jahanson/theshire
1
0
Fork 0
Code Issues 1 Pull requests 6 Projects Releases Packages Wiki Activity Actions

Compare commits

base: jahanson:5397ed66e7bd88fd93d6cc202d4c4d9fcefcea00
Branches Tags
jahanson:main
jahanson:renovate/prometheus-operator-crds-16.x
jahanson:renovate/ghcr.io-autobrr-autobrr-1.x
jahanson:renovate/jesec-flood-master
jahanson:renovate/ghcr.io-siderolabs-kubelet-1.x
jahanson:renovate/patch-cilium
jahanson:renovate/coder-2.x
jahanson:shokoserver
jahanson:kasm-wip
jahanson:multus-app-template-style
jahanson:renovate/configure
jahanson:bgp->l2
jahanson:swap-to-zfs
..
compare: jahanson:38160db1612aa37359e38d434d3882dedadc7773
Branches Tags
jahanson:renovate/prometheus-operator-crds-16.x
jahanson:renovate/ghcr.io-autobrr-autobrr-1.x
jahanson:renovate/jesec-flood-master
jahanson:main
jahanson:renovate/ghcr.io-siderolabs-kubelet-1.x
jahanson:renovate/patch-cilium
jahanson:renovate/coder-2.x
jahanson:shokoserver
jahanson:kasm-wip
jahanson:multus-app-template-style
jahanson:renovate/configure
jahanson:bgp->l2
jahanson:swap-to-zfs

12 commits
5397ed66e7 ... 38160db161

Author SHA1 Message Date
Smeagol
38160db161 Update ghcr.io/onedr0p/sonarr:4.0.2.1183 Docker digest to 42ba5af 2024-04-01 01:01:06 +00:00
Smeagol
966a1f3c98 Update ghcr.io/onedr0p/radarr:5.3.6.8612 Docker digest to e9586ce 2024-04-01 00:01:29 +00:00
Smeagol
16417c59cd Update ghcr.io/onedr0p/prowlarr-develop:1.15.0.4361 Docker digest to 833d7ca 2024-04-01 00:01:10 +00:00
Joseph Hanson
399e60b38e
Fix for Immich. 2024-03-31 14:46:38 -05:00
Joseph Hanson
7bd396a0e9
Enable nvidia. 2024-03-31 13:17:44 -05:00
Joseph Hanson
f72b66a6fb
Put the services on an nvidia node. 2024-03-31 13:08:11 -05:00
Joseph Hanson
0ff6df587b
nfd = true 2024-03-31 12:36:26 -05:00
Joseph Hanson
2270a933a2
Add intel gpu plugin. 2024-03-31 12:25:57 -05:00
Joseph Hanson
5a6ee7b61a
Merge branch 'main' of git.hsn.dev:jahanson/homelab 2024-03-31 10:03:08 -05:00
Joseph Hanson
b4e500b357
Add a few more steps to bootstrap. 2024-03-31 10:02:55 -05:00
Joseph Hanson
5e3ee55f4b Update 2024-03-31 10:02:33 -05:00
Joseph Hanson
1495f05ebf Update 2024-03-31 10:02:33 -05:00
15 changed files with 202 additions and 17 deletions
Show stats Expand all files Collapse all files

1
kubernetes/apps/database/dragonfly/app/dragonfly.yaml
View file

@ -16,6 +16,7 @@ spec:
memory: 3Gi
args:
- "--proactor_threads=4"
- "--default_lua_flags=allow-undeclared-keys"
# Need retention policy before this is enabled
# Or add S3 details and enable retention policy on the bucket.
# snapshot:

2
kubernetes/apps/default/prowlarr/app/helmrelease.yaml
View file

@ -31,7 +31,7 @@ spec:
app:
image:
repository: ghcr.io/onedr0p/prowlarr-develop
tag: 1.15.0.4361@sha256:0b6b55c6b230da58c73dce53976c3ff866cab099eefc9d5a1e85bf6b1c610ae1
tag: 1.15.0.4361@sha256:833d7ca0c25e6ad28b48c0624fc54947bdaa724bba1a25c85b21d8484a96db3c
env:
# Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
# Ref: https://github.com/dotnet/runtime/issues/9336

