Dan V
deb6c38d7b
- Add .gitignore: exclude compiled binaries, build artifacts, and Helm values files containing real secrets (authentik, prometheus) - Add all Kubernetes deployment manifests (deployment/) - Add services source code: ha-sync, device-inventory, games-console, paperclip, parts-inventory - Add Ansible orchestration: playbooks, roles, inventory, cloud-init - Add hardware specs, execution plans, scripts, HOMELAB.md - Add skills/homelab/SKILL.md + skills/install.sh to preserve Copilot skill - Remove previously-tracked inventory-cli binary from git index Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
183 lines
4.3 KiB
YAML
183 lines
4.3 KiB
YAML
---
|
|
# NOTE: Images must be built and loaded onto nodes before applying.
|
|
# Run: /home/dan/homelab/services/device-inventory/build-and-load.sh
|
|
#
|
|
# Images required:
|
|
# inventory-server:latest → kube-node-2
|
|
# inventory-web-ui:latest → kube-node-2
|
|
# inventory-cli:latest → kube-node-2, kube-node-3
|
|
#
|
|
# nfs-general StorageClass is cluster-wide — no extra Helm release needed.
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: device-inventory-db-pvc
|
|
namespace: infrastructure
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
storageClassName: nfs-general
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: inventory-server
|
|
namespace: infrastructure
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: inventory-server
|
|
strategy:
|
|
type: Recreate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: inventory-server
|
|
spec:
|
|
containers:
|
|
- name: inventory-server
|
|
image: inventory-server:latest
|
|
imagePullPolicy: Never
|
|
ports:
|
|
- containerPort: 9876
|
|
name: tcp
|
|
resources:
|
|
limits:
|
|
cpu: 200m
|
|
memory: 128Mi
|
|
requests:
|
|
cpu: 25m
|
|
memory: 32Mi
|
|
livenessProbe:
|
|
tcpSocket:
|
|
port: 9876
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 20
|
|
failureThreshold: 5
|
|
readinessProbe:
|
|
tcpSocket:
|
|
port: 9876
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
failureThreshold: 3
|
|
volumeMounts:
|
|
- mountPath: /var/lib/inventory
|
|
name: db-storage
|
|
volumes:
|
|
- name: db-storage
|
|
persistentVolumeClaim:
|
|
claimName: device-inventory-db-pvc
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: inventory-server
|
|
namespace: infrastructure
|
|
spec:
|
|
selector:
|
|
app: inventory-server
|
|
ports:
|
|
- name: tcp
|
|
port: 9876
|
|
targetPort: 9876
|
|
nodePort: 30987
|
|
type: NodePort
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: inventory-web-ui
|
|
namespace: infrastructure
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: inventory-web-ui
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: inventory-web-ui
|
|
spec:
|
|
containers:
|
|
- name: inventory-web-ui
|
|
image: inventory-web-ui:latest
|
|
imagePullPolicy: Never
|
|
env:
|
|
- name: INVENTORY_HOST
|
|
value: inventory-server.infrastructure.svc.cluster.local
|
|
- name: INVENTORY_PORT
|
|
value: "9876"
|
|
- name: PORT
|
|
value: "8080"
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http
|
|
resources:
|
|
limits:
|
|
cpu: 100m
|
|
memory: 64Mi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 32Mi
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: 8080
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 20
|
|
failureThreshold: 3
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: 8080
|
|
initialDelaySeconds: 3
|
|
periodSeconds: 10
|
|
failureThreshold: 3
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: inventory-web-ui
|
|
namespace: infrastructure
|
|
spec:
|
|
selector:
|
|
app: inventory-web-ui
|
|
ports:
|
|
- name: http
|
|
port: 80
|
|
targetPort: 8080
|
|
type: ClusterIP
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: inventory-web-ui
|
|
namespace: infrastructure
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
nginx.ingress.kubernetes.io/auth-url: "https://auth.vandachevici.ro/outpost.goauthentik.io/auth/nginx"
|
|
nginx.ingress.kubernetes.io/auth-signin: "https://auth.vandachevici.ro/outpost.goauthentik.io/start?rd=$scheme://$http_host$escaped_request_uri"
|
|
nginx.ingress.kubernetes.io/auth-response-headers: >-
|
|
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
|
|
spec:
|
|
ingressClassName: nginx
|
|
rules:
|
|
- host: device-inventory.vandachevici.ro
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: inventory-web-ui
|
|
port:
|
|
number: 80
|
|
tls:
|
|
- hosts:
|
|
- device-inventory.vandachevici.ro
|
|
secretName: device-inventory-tls
|