fchinembiri
/
geocrop-platform.
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: deploy family-apps (grocy/mealie) for 4 users and fix node metrics connectivity

This commit is contained in:
fchinembiri 2026-05-21 17:02:16 +02:00
parent 6cb70ce523
commit ea69e01760
8 changed files with 672 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
k8s/argocd-family-apps.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: family-apps
namespace: argocd
spec:
project: default
source:
repoURL: http://gitea.geocrop.svc.cluster.local:3000/fchinembiri/geocrop-platform.git
targetRevision: HEAD
path: k8s/family-apps
destination:
server: https://kubernetes.default.svc
namespace: family-apps
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

4
k8s/family-apps/00-namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: family-apps

153
k8s/family-apps/kecy.yaml Normal file
View File

@ -0,0 +1,153 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grocy-pvc-kecy
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: grocy-kecy
spec:
replicas: 1
selector:
matchLabels:
app: grocy-kecy
template:
metadata:
labels:
app: grocy-kecy
spec:
containers:
- name: grocy
image: lscr.io/linuxserver/grocy:latest
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "Africa/Harare"
ports:
- containerPort: 80
volumeMounts:
- name: config
mountPath: /config
volumes:
- name: config
persistentVolumeClaim:
claimName: grocy-pvc-kecy
---
apiVersion: v1
kind: Service
metadata:
name: grocy-kecy
spec:
ports:
- port: 80
targetPort: 80
selector:
app: grocy-kecy
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grocy-kecy-ingress
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
tls:
- hosts:
- grocy-kecy.techarvest.co.zw
secretName: grocy-kecy-tls
rules:
- host: grocy-kecy.techarvest.co.zw
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: grocy-kecy
port:
number: 80
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mealie-pvc-kecy
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mealie-kecy
spec:
replicas: 1
selector:
matchLabels:
app: mealie-kecy
template:
metadata:
labels:
app: mealie-kecy
spec:
containers:
- name: mealie
image: ghcr.io/mealie-recipes/mealie:latest
env:
- name: TZ
value: "Africa/Harare"
ports:
- containerPort: 9000
volumeMounts:
- name: data
mountPath: /app/data
volumes:
- name: data
persistentVolumeClaim:
claimName: mealie-pvc-kecy
---
apiVersion: v1
kind: Service
metadata:
name: mealie-kecy
spec:
ports:
- port: 80
targetPort: 9000
selector:
app: mealie-kecy
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mealie-kecy-ingress
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
tls:
- hosts:
- mealie-kecy.techarvest.co.zw
secretName: mealie-kecy-tls
rules:
- host: mealie-kecy.techarvest.co.zw
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: mealie-kecy
port:
number: 80

9
k8s/family-apps/kustomization.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- 00-namespace.yaml
- tawona.yaml
- tendai.yaml
- tsitsi.yaml
- kecy.yaml

153
k8s/family-apps/tawona.yaml Normal file
View File

@ -0,0 +1,153 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grocy-pvc-tawona
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: grocy-tawona
spec:
replicas: 1
selector:
matchLabels:
app: grocy-tawona
template:
metadata:
labels:
app: grocy-tawona
spec:
containers:
- name: grocy
image: lscr.io/linuxserver/grocy:latest
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "Africa/Harare"
ports:
- containerPort: 80
volumeMounts:
- name: config
mountPath: /config
volumes:
- name: config
persistentVolumeClaim:
claimName: grocy-pvc-tawona
---
apiVersion: v1
kind: Service
metadata:
name: grocy-tawona
spec:
ports:
- port: 80
targetPort: 80
selector:
app: grocy-tawona
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grocy-tawona-ingress
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
tls:
- hosts:
- grocy-tawona.techarvest.co.zw
secretName: grocy-tawona-tls
rules:
- host: grocy-tawona.techarvest.co.zw
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: grocy-tawona
port:
number: 80
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mealie-pvc-tawona
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mealie-tawona
spec:
replicas: 1
selector:
matchLabels:
app: mealie-tawona
template:
metadata:
labels:
app: mealie-tawona
spec:
containers:
- name: mealie
image: ghcr.io/mealie-recipes/mealie:latest
env:
- name: TZ
value: "Africa/Harare"
ports:
- containerPort: 9000
volumeMounts:
- name: data
mountPath: /app/data
volumes:
- name: data
persistentVolumeClaim:
claimName: mealie-pvc-tawona
---
apiVersion: v1
kind: Service
metadata:
name: mealie-tawona
spec:
ports:
- port: 80
targetPort: 9000
selector:
app: mealie-tawona
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mealie-tawona-ingress
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
tls:
- hosts:
- mealie-tawona.techarvest.co.zw
secretName: mealie-tawona-tls
rules:
- host: mealie-tawona.techarvest.co.zw
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: mealie-tawona
port:
number: 80