2
kubernetes/apps/default/radarr/app/helmrelease.yaml
View file

@ -34,7 +34,7 @@ spec:
app:
image:
repository: ghcr.io/onedr0p/radarr
tag: 5.3.6.8612@sha256:431f4d8da415645cd18359d0b704d4191f400eb57137ed3e5749774f3915c0a8
tag: 5.3.6.8612@sha256:e9586ce6fdcb0bc739f96490e876c445114cec98e8c039aab6e48c579590cc70
env:
# Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
# Ref: https://github.com/dotnet/runtime/issues/9336

2
kubernetes/apps/default/sonarr/app/helmrelease.yaml
View file

@ -34,7 +34,7 @@ spec:
app:
image:
repository: ghcr.io/onedr0p/sonarr
tag: 4.0.2.1183@sha256:bbfcda0754272515ce12972924652699934074b46b11d27bc515c8ea5fb870f5
tag: 4.0.2.1183@sha256:42ba5af9b0ea20f4db4622991e0f1657be02c6e8747872c652fdac193c097b25
env:
# Ref: https://github.com/Radarr/Radarr/issues/7030#issuecomment-1039689518
# Ref: https://github.com/dotnet/runtime/issues/9336

29
kubernetes/apps/kube-system/intel-device-plugin/app/helmrelease.yaml Normal file
View file

@ -0,0 +1,29 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: intel-device-plugin-operator
spec:
interval: 30m
chart:
spec:
chart: intel-device-plugins-operator
version: 0.29.0
sourceRef:
kind: HelmRepository
name: intel
namespace: flux-system
install:
crds: CreateReplace
remediation:
retries: 3
upgrade:
cleanupOnFail: true
crds: CreateReplace
remediation:
strategy: rollback
retries: 3
dependsOn:
- name: node-feature-discovery
namespace: kube-system

6
kubernetes/apps/kube-system/intel-device-plugin/app/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml

31
kubernetes/apps/kube-system/intel-device-plugin/gpu/helmrelease.yaml Normal file
View file

@ -0,0 +1,31 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: intel-device-plugin-gpu
spec:
interval: 30m
chart:
spec:
chart: intel-device-plugins-gpu
version: 0.29.0
sourceRef:
kind: HelmRepository
name: intel
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
strategy: rollback
retries: 3
dependsOn:
- name: intel-device-plugin-operator
namespace: kube-system
values:
name: intel-gpu-plugin
sharedDevNum: 3
nodeFeatureRule: true

6
kubernetes/apps/kube-system/intel-device-plugin/gpu/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml

42
kubernetes/apps/kube-system/intel-device-plugin/ks.yaml Normal file
View file

@ -0,0 +1,42 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app intel-device-plugin
namespace: flux-system
spec:
targetNamespace: kube-system
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/kube-system/intel-device-plugin/app
prune: true
sourceRef:
kind: GitRepository
name: homelab
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m
---
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app intel-device-plugin-gpu
namespace: flux-system
spec:
targetNamespace: kube-system
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/kube-system/intel-device-plugin/gpu
prune: true
sourceRef:
kind: GitRepository
name: homelab
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m

1
kubernetes/apps/kube-system/kustomization.yaml
View file

@ -10,6 +10,7 @@ resources:
- ./descheduler/ks.yaml
- ./fstrim/ks.yaml
- ./metrics-server/ks.yaml
- ./intel-device-plugin/ks.yaml
- ./nvidia-device-plugin/ks.yaml
- ./node-feature-discovery/ks.yaml
- ./reloader/ks.yaml

4
kubernetes/apps/media/immich/app/machine-learning/helmrelease.yaml
View file

@ -59,6 +59,10 @@ spec:
secretKeyRef:
name: immich-pguser-immich
key: uri
pod:
nodeSelector:
nvidia.com/gpu.present: "true"
runtimeClassName: nvidia
service:
app:
controller: immich-machine-learning

4
kubernetes/apps/media/immich/app/microservices/helmrelease.yaml
View file

@ -62,6 +62,10 @@ spec:
secretKeyRef:
name: immich-pguser-immich
key: uri
pod:
nodeSelector:
nvidia.com/gpu.present: "true"
runtimeClassName: nvidia
service:
app:
controller: immich-microservices

