From 7420d2f054aa530bc0accf40243fcbaf63c9ed4d Mon Sep 17 00:00:00 2001
From: Mike Shoup <mike@shoup.io>
Date: Wed, 26 Feb 2020 18:44:53 -0700
Subject: [PATCH 1/8] Add coredns configmap

---
 workloads/kube-system/coredns-config.yml | 30 ++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 workloads/kube-system/coredns-config.yml

diff --git a/workloads/kube-system/coredns-config.yml b/workloads/kube-system/coredns-config.yml
new file mode 100644
index 0000000..e47c334
--- /dev/null
+++ b/workloads/kube-system/coredns-config.yml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    addonmanager.kubernetes.io/mode: EnsureExists
+    k8s-app: kube-dns
+  name: coredns
+  namespace: kube-system
+data:
+  Corefile: |
+    .:53 {
+        errors
+        health {
+          lameduck 5s
+        }
+        ready
+        log . {
+          class error
+        }
+        kubernetes cluster.local in-addr.arpa ip6.arpa {
+          pods insecure
+          fallthrough in-addr.arpa ip6.arpa
+        }
+        prometheus :9153
+        forward . 10.30.14.1
+        cache 30
+        loop
+        reload
+        loadbalance
+    }

From b5eb4661846493497fc217b8eb9b6ea2d4cab8aa Mon Sep 17 00:00:00 2001
From: Mike Shoup <mike@shoup.io>
Date: Wed, 26 Feb 2020 18:48:50 -0700
Subject: [PATCH 2/8] Update URL

---
 workloads/grafana/grafana-deploy.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/workloads/grafana/grafana-deploy.yml b/workloads/grafana/grafana-deploy.yml
index 8c406e4..4814e22 100644
--- a/workloads/grafana/grafana-deploy.yml
+++ b/workloads/grafana/grafana-deploy.yml
@@ -21,6 +21,8 @@ spec:
         imagePullPolicy: IfNotPresent
         name: grafana
         env:
+        - name: GRAFANA_SERVER_ROOT_URL
+          value: https://grafana.shoup.io
         - name: GRAFANA_DATABASE_TYPE
           value: postgres
         - name: GRAFANA_DATABASE_HOST

From 9d7db862439df222e4dba9a2174bfd50695487ea Mon Sep 17 00:00:00 2001
From: Mike Shoup <mike@shoup.io>
Date: Wed, 26 Feb 2020 18:54:00 -0700
Subject: [PATCH 3/8] Use correct env varaibles

---
 workloads/grafana/grafana-deploy.yml | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/workloads/grafana/grafana-deploy.yml b/workloads/grafana/grafana-deploy.yml
index 4814e22..a37df2e 100644
--- a/workloads/grafana/grafana-deploy.yml
+++ b/workloads/grafana/grafana-deploy.yml
@@ -21,23 +21,25 @@ spec:
         imagePullPolicy: IfNotPresent
         name: grafana
         env:
-        - name: GRAFANA_SERVER_ROOT_URL
+        - name: GF_SERVER_ROOT_URL
           value: https://grafana.shoup.io
-        - name: GRAFANA_DATABASE_TYPE
+        - name: GF_SERVER_DOMAIN
+          value: grafana.shoup.io
+        - name: GF_DATABASE_TYPE
           value: postgres
-        - name: GRAFANA_DATABASE_HOST
+        - name: GF_DATABASE_HOST
           value: postgres:5432
-        - name: GRAFANA_DATABASE_NAME
+        - name: GF_DATABASE_NAME
           valueFrom:
             secretKeyRef:
               name: postgres
               key: POSTGRES_USER
-        - name: GRAFANA_DATABASE_USER
+        - name: GF_DATABASE_USER
           valueFrom:
             secretKeyRef:
               name: postgres
               key: POSTGRES_USER
-        - name: GRAFANA_DATABASE_PASSWORD
+        - name: GF_DATABASE_PASSWORD
           valueFrom:
             secretKeyRef:
               name: postgres

From 8620dfe73c70247c4e9ee1ea1399b25f73290c29 Mon Sep 17 00:00:00 2001
From: Mike Shoup <mike@shoup.io>
Date: Sat, 29 Feb 2020 17:23:00 -0700
Subject: [PATCH 4/8] Add backup job