153
k8s/family-apps/tendai.yaml Normal file
View File

@ -0,0 +1,153 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grocy-pvc-tendai
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: grocy-tendai
spec:
replicas: 1
selector:
matchLabels:
app: grocy-tendai
template:
metadata:
labels:
app: grocy-tendai
spec:
containers:
- name: grocy
image: lscr.io/linuxserver/grocy:latest
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "Africa/Harare"
ports:
- containerPort: 80
volumeMounts:
- name: config
mountPath: /config
volumes:
- name: config
persistentVolumeClaim:
claimName: grocy-pvc-tendai
---
apiVersion: v1
kind: Service
metadata:
name: grocy-tendai
spec:
ports:
- port: 80
targetPort: 80
selector:
app: grocy-tendai
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grocy-tendai-ingress
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
tls:
- hosts:
- grocy-tendai.techarvest.co.zw
secretName: grocy-tendai-tls
rules:
- host: grocy-tendai.techarvest.co.zw
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: grocy-tendai
port:
number: 80
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mealie-pvc-tendai
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mealie-tendai
spec:
replicas: 1
selector:
matchLabels:
app: mealie-tendai
template:
metadata:
labels:
app: mealie-tendai
spec:
containers:
- name: mealie
image: ghcr.io/mealie-recipes/mealie:latest
env:
- name: TZ
value: "Africa/Harare"
ports:
- containerPort: 9000
volumeMounts:
- name: data
mountPath: /app/data
volumes:
- name: data
persistentVolumeClaim:
claimName: mealie-pvc-tendai
---
apiVersion: v1
kind: Service
metadata:
name: mealie-tendai
spec:
ports:
- port: 80
targetPort: 9000
selector:
app: mealie-tendai
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mealie-tendai-ingress
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
tls:
- hosts:
- mealie-tendai.techarvest.co.zw
secretName: mealie-tendai-tls
rules:
- host: mealie-tendai.techarvest.co.zw
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: mealie-tendai
port:
number: 80

153
k8s/family-apps/tsitsi.yaml Normal file
View File

@ -0,0 +1,153 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grocy-pvc-tsitsi
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: grocy-tsitsi
spec:
replicas: 1
selector:
matchLabels:
app: grocy-tsitsi
template:
metadata:
labels:
app: grocy-tsitsi
spec:
containers:
- name: grocy
image: lscr.io/linuxserver/grocy:latest
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "Africa/Harare"
ports:
- containerPort: 80
volumeMounts:
- name: config
mountPath: /config
volumes:
- name: config
persistentVolumeClaim:
claimName: grocy-pvc-tsitsi
---
apiVersion: v1
kind: Service
metadata:
name: grocy-tsitsi
spec:
ports:
- port: 80
targetPort: 80
selector:
app: grocy-tsitsi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: grocy-tsitsi-ingress
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
tls:
- hosts:
- grocy-tsitsi.techarvest.co.zw
secretName: grocy-tsitsi-tls
rules:
- host: grocy-tsitsi.techarvest.co.zw
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: grocy-tsitsi
port:
number: 80
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mealie-pvc-tsitsi
spec:
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mealie-tsitsi
spec:
replicas: 1
selector:
matchLabels:
app: mealie-tsitsi
template:
metadata:
labels:
app: mealie-tsitsi
spec:
containers:
- name: mealie
image: ghcr.io/mealie-recipes/mealie:latest
env:
- name: TZ
value: "Africa/Harare"
ports:
- containerPort: 9000
volumeMounts:
- name: data
mountPath: /app/data
volumes:
- name: data
persistentVolumeClaim:
claimName: mealie-pvc-tsitsi
---
apiVersion: v1
kind: Service
metadata:
name: mealie-tsitsi
spec:
ports:
- port: 80
targetPort: 9000
selector:
app: mealie-tsitsi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mealie-tsitsi-ingress
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
tls:
- hosts:
- mealie-tsitsi.techarvest.co.zw
secretName: mealie-tsitsi-tls
rules:
- host: mealie-tsitsi.techarvest.co.zw
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: mealie-tsitsi
port:
number: 80

33
k8s/fix-ufw-ds-v2.yaml
View File

@ -12,22 +12,43 @@ spec:
labels: labels:
name: fix-ufw name: fix-ufw
spec: spec:
hostNetwork: true
hostPID: true hostPID: true
containers: containers:
- name: fix - name: fix
image: alpine image: alpine
securityContext: securityContext:
privileged: true privileged: true
command: ["/bin/sh", "-c"] command: ["nsenter", "--target", "1", "--mount", "--uts", "--ipc", "--net", "--pid", "--", "sh", "-c"]
args: args:
- | - |
nsenter --target 1 --mount --uts --ipc --net --pid -- sh -c " if command -v ufw >/dev/null; then
ufw allow 8472/udp
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 8443/tcp
ufw allow 10250/tcp
ufw allow from 10.42.0.0/16 ufw allow from 10.42.0.0/16
ufw allow from 10.43.0.0/16 ufw allow from 10.43.0.0/16
ufw allow from 172.16.0.0/12 ufw allow from 172.16.0.0/12
ufw allow from 192.168.0.0/16 ufw allow from 192.168.0.0/16
ufw allow from 10.0.0.0/8 ufw allow from 10.0.0.0/8
ufw allow proto tcp from any to any port 80,443 ufw allow from 37.60.237.100
" ufw allow from 167.86.68.48
while true; do sleep 3600; done ufw allow from 95.111.235.130
elif command -v firewall-cmd >/dev/null; then
firewall-cmd --permanent --add-port=8472/udp
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --permanent --add-port=8443/tcp
firewall-cmd --permanent --add-port=10250/tcp
firewall-cmd --permanent --add-source=10.42.0.0/16
firewall-cmd --permanent --add-source=10.43.0.0/16
firewall-cmd --permanent --add-source=172.16.0.0/12
firewall-cmd --permanent --add-source=192.168.0.0/16
firewall-cmd --permanent --add-source=10.0.0.0/8
firewall-cmd --permanent --add-source=37.60.237.100
firewall-cmd --permanent --add-source=167.86.68.48
firewall-cmd --permanent --add-source=95.111.235.130
firewall-cmd --reload
fi
sleep 3600