30
kubernetes/bootstrap/readme.md
View file

@ -7,8 +7,27 @@
```sh
omnictl cluster template sync -f ./template.yaml --omniconfig ./omniconfig.yaml
```
## CNI
## Flux
### Install Cilium
```sh
cilium install \
--helm-set=ipam.mode=kubernetes \
--helm-set=kubeProxyReplacement=true \
--helm-set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
--helm-set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
--helm-set=cgroup.autoMount.enabled=false \
--helm-set=cgroup.hostRoot=/sys/fs/cgroup \
--helm-set=k8sServiceHost=127.0.0.1 \
--helm-set=k8sServicePort=7445 \
--helm-set=bgpControlPlane.enabled=true \
--helm-set=bgp.enabled=false \
--helm-set=bgp.announce.loadbalancerIP=true \
--helm-set=bgp.announce.podCIDR=false
```
## Flux Prep
### Install Flux
@ -25,10 +44,15 @@ sops --decrypt kubernetes/bootstrap/flux/age-key.sops.yaml | kubectl apply -f -
sops --decrypt kubernetes/bootstrap/flux/git-deploy-key.sops.yaml | kubectl apply -f -
sops --decrypt kubernetes/flux/vars/cluster-secrets.sops.yaml | kubectl apply -f -
kubectl apply -f kubernetes/flux/vars/cluster-settings.yaml
kubectl apply -k kubernetes/bootstrap/kps-crds/
```
### Kick off Flux applying this repository
## Wipe Rook Ceph
```sh
kubectl apply -f kubernetes/tools/wiperook.yaml
```
## Kick off Flux applying this repository
```sh
kubectl apply --server-side --kustomize ./kubernetes/flux/config

37
kubernetes/tools/wipeone.yaml Normal file
View file

@ -0,0 +1,37 @@
---
apiVersion: v1
kind: Pod
metadata:
name: disk-wipe-one
namespace: rook-ceph
spec:
restartPolicy: Never
nodeName: talos-ltk-p4a
containers:
- name: disk-wipe
image: ghcr.io/onedr0p/alpine:3.19.1@sha256:3fbc581cb0fe29830376161ae026e2a765dcc11e1747477fe9ebf155720b8638
securityContext:
privileged: true
resources: {}
env:
- name: CEPH_DISK
value: "/dev/xvdb"
command:
[
"/bin/sh",
"-c"
]
args:
- apk add --no-cache sgdisk util-linux parted;
sgdisk --zap-all $CEPH_DISK;
blkdiscard $CEPH_DISK;
dd if=/dev/zero bs=1M count=1000 oflag=direct of=$CEPH_DISK;
partprobe $CEPH_DISK;
volumeMounts:
- mountPath: /mnt/host_var
name: host-var
volumes:
- name: host-var
hostPath:
path: /var

22
kubernetes/tools/wiperook.yaml
View file

@ -2,11 +2,11 @@
apiVersion: v1
kind: Pod
metadata:
name: disk-wipe-nessa
namespace: rook-ceph
name: disk-wipe-s01
namespace: kube-system
spec:
restartPolicy: Never
nodeName: talos-nz9-4fz
nodeName: talos-0ye-ep1
containers:
- name: disk-wipe
image: ghcr.io/onedr0p/alpine:3.19.1@sha256:3fbc581cb0fe29830376161ae026e2a765dcc11e1747477fe9ebf155720b8638
@ -39,11 +39,11 @@ spec:
apiVersion: v1
kind: Pod
metadata:
name: disk-wipe-nienna
namespace: rook-ceph
name: disk-wipe-anduril
namespace: kube-system
spec:
restartPolicy: Never
nodeName: talos-9c9-dj0
nodeName: talos-9pw-zvs
containers:
- name: disk-wipe
image: ghcr.io/onedr0p/alpine:3.19.1@sha256:3fbc581cb0fe29830376161ae026e2a765dcc11e1747477fe9ebf155720b8638
@ -52,7 +52,7 @@ spec:
resources: {}
env:
- name: CEPH_DISK
value: "/dev/xvdb"
value: "/dev/nvme1n1"
command:
[
"/bin/sh",
@ -76,11 +76,11 @@ spec:
apiVersion: v1
kind: Pod
metadata:
name: disk-wipe-orome
namespace: rook-ceph
name: disk-wipe-g01
namespace: kube-system
spec:
restartPolicy: Never
nodeName: talos-dz9-5ys
nodeName:
containers:
- name: disk-wipe
image: ghcr.io/onedr0p/alpine:3.19.1@sha256:3fbc581cb0fe29830376161ae026e2a765dcc11e1747477fe9ebf155720b8638
@ -89,7 +89,7 @@ spec:
resources: {}
env:
- name: CEPH_DISK
value: "/dev/xvdb"
value: "/dev/nvme0n1"
command:
[