From f6186e7484bbd05b9468f75a4d288c2f7c232714 Mon Sep 17 00:00:00 2001
From: Moritz Graf <github@moritzgraf.de>
Date: Fri, 24 Apr 2020 00:03:47 +0200
Subject: [PATCH] First part of migrating to openebs

---
 k8s/README.md                        |  51 +++++++++++++--------------
 k8s/cert-manager/cert-manager.yaml   |  27 ++++----------
 k8s/datalab/redeploy.yaml            |   2 +-
 k8s/datalab/rstudio.yaml             |   2 +-
 k8s/development/registry.secret.yaml | Bin 1008 -> 615 bytes
 k8s/nginx-ingress/nginx-ingress.yaml |  27 ++++----------
 k8s/openebs/openebs.yml              |  17 +++++++++
 7 files changed, 57 insertions(+), 69 deletions(-)
 create mode 100644 k8s/openebs/openebs.yml

diff --git a/k8s/README.md b/k8s/README.md
index 458d13e..7c20734 100644
--- a/k8s/README.md
+++ b/k8s/README.md
@@ -27,23 +27,18 @@ kubectl patch deployment $DEPLOYMENT -n $NAMESPACE -p "{\"spec\": {\"template\":
 ## namespaces
 
 ```sh
-namespaces="flux cert-manager nginx-ingress infrapuzzle kuard auth nextcloud datalab web development longhorn-system tt-rss backup"
+namespaces="flux cert-manager nginx-ingress infrapuzzle kuard auth nextcloud datalab web development tt-rss backup monitoring"
 for i in $( echo $NAMESPACES ) ; do
   k create ns $i
 done
 ```
 
-## [helm-operator](https://github.com/fluxcd/helm-operator/blob/master/chart/helm-operator/README.md)
+## helm repositories
 
-As I use helm extensively, using the helm-operator was a logical step. [See documentation for installation.](https://github.com/fluxcd/helm-operator/blob/master/chart/helm-operator/README.md)
-
-```bash
-$ helm repo add fluxcd https://charts.fluxcd.io
-$ helm repo update
-$ kubectl apply -f https://raw.githubusercontent.com/fluxcd/helm-operator/master/deploy/crds.yaml
-$ helm upgrade -i helm-operator fluxcd/helm-operator \
-    --namespace flux \
-    --set helm.versions=v3
+```sh
+helm repo add stable https://kubernetes-charts.storage.googleapis.com
+helm repo add jetstack https://charts.jetstack.io
+helm repo update
 ```
 
 ## [ingress-controller](https://github.com/helm/charts/tree/master/stable/nginx-ingress)
@@ -51,7 +46,7 @@ $ helm upgrade -i helm-operator fluxcd/helm-operator \
 Apply with helm-operator:
 
 ```bash
-$ kubectl apply -f nginx-ingress/ingress.yaml
+helm upgrade nginx-ingress stable/nginx-ingress -n nginx-ingress -f nginx-ingress/nginx-ingress.yaml
 ```
 
 ## [cert-manager](https://cert-manager.io/docs/tutorials/acme/ingress/)
@@ -59,8 +54,10 @@ $ kubectl apply -f nginx-ingress/ingress.yaml
 Apply with helm-operator:
 
 ```bash
+helm upgrade cert-manager jetstack/cert-manager -n cert-manager -f cert-manager/cert-manager.yaml
+# probably not even needed:
 $ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/master/deploy/manifests/00-crds.yaml
-$ kubectl apply -f cert-manager/cert-manager.yaml
+# this is required:
 $ kubectl apply -f cert-manager/staging-issuer.yaml
 $ kubectl apply -f cert-manager/production-issuer.yaml
 ```
@@ -73,13 +70,16 @@ $ kubectl apply -f kuard
 $ kubectl delete -f kuard
 ```
 
-## longhorn-system
+## Add private docker registry
 
 ```sh
-# on node:
-sudo yum install -y iscsi-initiator-utils
-# locally
-kubectl apply -f longhorn-system/longhorn.yaml
+# create secret base64 encoded and put it in htpasswd helm chart
+USER='moritz'
+PASSWORD='xxx'
+docker run --entrypoint htpasswd --rm registry:2 -Bbn $USER $PASSWORD
+# #
+helm upgrade --install docker-registry stable/docker-registry -n development -f development/registry.secret.yaml
+##kubectl apply -f development/registry.secret.yaml
 ```
 
 ## rstudio
@@ -91,16 +91,7 @@ kubectl apply -f datalab/rstudio.yaml
 ```
 
 
-## Add private docker registry
 
-```sh
-# create secret base64 encoded and put it in htpasswd helm chart
-USER='moritz'
-PASSWORD='xxx'
-docker run --entrypoint htpasswd --rm registry:2 -Bbn $USER $PASSWORD
-# 
-kubectl apply -f development/registry.secret.yaml
-```
 
 ### creating docker-pull-secret
 
@@ -137,6 +128,12 @@ kubectl apply -f tt-rss/
 kubectl apply -f minio
 ```
 
