diff --git a/argocd-apps/ttyd.yaml b/argocd-apps/ttyd.yaml deleted file mode 100644 index 412bf64..0000000 --- a/argocd-apps/ttyd.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# apiVersion: argoproj.io/v1alpha1 -# kind: Application -# metadata: -# name: ttyd -# namespace: argocd -# labels: -# env: infra -# spec: -# project: infra -# source: -# repoURL: 'ssh://git@gitea-ssh.dev-tools.svc.cluster.local:2222/dvirlabs/infra.git' -# targetRevision: HEAD -# path: charts/ttyd -# helm: -# valueFiles: -# - ../../manifests/ttyd/values.yaml -# destination: -# server: https://kubernetes.default.svc -# namespace: infra -# syncPolicy: -# automated: -# prune: true -# selfHeal: true -# syncOptions: -# - CreateNamespace=true diff --git a/charts/ttyd/Chart.yaml b/charts/ttyd/Chart.yaml deleted file mode 100644 index 5215edd..0000000 --- a/charts/ttyd/Chart.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v2 -name: ttyd -description: Browser-based terminal via ttyd, managed by ArgoCD -type: application -version: 0.1.0 -appVersion: "latest" -keywords: - - terminal - - ttyd - - kubectl - - web-terminal -maintainers: - - name: dvirlabs -home: https://github.com/tsl0922/ttyd -sources: - - https://github.com/tsl0922/ttyd diff --git a/charts/ttyd/templates/_helpers.tpl b/charts/ttyd/templates/_helpers.tpl deleted file mode 100644 index 0b2493d..0000000 --- a/charts/ttyd/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "ttyd.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "ttyd.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "ttyd.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "ttyd.labels" -}} -helm.sh/chart: {{ include "ttyd.chart" . }} -{{ include "ttyd.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "ttyd.selectorLabels" -}} -app.kubernetes.io/name: {{ include "ttyd.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "ttyd.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "ttyd.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/ttyd/templates/clusterrole.yaml b/charts/ttyd/templates/clusterrole.yaml deleted file mode 100644 index b85579d..0000000 --- a/charts/ttyd/templates/clusterrole.yaml +++ /dev/null @@ -1,94 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -# WARNING: This ClusterRole grants broad read + exec access across the cluster. -# It is intentionally permissive for lab/troubleshooting use. -# Review and restrict these permissions before using in a production environment. -# -# Future auth integration note: -# When oauth2-proxy is added in front of ttyd, consider scoping this role -# further to match the actual user's identity or group permissions. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ttyd.fullname" . }} - labels: - {{- include "ttyd.labels" . | nindent 4 }} -rules: - # Core workload resources — read + basic management for kubectl troubleshooting - - apiGroups: [""] - resources: - - pods - - pods/log - - services - - endpoints - - configmaps - - secrets # WARNING: includes secret read access; tighten in production - - events - - namespaces - - nodes - - persistentvolumeclaims - - persistentvolumes - - replicationcontrollers - - serviceaccounts - verbs: ["get", "list", "watch"] - - # Pod exec and log streaming (needed for `kubectl exec` and `kubectl logs -f`) - - apiGroups: [""] - resources: - - pods/exec - - pods/attach - - pods/portforward - verbs: ["create"] - - # Pod and service management (basic ops for lab use) - - apiGroups: [""] - resources: - - pods - - services - - configmaps - verbs: ["delete", "patch", "update"] - - # Apps resources - - apiGroups: ["apps"] - resources: - - deployments - - replicasets - - statefulsets - - daemonsets - verbs: ["get", "list", "watch", "patch", "delete"] - - # Batch resources - - apiGroups: ["batch"] - resources: - - jobs - - cronjobs - verbs: ["get", "list", "watch", "delete"] - - # Networking resources - - apiGroups: ["networking.k8s.io"] - resources: - - ingresses - - ingressclasses - verbs: ["get", "list", "watch"] - - # RBAC resources (read-only, for inspection purposes) - - apiGroups: ["rbac.authorization.k8s.io"] - resources: - - roles - - rolebindings - - clusterroles - - clusterrolebindings - verbs: ["get", "list", "watch"] - - # Storage classes (read-only) - - apiGroups: ["storage.k8s.io"] - resources: - - storageclasses - verbs: ["get", "list", "watch"] - - # Metrics (optional, useful for `kubectl top`) - - apiGroups: ["metrics.k8s.io"] - resources: - - pods - - nodes - verbs: ["get", "list", "watch"] -{{- end }} diff --git a/charts/ttyd/templates/clusterrolebinding.yaml b/charts/ttyd/templates/clusterrolebinding.yaml deleted file mode 100644 index 8fad5e5..0000000 --- a/charts/ttyd/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -# Binds the ttyd ClusterRole to its dedicated ServiceAccount. -# WARNING: This grants cluster-wide permissions. See clusterrole.yaml for details. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ttyd.fullname" . }} - labels: - {{- include "ttyd.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ttyd.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ include "ttyd.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/ttyd/templates/deployment.yaml b/charts/ttyd/templates/deployment.yaml deleted file mode 100644 index d74f970..0000000 --- a/charts/ttyd/templates/deployment.yaml +++ /dev/null @@ -1,82 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "ttyd.fullname" . }} - labels: - {{- include "ttyd.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "ttyd.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "ttyd.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "ttyd.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - # The tsl0922/ttyd image uses tini as entrypoint (tini -- ). - # args replaces CMD, so ttyd must be the first element. - # "--" is required to separate ttyd flags from the shell command; - # without it, ttyd does not correctly attach the shell as an - # interactive process, causing the browser terminal to accept no input. - # To use kubectl, switch image.repository to a custom image that bundles ttyd + kubectl. - args: - - "ttyd" - - "--port={{ .Values.ttyd.port }}" - - "--" - - {{ .Values.ttyd.command | quote }} - # tty + stdin are required for the browser terminal to accept keyboard input. - # Without these the PTY is not allocated and the shell is non-interactive. - tty: true - stdin: true - ports: - - name: http - containerPort: {{ .Values.ttyd.port }} - protocol: TCP - livenessProbe: - httpGet: - path: / - port: http - initialDelaySeconds: 10 - periodSeconds: 20 - timeoutSeconds: 5 - failureThreshold: 3 - readinessProbe: - httpGet: - path: / - port: http - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 3 - failureThreshold: 3 - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/ttyd/templates/ingress.yaml b/charts/ttyd/templates/ingress.yaml deleted file mode 100644 index fb6e814..0000000 --- a/charts/ttyd/templates/ingress.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "ttyd.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "ttyd.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.ingress.className }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls.enabled }} - tls: - - hosts: - - {{ .Values.ingress.host | quote }} - secretName: {{ .Values.ingress.tls.secretName }} - {{- end }} - rules: - - host: {{ .Values.ingress.host | quote }} - http: - paths: - - path: {{ .Values.ingress.path }} - pathType: {{ .Values.ingress.pathType }} - backend: - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} -{{- end }} diff --git a/charts/ttyd/templates/service.yaml b/charts/ttyd/templates/service.yaml deleted file mode 100644 index 1b6013f..0000000 --- a/charts/ttyd/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "ttyd.fullname" . }} - labels: - {{- include "ttyd.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - {{- include "ttyd.selectorLabels" . | nindent 4 }} diff --git a/charts/ttyd/templates/serviceaccount.yaml b/charts/ttyd/templates/serviceaccount.yaml deleted file mode 100644 index 49096c0..0000000 --- a/charts/ttyd/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "ttyd.serviceAccountName" . }} - labels: - {{- include "ttyd.labels" . | nindent 4 }} -{{- end }} diff --git a/charts/ttyd/values.yaml b/charts/ttyd/values.yaml deleted file mode 100644 index 6407630..0000000 --- a/charts/ttyd/values.yaml +++ /dev/null @@ -1,54 +0,0 @@ -replicaCount: 1 - -image: - repository: tsl0922/ttyd - tag: latest - pullPolicy: IfNotPresent - -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - create: true - name: "" - -service: - type: ClusterIP - port: 7681 - -ttyd: - port: 7681 - # Shell command passed to ttyd. Switch to a custom image with kubectl for full functionality. - command: "/bin/sh" - -ingress: - enabled: true - className: traefik - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - host: kctl.dvirlabs.com - path: / - pathType: Prefix - tls: - enabled: true - secretName: tls-ttyd-ingress - -resources: - requests: - cpu: 50m - memory: 64Mi - limits: - cpu: 200m - memory: 128Mi - -podAnnotations: {} - -podSecurityContext: {} - -securityContext: {} - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/manifests/cloudflared/values.yaml b/manifests/cloudflared/values.yaml index 7ad4884..708c299 100644 --- a/manifests/cloudflared/values.yaml +++ b/manifests/cloudflared/values.yaml @@ -66,12 +66,6 @@ cloudflare: service: https://192.168.10.155:10000 originRequest: noTLSVerify: true - - hostname: chai3.dvirlabs.com - service: http://app-3.sandbox.svc.cluster.local:80 - - hostname: chai2.dvirlabs.com - service: http://app-2.sandbox.svc.cluster.local:80 - - hostname: chai1.dvirlabs.com - service: http://app-1.sandbox.svc.cluster.local:80 - hostname: music.dvirlabs.com service: http://navidrome.my-apps.svc.cluster.local:4533 - hostname: tunedrop.dvirlabs.com @@ -81,10 +75,6 @@ cloudflare: - hostname: kuma.dvirlabs.com service: http://uptime-kuma-prod.monitoring.svc.cluster.local:3001 - hostname: nextcloud.dvirlabs.com - service: http://nextcloud.my-apps.svc.cluster.local:8080 - - hostname: focalboard.dvirlabs.com - service: http://focalboard.dev-tools.svc.cluster.local:80 - - hostname: planka.dvirlabs.com service: http://planka.dev-tools.svc.cluster.local:1337 - hostname: pgadmin.dvirlabs.com service: http://pgadmin.my-apps.svc.cluster.local:80 @@ -104,28 +94,12 @@ cloudflare: service: http://dateme-frontend.my-apps.svc.cluster.local:80 - hostname: api-dateme.dvirlabs.com service: http://dateme-backend.my-apps.svc.cluster.local:8000 - - hostname: ipify.dvirlabs.com - service: http://ipify-frontend.my-apps.svc.cluster.local:80 - - hostname: api-ipify.dvirlabs.com - service: http://ipify-backend.my-apps.svc.cluster.local:8000 - hostname: invy.dvirlabs.com service: http://invy-frontend.my-apps.svc.cluster.local:80 - hostname: api-invy.dvirlabs.com service: http://invy-backend.my-apps.svc.cluster.local:8000 - hostname: radar.dvirlabs.com service: http://radar.infra.svc.cluster.local:9280 - - hostname: open-meteo.dvirlabs.com - service: http://open-meteo-service-open-meteo-service.sandbox.svc.cluster.local:8000 - - hostname: open-meteo-grafana.dvirlabs.com - service: http://open-meteo-service-open-meteo-service-grafana.sandbox.svc.cluster.local:3000 - - hostname: open-meteo-prometheus.dvirlabs.com - service: http://open-meteo-service-open-meteo-service-prometheus.sandbox.svc.cluster.local:9090 - - hostname: open-meteo-gitlab.dvirlabs.com - service: http://open-meteo-service-gitlab-open-meteo-service.sandbox.svc.cluster.local:8000 - - hostname: open-meteo-grafana-gitlab.dvirlabs.com - service: http://open-meteo-service-gitlab-open-meteo-service-grafana.sandbox.svc.cluster.local:3000 - - hostname: open-meteo-prometheus-gitlab.dvirlabs.com - service: http://open-meteo-service-gitlab-open-meteo-service-prometheus.sandbox.svc.cluster.local:9090 - hostname: calink.dvirlabs.com service: http://calink-frontend.my-apps.svc.cluster.local:80 - hostname: api-calink.dvirlabs.com @@ -134,8 +108,6 @@ cloudflare: service: http://headlamp.infra.svc.cluster.local:80 - hostname: chat.dvirlabs.com service: http://open-webui.ai-stack.svc.cluster.local:80 - - hostname: kctl.dvirlabs.com - service: http://ttyd.infra.svc.cluster.local:7681 cloudflared: image: repository: cloudflare/cloudflared diff --git a/manifests/ttyd/values.yaml b/manifests/ttyd/values.yaml deleted file mode 100644 index 2bea44b..0000000 --- a/manifests/ttyd/values.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# ttyd environment-specific values -# Overrides charts/ttyd/values.yaml defaults - -replicaCount: 1 - -image: - # Switch to a custom image that bundles ttyd + kubectl for full kubectl support. - # Example: repository: registry.dvirlabs.com/ttyd-kubectl - repository: tsl0922/ttyd - tag: latest - pullPolicy: IfNotPresent - -serviceAccount: - create: true - name: "" - -service: - port: 7681 - -ttyd: - port: 7681 - # Shell to launch in the browser terminal. - # Change to /bin/bash if using a custom image that includes bash + kubectl. - command: "/bin/sh" - -ingress: - enabled: true - className: traefik - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - host: kctl.dvirlabs.com - path: / - pathType: Prefix - tls: - enabled: true - secretName: tls-ttyd-ingress - -resources: - requests: - cpu: 50m - memory: 64Mi - limits: - cpu: 200m - memory: 128Mi - -nodeSelector: {} -tolerations: [] -affinity: {}