This is probably overly-complicated for what I actually need and I will probably simplify it in the future. Authelia provides SSO capabilities for the cluster and is integrated with nginx-ingress.
- authelia/authelia.yaml - Authelia SSO Server Helm Chart deployment
- authelia/postgres-pvc.yaml - PVC to store config and data for Postgres
- authelia/postgres.yaml - Postgres deployment for use by Authelia for registering user second-factor
- authelia/redis-pvc.yaml - PVC to store config for Redis
- authelia/redis.yaml - Redis deployment for use by Authelia for sessions
A custom docker image and cron job that uses the AWS cli to udpate a dns reocord pointing to the cluster's external IP address.
- dynamic-dns/cronjob.yaml - Cron Job which schedules the DNS update
Kured is a Kubernetes daemonset that performs safe automatic node reboots when the need to do so is indicated by the package management system of the underlying OS.
- kured/kured.yaml - HelmRelease for kured
MetalLB is an on-cluster LoadBalancer in the Layer 2 configuration to allow for "external" IPs to be assigned. Primarily used with nginx below.
- metallb/metallb.yaml - HelmRelease for metallb, including values configuration.
Minio is a high-performance, S3 compatible object store.
- minio/minio.yaml - HelmRelease using the official minio charts, backed by NFS.
Persistent Volume configuration for shared NFS storage.
- nfs-pv/mastodon-pv.yaml - Bulk storage backed by a TrueNAS NFS share for Mastodon's Minio instance.
- nfs-pv/minio-pv.yaml - Storage for Minio S3 Compatible storage backed by TrueNAS NFS share.
- nfs-pv/onedrive-pv.yaml - Storage for OneDrive image backed by TrueNAS NFS share.
Nginx ingress controller for the cluster, works with cert-manager to secure and route traffic to specific pods/applications.
- nginx/nginx-internal.yaml - HelmRelease for nginx-ingress serving internal traffic, including custom 404 pages from billimek/custom-error-pages.
- nginx/nginx-external.yaml - HelmRelease for nginx-ingress serving external traffic, including custom 404 pages from billimek/custom-error-pages.
Trying out creating an LDAP provider for the cluster to do authentication at the nginx-ingress level.
- openldap/openldap.yaml - Deployment and Service to expose an OpenLDAP instance based on bitnami containers.
- openldap/openldap-secrets.sops.yaml - My encrypted open ldap secrets.
Provide authentication using alexellis' registry-creds across the cluster for Docker Hub and raise the pull limit a bit so that we are less likely to hit it.
- registry-creds/dockerhub.yaml - The ClusterPullSecret which binds the docker-registry secrets to teh registry-creds deployment to be used by kubernetes.
- registry-creds/registry-creds-secret.sops.yaml - My encrypted open dockerhub secret.
- registry-creds/registry-creds.yaml - Deployment for registry-creds.
Reloader is a Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig
- reloader/reloader.yaml Simple HelmRelease using the official chart.
Snashot Controller is a snapshoting helper required for CSI snapshotting to work. Not specific to Rook/Ceph, but required for the Volsync setup.
- snapshot-controller/ks.yaml - Health checks for Snapshot Controller.
- snapshot-controller/snapshot-controller.yaml - Helm Release for Snapshot Controller using the Piraus Charts.
Volsync is asynchronous data replication for Kubernetes volumes.
- volsync/ks.yaml - Healthchecks for Volsync.
- volsync/kustomization.yaml - Install ordering for ks and Volsync.
- volsync/volsync.yaml - HelmRelease for Volsync.