+## monitoring
+
+```sh
+
+```
+
 ## auth
 
 Including:
diff --git a/k8s/cert-manager/cert-manager.yaml b/k8s/cert-manager/cert-manager.yaml
index 9bd9c32..d6b117a 100644
--- a/k8s/cert-manager/cert-manager.yaml
+++ b/k8s/cert-manager/cert-manager.yaml
@@ -1,22 +1,9 @@
 # status: implemented
 
-apiVersion: helm.fluxcd.io/v1
-kind: HelmRelease
-metadata:
-  name: helm-cert-manager
-  namespace: flux
-spec:
-  releaseName: cert-manager
-  targetNamespace: cert-manager
-  chart:
-    repository: https://charts.jetstack.io
-    version: v0.14.1
-    name: cert-manager
-  values:
-    replicaCount: 1
-    webhook:
-      replicaCount: 1
-    podLabels:
-      app: cert-manager
-    prometheus:
-      enabled: false
+replicaCount: 1
+webhook:
+  replicaCount: 1
+podLabels:
+  app: cert-manager
+prometheus:
+  enabled: false
diff --git a/k8s/datalab/redeploy.yaml b/k8s/datalab/redeploy.yaml
index adc29dd..de52472 100644
--- a/k8s/datalab/redeploy.yaml
+++ b/k8s/datalab/redeploy.yaml
@@ -72,7 +72,7 @@ spec:
           - name: "hub-moritzgraf-de"
           containers:
           - name: redeploy-corona
-            image: hub.moritzgraf.de:5000/redeploy:latest
+            image: registry.haumdaucher.de/redeploy:latest
             env:
             - name: DEPLOYMENT
               value: "corona"
diff --git a/k8s/datalab/rstudio.yaml b/k8s/datalab/rstudio.yaml
index b6dbd33..98f9279 100644
--- a/k8s/datalab/rstudio.yaml
+++ b/k8s/datalab/rstudio.yaml
@@ -56,7 +56,7 @@ metadata:
 spec:
   accessModes:
     - ReadWriteOnce
-  storageClassName: longhorn
+  storageClassName: openebs-hostpath
   resources:
     requests:
       storage: 10Gi
diff --git a/k8s/development/registry.secret.yaml b/k8s/development/registry.secret.yaml
index 1a078bd44366296c8eb82ec9ff1ed54a2bb015a0..f63cdb3cec62c24db800b35c64d4438b17774b14 100644
GIT binary patch
literal 615
zcmV-t0+{^(M@dveQdv+`09T?}h!TT0w(5*W3KcbsNu?i^LoARXh6p#f=P0L<Q#)et
zjOu>x#_PZpi9QA-QMz_L#V&>!;1g?~XhKPp<n1dy>(6g=n!%Bf_MO}&so$F1|LH4;
zhhi<6_&Jjw<MzV;{%LF>ay7u8ZBh4Y-lofbawoERs{iP(fc92?JP)9`&z-G6GJx|b
z&u6&$lS#Zh`0ZXhK<Wy)!Jl!W%qn0hMDC~6d?YO;y_gYmv;fS*M=zcxeH}a`mGO+|
z;wL&e$p_Y)9pZQMAL0=QWQ4Ac;A#RR>Ys`Y9qT!WY%7~>%dQ`{Ys3u0+BpjaPDvWx
zd(iCOQ<$O)ydhro>@C)tXTh4IZxL>B1#*j5i8}!7n=JDijGDN6@x#RMj9Wua8W}}(
z;;0grjzgiF4wp!1azFoxv{0NK2PaLonJXoH@LcvhaMy5r5D9U?+yeQCS7^4UtJDr1
zM!R8MKHB2=w(@MX0j)o=e0JA$V8w)yN!r$tcQTgu5xgvCFM(#2vWB>p=*7Bj$A7xt
znSfllZ4JGXW>;2?JSY+&K!MCx{E9ZhvUQJR{fv_OPuWlAR9Yl-+WXm|q&Om*zkAJ)
zdqtNt@#<C7!z0W06Gx^A{F?-6R&i^I#a1!GuSzhVw*1TD(m|JJvMrO)P+e_zhX|o3
zuq9KdBzO8AexRdKsAwjH>py1%=U4&!EV9`rUuef&AA4cn73D4_3~yBi2g8nhX2r#1
zktv!aI(a0g;^m{81U06*tMB+XN>%Z~>5!w!zV$gTfKV`Fk`O+o9r%<**~n+?DacF(
BGVK5W

