feature(wip): Implement basic services and some databases.

kubernetes/loadbalancer/metallb/metallb_ip_config.yml

@@ -0,0 +1,12 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: first-pool
+spec:
+  addresses:
+  - 192.168.2.10-192.168.2.254
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: example

kubernetes/loadbalancer/metallb/metallb_namespace.yml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: metallb-system
+  labels:
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged

kubernetes/loadbalancer/metallb/project.ini

@@ -0,0 +1,39 @@
+[meta]
+format_ver = 1
+
+[metallb_namespace]
+description = Namespace Configuration for MetalLB
+mode = k3s
+
+[#metallb_namespace/k3s]
+mode = install
+yml_path = ./metallb_namespace.yml
+
+[metallb_repo]
+description = MetalLB Repository
+mode = helm
+depends_on = metallb_namespace
+
+[#metallb_repo/helm]
+mode = add_repo
+name = metallb
+repo = https://metallb.github.io/metallb
+
+[metallb]
+description = MetalLB
+mode = helm
+depends_on = metallb_repo
+
+[#metallb/helm]
+mode = install
+name = metallb
+repo = metallb/metallb
+
+[metallb_ip_config]
+description = IPs for MetalLB
+mode = k3s
+depends_on = metallb
+
+[#metallb_ip_config/k3s]
+mode = install
+yml_path = ./metallb_ip_config.yml

kubernetes/loadbalancer/project.ini

@@ -0,0 +1,12 @@
+[meta]
+format_ver = 1
+
+[metallb]
+description = MetalLB
+mode = include
+path = ./metallb/project.ini
+
+[traefik]
+description = MetalLB
+mode = include
+path = ./traefik/project.ini

kubernetes/loadbalancer/traefik/account.yml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: traefik-account

kubernetes/loadbalancer/traefik/project.ini

@@ -0,0 +1,65 @@
+[meta]
+format_ver = 1
+
+[traefik_role]
+description = Traefik role for self
+mode = k3s
+depends_on = metallb_ip_config:traefik_cf_credentials
+
+[#traefik_role/k3s]
+mode = install
+yml_path = ./role.yml
+
+[traefik_account]
+description = Traefik account
+mode = k3s
+depends_on = traefik_role
+
+[#traefik_account/k3s]
+mode = install
+yml_path = ./account.yml
+
+[traefik_role_binding]
+description = Traefik role binding
+mode = k3s
+depends_on = traefik_account
+
+[#traefik_role_binding/k3s]
+mode = install
+yml_path = ./role-binding.yml
+
+[traefik_pv]
+description = Traefik certificate storage
+mode = k3s
+depends_on = traefik_role_binding
+
+[#traefik_pv/k3s]
+mode = install
+yml_path = ./pv.yml
+
+[traefik_pv_claim]
+description = Traefik certificate storage claim
+mode = k3s
+depends_on = traefik_pv
+
+[#traefik_pv_claim/k3s]
+mode = install
+yml_path = ./pv-claim.yml
+
+[traefik]
+description = Traefik
+mode = k3s
+depends_on = traefik_account
+
+[#traefik/k3s]
+mode = install
+yml_path = ./traefik.yml
+
+[traefik_dashboard]
+description = Traefik Dashboard
+mode = k3s
+depends_on = traefik
+
+[#traefik_dashboard/k3s]
+mode = install
+yml_path = ./traefik-dashboard.yml

kubernetes/loadbalancer/traefik/pv-claim.yml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: traefik-volume-claim
+  labels:
+    app: traefik
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Gi

kubernetes/loadbalancer/traefik/pv.yml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: traefik-certs-volume
+  labels:
+    type: local
+    app: traefik
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteMany
+  hostPath:
+    path: /ssl-certs/

kubernetes/loadbalancer/traefik/role-binding.yml

@@ -0,0 +1,13 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: traefik-role-binding
+
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: traefik-role
+subjects:
+  - kind: ServiceAccount
+    name: traefik-account
+    namespace: default # This tutorial uses the "default" K8s namespace.

kubernetes/loadbalancer/traefik/role.yml

@@ -0,0 +1,39 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: traefik-role
+
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - services
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - discovery.k8s.io
+    resources:
+      - endpointslices
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+      - networking.k8s.io
+    resources:
+      - ingresses
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - update

kubernetes/loadbalancer/traefik/traefik-dashboard.yml

@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik-dashboard-service
+  annotations:
+    metallb.universe.tf/loadBalancerIPs: 192.168.2.10
+    metallb.universe.tf/allow-shared-ip: "this-is-traefik"
+
+spec:
+  type: LoadBalancer
+  ports:
+    - port: 8080
+      targetPort: dashboard
+  selector:
+    app: traefik
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik-web-service
+  annotations:
+    metallb.universe.tf/loadBalancerIPs: 192.168.2.10
+    metallb.universe.tf/allow-shared-ip: "this-is-traefik"
+
+spec:
+  type: LoadBalancer
+  ports:
+    - targetPort: web
+      port: 80
+  selector:
+    app: traefik
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik-web-service
+  annotations:
+    metallb.universe.tf/loadBalancerIPs: 192.168.2.10
+    metallb.universe.tf/allow-shared-ip: "this-is-traefik"
+
+spec:
+  type: LoadBalancer
+  ports:
+    - targetPort: web
+      port: 443
+  selector:
+    app: traefik

kubernetes/loadbalancer/traefik/traefik.yml

@@ -0,0 +1,53 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: traefik-deployment
+  labels:
+    app: traefik
+
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: traefik
+  template:
+    metadata:
+      labels:
+        app: traefik
+    spec:
+      serviceAccountName: traefik-account
+      containers:
+        - name: traefik
+          image: traefik:v3.1
+          args:
+            - --api.insecure
+            - --providers.kubernetesingress
+            - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
+            - --certificatesresolvers.cloudflare.acme.email=greysonhofer09@gmail.com
+            - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1
+            - --certificatesresolvers.cloudflare.acme.storage=/ssl-certs/acme-cloudflare.json
+          ports:
+            - name: web
+              containerPort: 80
+            - name: web
+              containerPort: 443
+            - name: dashboard
+              containerPort: 8080
+          env:
+            - name: CF_API_EMAIL
+              valueFrom:
+                secretKeyRef:
+                  name: traefik-cf-creds
+                  key: cf-email
+            - name: CF_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: traefik-cf-creds
+                  key: cf-key
+          volumeMounts:
+            - mountPath: /ssl-certs/
+              name: cert-data
+      volumes:
+        - name: cert-data
+          persistentVolumeClaim:
+            claimName: traefik-volume-claim