FILE
|
||||
value: /etc/tailscale/oauth/client-secret
|
||||
volumeMounts:
|
||||
- name: oauth-secret
|
||||
|
||||
@@ -0,0 +1,22 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: tailscale-operator-secret
|
||||
namespace: tailscale
|
||||
spec:
|
||||
refreshInterval: 1h
|
||||
secretStoreRef:
|
||||
name: orion-vault
|
||||
kind: ClusterSecretStore
|
||||
target:
|
||||
name: tailscale-operator-secret
|
||||
creationPolicy: Owner
|
||||
data:
|
||||
- secretKey: client-id
|
||||
remoteRef:
|
||||
key: tailscale/operator
|
||||
property: CLIENT_ID_FILE
|
||||
- secretKey: client-secret
|
||||
remoteRef:
|
||||
key: tailscale/operator
|
||||
property: CLIENT_SECRET_FILE
|
||||
Reference in New Issue
Block a user