literal 1008
zcmV<M0}uQFM@dveQdv+`0K~BsD}5pcw;TYx$|=q38Vi@gt;(GUTNjV>JvJOPPLT1z
zGJ*{v!Ut%3=SCR42ejgt?2E7VRC58q962$FAxrI<BY~`@OpgA^QO_8seB3Y5o@LV9
z-TX#~eH|Dn(0tKOeGNLfg{xN@dvM2BZ*mcn9YZuWmRbd}9wKAd@*XXYuw)+eo7;f}
z%6hK{2pVY=$&+#9X&(zCIyp;?2j54o6T<BS0BKI@20Kyht<A0j2{&@eO*((R1&QZX
z@rT7|H9<j=gnT6o`x#@QnD<SjnvWBbh_azcMh^qrkR%(;;OYD6fD?omr5?zZI@c}Q
z7*SMBqEo9rM1!qAFQHUht)?z>%$YD!aO!s3CeVY<0Dfjx5fe};c*P&;Y=b*8@H>8Y
zxJf6tU?JrnRby@^(-Tdx`2;A%O{O<p>aWa^2ik_IbVnAeykb{P%iL763a8pNIhy;X
zH$l@_d_Uk$#QxqOml^SQ=lNy#@u;y)x!P38O<O$O&o}-6uQrMAcdQ1p0yNzu`Aw@c
zoD9txSK^1QSy77@=gZ9T)H{R9mvVJmVyQ&;^L=%+b$usO{r&hfe+vyf$Jb}9{s8C!
zfdhnL?9Y4&SydM3vVoJEdgvZg0oPu5f-}X~#7-^xfA(B??gjv>(WP$QmbF>+|41nv
z@pR0u->cy`cDC>>9pTA4lcP2{dYyW$u36nol=)tWi!gJ<(W8S<{vZPe<m!R75OrFx
z@%Ei!;!Wq^{baE#>2fKGnfQ=6IS_jj)LvvHcww7{$)X@j5sP!URIYM;<4+&gBdpcT
z%(dQ@qKihh^o)XHSFmt8)X_U>*=BHLJQ4Wa7r8&p!r*CAxRh6^)9g1oJ34pl)Wv27
zKJMqu4nRwU!0O#Gy5SqSRKXE7vH^rR^4{G03MabDD)=-ZXn>d6<7$%(%c5ZT2g;<p
zAGV6~*mmw5#(^nVkP1uUsOV#l62PPC@K<in?TenG`KobN$0A5;gyGbx4kf@}5bQ2_
zstgI_lRthh_8<uJ1riV@jsLC=qlR4y^vGt3gI8Cn1y8GiVVug(Om@V_`PNCikP@?Z
zEWXZZCV1wOd1Vvg?I;hg0~8CH5jNKp@?W&ae_A;EEnJ{FAiXvo*@M7|Wh3ntYbCm|
zm}xi{*sFaHb5maOb0%PXKoqd7D&D7|Em~hywjEXQq+$%~0ZW3c3Z;7@Z=4lxPq**(
z-{~zUdn!A}e*!-g3qE?%j1^GKLe#w;{#?j*N`W)TBPAmYxaZpoUVNDVEKLSG5RaD_
eHpy(HlGMZir&E!`MVh1<tM=+lAE)nOoqMw8aq67_

diff --git a/k8s/nginx-ingress/nginx-ingress.yaml b/k8s/nginx-ingress/nginx-ingress.yaml
index 01a6911..70cffec 100644
--- a/k8s/nginx-ingress/nginx-ingress.yaml
+++ b/k8s/nginx-ingress/nginx-ingress.yaml
@@ -1,22 +1,9 @@
 # status: implemented
 
-apiVersion: helm.fluxcd.io/v1
-kind: HelmRelease
-metadata:
-  name: helm-nginx-ingress
-  namespace: flux
-spec:
-  releaseName: nginx-ingress
-  targetNamespace: nginx-ingress
-  chart:
-    repository: https://kubernetes-charts.storage.googleapis.com
-    version: 1.35.0
-    name: nginx-ingress
-  values:
-    controller:
-      hostNetwork: true
-      kind: DaemonSet
-      daemonset:
-        useHostPort: true
-      dnsPolicy: ClusterFirstWithHostNet
-      reportNodeInternalIp: true
+controller:
+  hostNetwork: true
+  kind: DaemonSet
+  daemonset:
+    useHostPort: true
+  dnsPolicy: ClusterFirstWithHostNet
+  reportNodeInternalIp: true
diff --git a/k8s/openebs/openebs.yml b/k8s/openebs/openebs.yml
new file mode 100644
index 0000000..a930ff8
--- /dev/null
+++ b/k8s/openebs/openebs.yml
@@ -0,0 +1,17 @@
+# # status: implemented
+
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  name: helm-openebs
+  namespace: flux
+spec:
+  releaseName: openebs
+  targetNamespace: openebs
+  chart:
+    repository: https://kubernetes-charts.storage.googleapis.com
+    version: 1.9.0
+    name: openebs
+  values:
+    analytics:
+      enabled: false
\ No newline at end of file