Undercloud/k8s-apps
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more apps

Browse Source
This commit is contained in:
Gitea Root Administrator
2026-03-28 13:20:19 +00:00
parent d1feb93bb4
commit d6245860ca
12 changed files with 333 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app-of-apps/authentik.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: authentik
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: authentik
server: https://kubernetes.default.svc
project: default
source:
path: authentik
repoURL: http://gitea.gitea.svc.k8s.undercloud.local:3000/Undercloud/k8s-apps.git
targetRevision: HEAD

16
app-of-apps/checkmk.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: ckeckmk
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: ckeckmk
server: https://kubernetes.default.svc
project: default
source:
path: ckeckmk
repoURL: http://gitea.gitea.svc.k8s.undercloud.local:3000/Undercloud/k8s-apps.git
targetRevision: HEAD

16
app-of-apps/openbao.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: openbao
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: openbao
server: https://kubernetes.default.svc
project: default
source:
path: openbao
repoURL: http://gitea.gitea.svc.k8s.undercloud.local:3000/Undercloud/k8s-apps.git
targetRevision: HEAD

16
app-of-apps/uptime-kuma.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: uptime-kuma
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: uptime-kuma
server: https://kubernetes.default.svc
project: default
source:
path: uptime-kuma
repoURL: http://gitea.gitea.svc.k8s.undercloud.local:3000/Undercloud/k8s-apps.git
targetRevision: HEAD

39
authentik/README.md Normal file
View File

@@ -0,0 +1,39 @@
# 🔐 authentik
## Description
authentik is a **modern identity provider (IdP) and access management platform** that enables Single Sign-On (SSO), user management, and fine-grained access control for applications.
It supports OAuth2, OpenID Connect (OIDC), and SAML, and can integrate with existing directories like LDAP.
authentik can also act as a **forward authentication gateway**, allowing protection of applications even if they do not natively support authentication.
## Why authentik (instead of Keycloak)
authentik was chosen over Keycloak for the following reasons:
- **Better suited for homelab / Kubernetes environments**
- **Simpler and more intuitive configuration model** (flow-based authentication)
- **Easier integration with ingress / reverse proxies** (forward auth)
- Built-in **policy engine** and flexible access rules
- Lighter operational overhead compared to Keycloak
- More convenient for protecting apps that **do not support OIDC/SAML**
Keycloak is a powerful enterprise IAM solution, but it introduces more complexity (realms, clients, roles) and is less flexible for reverse-proxy-based access control.
## Website
https://goauthentik.io
## Kubernetes Notes
- Requires **persistent storage** (database + media)
- Typically deployed with:
- PostgreSQL (external or bundled)
- Redis (for caching / background tasks)
- Multiple components:
- server (API + web UI)
- worker (background jobs)
- Works best with **Ingress + forward auth integration**
- Configure **outposts** for proxy-based authentication
- Integrates with LDAP as a **user backend (optional)**
- Use **OIDC for most applications** instead of LDAP
- Enable **MFA (2FA)** for improved security
- Important to configure:
- external URL correctly
- trusted proxies (when behind ingress)

18
checkmk/README.md Normal file
View File

@@ -0,0 +1,18 @@
# 📊 Checkmk
## Description
Checkmk is a **comprehensive infrastructure monitoring system** focused on servers, network devices, and hardware.
It provides agent-based monitoring, SNMP support, alerting, and detailed system insights.
## Website
https://checkmk.com
## Kubernetes Notes
- Runs as a **stateful monolithic application**
- Requires **persistent volume** (`/omd/sites`)
- Not horizontally scalable → use **1 replica only**
- Prefer running **outside Kubernetes** (VM or dedicated host)
- If deployed in K8s:
- Disable aggressive restarts (slow startup)
- Use **NodePort/Ingress** for web UI
- Best suited for **external infrastructure monitoring**, not cluster internals