---
 workloads/nextcloud/nextcloud-cron.yml | 58 ++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)

diff --git a/workloads/nextcloud/nextcloud-cron.yml b/workloads/nextcloud/nextcloud-cron.yml
index 7464587..788b181 100644
--- a/workloads/nextcloud/nextcloud-cron.yml
+++ b/workloads/nextcloud/nextcloud-cron.yml
@@ -64,3 +64,61 @@ spec:
             - "60"
             - "http://nextcloud"
           restartPolicy: Never
+---
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: ncbackup
+  namespace: nextcloud
+spec:
+  schedule: "00 01 * * *"
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          imagePullSecrets:
+          - name: gitlab-regcred
+          containers:
+          - name: ncbackup
+            image: registry.gitlab.com/shouptech/ncbackup:454955999
+            imagePullPolicy: IfNotPresent
+            env:
+            - name: NC_CONFIG_FILE
+              value: /var/www/html/config/config.php
+            - name: NC_DATA_PATH
+              value: /var/www/html/
+            - name: NC_DATA_DEST
+              value: /bkup/data/
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: postgres
+                  key: POSTGRES_USER
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgres
+                  key: POSTGRES_PASSWORD
+            - name: POSTGRES_HOST
+              value: postgres
+            - name: POSTGRES_PORT
+              value: "5432"
+            - name: POSTGRES_DB
+              value: nextcloud
+            - name: POSTGRES_DEST
+              value: /bkup/db/
+            volumeMounts:
+            - name: nextcloud-data
+              mountPath: /var/www/html
+            - name: nextcloud-backup
+              mountPath: /bkup
+          restartPolicy: Never
+          volumes:
+          - name: nextcloud-data
+            hostPath:
+              path: /opt/nextcloud/pod
+              type: Directory
+          - name: nextcloud-backup
+            hostPath:
+              path: /net/hv01/opt/backup/nextcloud

From 068f5309e5468384ce520c90709fe5b6976428a3 Mon Sep 17 00:00:00 2001
From: flux <flux@noreply.shoup.io>
Date: Mon, 2 Mar 2020 00:02:38 +0000
Subject: [PATCH 5/8] Release
 registry.gitlab.com/shouptech/home-assistant:0.106.2 to
 default:deployment/hass

---
 workloads/hass/deployment.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/workloads/hass/deployment.yml b/workloads/hass/deployment.yml
index cf952b2..468169a 100644
--- a/workloads/hass/deployment.yml
+++ b/workloads/hass/deployment.yml
@@ -1,3 +1,4 @@
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -13,7 +14,7 @@ spec:
         app: hass
     spec:
       containers:
-      - image: registry.gitlab.com/shouptech/home-assistant:0.104.3
+      - image: registry.gitlab.com/shouptech/home-assistant:0.106.2
         imagePullPolicy: IfNotPresent
         name: hass
         ports:

From db737232e341038a6e800d4e5c557caac0c4cb51 Mon Sep 17 00:00:00 2001
From: Mike Shoup <mike@shoup.io>
Date: Sun, 1 Mar 2020 17:04:00 -0700
Subject: [PATCH 6/8] Always recreate home assistant

---
 workloads/hass/deployment.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/workloads/hass/deployment.yml b/workloads/hass/deployment.yml
index cf952b2..06457aa 100644
--- a/workloads/hass/deployment.yml
+++ b/workloads/hass/deployment.yml
@@ -4,6 +4,8 @@ metadata:
   name: hass
 spec:
   replicas: 1
+  strategy:
+    type: Recreate
   selector:
     matchLabels:
       app: hass

From 27983a958dc53000c92bddc116b08eda01fffb29 Mon Sep 17 00:00:00 2001
From: flux <flux@noreply.shoup.io>
Date: Mon, 2 Mar 2020 00:10:40 +0000
Subject: [PATCH 7/8] Release
 registry.gitlab.com/shouptech/home-assistant:0.104.3 to
 default:deployment/hass

---
 workloads/hass/deployment.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/workloads/hass/deployment.yml b/workloads/hass/deployment.yml
index b43e389..8650b44 100644
--- a/workloads/hass/deployment.yml
+++ b/workloads/hass/deployment.yml
@@ -16,7 +16,7 @@ spec:
         app: hass
     spec:
       containers:
-      - image: registry.gitlab.com/shouptech/home-assistant:0.106.2
+      - image: registry.gitlab.com/shouptech/home-assistant:0.104.3
         imagePullPolicy: IfNotPresent
         name: hass
         ports:

From 241b3f73bed150241f26c3810a131e0cd9a43772 Mon Sep 17 00:00:00 2001
From: Mike Shoup <mike@shoup.io>
Date: Tue, 3 Mar 2020 19:45:17 -0700
Subject: [PATCH 8/8] Add prometheus service account

---
 workloads/kube-system/prometheus-sa.yml | 58 +++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 workloads/kube-system/prometheus-sa.yml

diff --git a/workloads/kube-system/prometheus-sa.yml b/workloads/kube-system/prometheus-sa.yml
new file mode 100644
index 0000000..5d6283c
--- /dev/null
+++ b/workloads/kube-system/prometheus-sa.yml
@@ -0,0 +1,58 @@
+# This file is used to create a prometheus service account
+# and role bindings.
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: prometheus
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: prometheus
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+      - nodes/metrics
+      - services
+      - endpoints
+      - pods
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+  - nonResourceURLs:
+      - "/metrics"
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: prometheus
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: prometheus
+subjects:
+- kind: ServiceAccount
+  name: prometheus
+  namespace: kube-system
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: prometheus-secret
+  namespace: kube-system
+  annotations:
+    kubernetes.io/service-account.name: prometheus
+type: kubernetes.io/service-account-token