61
homer/configmaps.yaml
View File

@@ -194,6 +194,12 @@ data:
tag: "polly" tag: "polly"
keywords: "doodle polly termine appointments" keywords: "doodle polly termine appointments"
url: "https://polly.apps.undercloud.dev" url: "https://polly.apps.undercloud.dev"
- name: "Authentik"
logo: "assets/logos/doodle.png"
subtitle: "SSO"
tag: "authentik"
keywords: "auth sso authentik"
url: "https://auth.apps.undercloud.dev"
- name: "Communication" - name: "Communication"
icon: "fas fa-cloud" icon: "fas fa-cloud"
@@ -244,6 +250,7 @@ data:
tag: "netbox" tag: "netbox"
keywords: "ip address" keywords: "ip address"
url: "https://netbox.apps.undercloud.dev" url: "https://netbox.apps.undercloud.dev"
- name: "Kubernetes" - name: "Kubernetes"
icon: "fas fa-cloud" icon: "fas fa-cloud"
items: items:
@@ -271,6 +278,12 @@ data:
tag: "harbor" tag: "harbor"
keywords: "harbor docker repository" keywords: "harbor docker repository"
url: "https://docker-repo.apps.undercloud.dev" url: "https://docker-repo.apps.undercloud.dev"
- name: "openbao"
logo: "assets/logos/netbox.png"
subtitle: "secret management"
tag: "openbao"
keywords: "secrets openbao"
url: "https://openbao.apps.undercloud.dev"
- name: "Communication Backend" - name: "Communication Backend"
icon: "fas fa-cloud" icon: "fas fa-cloud"
@@ -504,6 +517,18 @@ data:
# tag: "kibana" # tag: "kibana"
# keywords: "kibana logging monitoring" # keywords: "kibana logging monitoring"
# url: "https://kibana.apps.undercloud.dev" # url: "https://kibana.apps.undercloud.dev"
- name: "checkmk"
logo: "assets/logos/netbox.png"
subtitle: "IP Address Management"
tag: "checkmk"
keywords: "checkmk monitoring"
url: "https://checkmk.apps.undercloud.dev"
- name: "uptime-kuma"
logo: "assets/logos/netbox.png"
subtitle: "monitoring"
tag: "uptime-kuma"
keywords: "monitoring uptime kuma"
url: "https://uptime-kuma.apps.undercloud.dev"
- name: "Test" - name: "Test"
icon: "fas fa-cloud" icon: "fas fa-cloud"
items: items:
@@ -530,25 +555,25 @@ data:
items: items:
- name: "Ceph" - name: "Ceph"
logo: "assets/logos/cockpit.png" logo: "assets/logos/cockpit.png"
subtitle: "Ceph-hyper1" subtitle: "Ceph-Dashboard"
tag: "hypervisor" tag: "ceph"
keywords: "hyper1 proxmox ceph" keywords: "storage proxmox ceph"
url: "https://hyper1-ceph.apps.undercloud.dev" url: "https://ceph-dashboard.apps.undercloud.dev"
#target: "_blank" # optional html a tag target attribute
- name: "Ceph"
logo: "assets/logos/cockpit.png"
subtitle: "Ceph-hyper2"
tag: "hypervisor"
keywords: "hyper2 proxmox ceph"
url: "https://hyper2-ceph.apps.undercloud.dev"
#target: "_blank" # optional html a tag target attribute
- name: "Ceph"
logo: "assets/logos/cockpit.png"
subtitle: "Ceph-hyper3"
tag: "hypervisor"
keywords: "hyper3 proxmox ceph"
url: "https://hyper3-ceph.apps.undercloud.dev"
#target: "_blank" # optional html a tag target attribute #target: "_blank" # optional html a tag target attribute
#- name: "Ceph"
# logo: "assets/logos/cockpit.png"
# subtitle: "Ceph-hyper2"
# tag: "hypervisor"
# keywords: "hyper2 proxmox ceph"
# url: "https://hyper2-ceph.apps.undercloud.dev"
# #target: "_blank" # optional html a tag target attribute
#- name: "Ceph"
# logo: "assets/logos/cockpit.png"
# subtitle: "Ceph-hyper3"
# tag: "hypervisor"
# keywords: "hyper3 proxmox ceph"
# url: "https://hyper3-ceph.apps.undercloud.dev"
# #target: "_blank" # optional html a tag target attribute
- name: "External Links" - name: "External Links"
icon: "fas fa-cloud" icon: "fas fa-cloud"
items: items:

62
ingress-external-devices/ceph.yaml Normal file
View File

@@ -0,0 +1,62 @@
apiVersion: v1
kind: Service
metadata:
name: ceph-dashboard
namespace: ingress-external
spec:
ports:
- name: https
port: 8443
targetPort: 8443
---
apiVersion: v1
kind: Endpoints
metadata:
name: ceph-dashboard
namespace: ingress-external
subsets:
- addresses:
- ip: fd00:0:0:2::61
- ip: fd00:0:0:2::62
- ip: fd00:0:0:2::63
# optional IPv4 too, but usually one family is enough:
# - ip: 10.0.2.61
# - ip: 10.0.2.62
# - ip: 10.0.2.63
ports:
- port: 8443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ceph-dashboard
namespace: ingress-external
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
nginx.ingress.kubernetes.io/proxy-next-upstream: "error timeout http_500 http_502 http_503 http_504"
nginx.ingress.kubernetes.io/proxy-next-upstream-tries: "3"
spec:
tls:
- hosts:
- ceph-dashboard.apps.undercloud.dev
secretName: ceph-dashboard-tls
rules:
- host: ceph-dashboard.apps.undercloud.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ceph-dashboard
port:
number: 8443

21
kaniko/README.md
View File

@@ -1,2 +1,19 @@
# Kaniko # 🏗️ Kaniko
## Kaniko can be used to automate docker image creation
## Description
Kaniko is a **container image builder designed to run inside containers and Kubernetes**.
It allows building Docker images **without requiring a Docker daemon**, making it ideal for secure, cloud-native environments.
Kaniko executes Dockerfile instructions in userspace and pushes the resulting image directly to a container registry.
## Website
https://github.com/GoogleContainerTools/kaniko
## Kubernetes Notes
- Does **not require privileged containers** (unlike Docker-in-Docker)
- Typically runs as:
- Kubernetes Job
- CI/CD pipeline step (e.g. ArgoCD, GitLab CI)
- Requires access to:
- build context (Git repo, PVC, or object storage)
- container registry (push credentials)

58
netbox/README.md
View File

@@ -1,2 +1,56 @@
# Netbox # 📦 NetBox
## Ip Address Management
## Description
NetBox is a **network source of truth and IP address management (IPAM/DCIM) platform**.
It is used to model and document networks, including IP address space, VLANs, devices, racks, and connections.
NetBox provides a clean web UI and API to manage infrastructure data and is often used as the **central inventory system** for network and infrastructure automation.
## Website
https://netbox.dev
## Kubernetes Notes
- Requires **persistent storage** for:
- database (PostgreSQL)
- media files (uploads, reports, scripts)
- Requires:
- PostgreSQL database
- Redis (cache + background jobs)
- Multiple components:
- web (Django app)
- worker (background jobs / rq)
- Needs proper **initialization (migrations + superuser)**
- Can be exposed via **Ingress with TLS**
- Environment variables are critical for configuration
- Use **readiness/liveness probes carefully** (startup can take time)
- Not horizontally scalable without careful tuning
---
## 🔌 Custom Container with Plugins
The official NetBox image does not include additional plugins by default.
To support required functionality, we **build a custom container image** with the desired plugins pre-installed.
### Why
- Ensure **reproducible deployments**
- Avoid installing plugins at runtime
- Keep NetBox instances **immutable and version-controlled**
- Simplify upgrades and rollbacks
### How it works
We extend the official NetBox image and install plugins during build time.
Example:
```Dockerfile
FROM ghcr.io/netbox-community/netbox:latest
USER root
# Install plugins
RUN pip install \
netbox-topology-views \
netbox-plugin-dns
USER netbox

16
openbao/README.md Normal file
View File

@@ -0,0 +1,16 @@
# 🔐 OpenBao
## Description
OpenBao is a **centralized secrets management system** designed to securely store, manage, and distribute sensitive data such as passwords, API keys, and certificates.
It provides dynamic secrets, encryption-as-a-service, and fine-grained access control.
## Website
https://openbao.org
## Kubernetes Notes
- Requires **persistent storage** (data loss = secrets loss)
- Use **Kubernetes auth method** for pod access (service account tokens)
- Seal/unseal mechanism must be handled (auto-unseal recommended for production)
- Avoid storing root tokens in manifests → use external secret bootstrap
- Typically deployed via **Helm chart**
- Network policies recommended (restrict access to API)

16
uptime-kuma/README.md Normal file
View File

@@ -0,0 +1,16 @@
# ⏱️ Uptime Kuma
## Description
Uptime Kuma is a **self-hosted monitoring tool** for tracking service availability via HTTP, TCP, ping, and more.
It provides a clean UI, alerting, and optional public status pages.
## Website
https://uptimekuma.org
## Kubernetes Notes
- Lightweight and easy to containerize
- Requires **persistent storage** for history and configuration
- Single instance recommended (no clustering)
- Works well behind **Ingress with TLS**
- Can monitor both **internal cluster services and external endpoints**
- Complements Prometheus/Grafana rather than replacing them