feat: migrate nginx + deps

.github/workflows/ci.yaml

@@ -0,0 +1,24 @@
+---
+
+name: 'CI'
+
+
+on:
+  push:
+    branches:
+      - '**'
+    tags:
+      - '*'
+
+jobs:
+
+
+  mkdocs:
+    name: 'MKDocs'
+    permissions:
+      pull-requests: write
+      contents: write
+      statuses: write
+      checks: write
+      actions: write
+    uses: nofusscomputing/action_mkdocs/.github/workflows/reusable_mkdocs.yaml@development

.github/workflows/pull_request.yaml

@@ -0,0 +1,26 @@
+---
+
+name: Pull Requests
+
+
+on:
+  pull_request: {}
+
+
+jobs:
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install yamllint
+        run: pip install yamllint
+
+      - name: Lint YAML files
+        run: yamllint ${PWD}/
+
+
+  pull-request:
+    name: pull-request
+    uses: nofusscomputing/action_pull_requests/.github/workflows/pull-requests.yaml@development

.gitignore

@@ -0,0 +1,2 @@
+# Temp Files
+*.tmp.*

.gitmodules

@@ -0,0 +1,8 @@
+[submodule "website-template"]
+	path = website-template
+	url = https://gitlab.com/nofusscomputing/infrastructure/website-template.git
+	branch = development
+[submodule "gitlab-ci"]
+	path = gitlab-ci
+	url = https://gitlab.com/nofusscomputing/projects/gitlab-ci.git
+	branch = development

.vscode/settings.json

@@ -0,0 +1,35 @@
+{
+    "linter.linters": {
+        "yamllint": {
+            "capabilities": [
+                "ignore-line"
+            ],
+            "command": [
+                "yamllint",
+                "--format",
+                "parsable",
+                [
+                    "$config",
+                    "--config-file",
+                    "$config"
+                ],
+                "-"
+            ],
+            "configFiles": [
+                ".yamllint.yml",
+                ".yamllint.yaml",
+                ".yamllint"
+            ],
+            "enabled": true,
+            "languages": [
+                "yaml"
+            ],
+            "name": "yamllint",
+            "url": "https://github.com/adrienverge/yamllint"
+        }
+    },
+    "editor.detectIndentation": false,
+    "editor.indentSize": "tabSize",
+    "editor.tabSize": 2,
+    "files.eol": "\n"
+}

.yamllint

@@ -0,0 +1,77 @@
+---
+
+# extends: default
+
+
+ignore:
+  - '.github/'
+  - '**/crd/**'
+  - mkdocs.yml
+  - '*PrometheusRule*'
+  - '**/source/**'
+
+rules:
+  braces:
+    level: error
+    max-spaces-inside: 1
+    min-spaces-inside: 1
+    min-spaces-inside-empty: 0
+    max-spaces-inside-empty: 0
+
+  brackets:
+    level: error
+    max-spaces-inside: 1
+    min-spaces-inside: 1
+    min-spaces-inside-empty: 0
+    max-spaces-inside-empty: 0
+
+  colons:
+    level: warning
+    max-spaces-after: 1
+
+  commas:
+    level: warning
+
+  comments:
+    level: error
+    require-starting-space: true
+    ignore-shebangs: true
+    min-spaces-from-content: 4
+
+  comments-indentation:
+    level: error
+
+  document-end:
+    level: error
+    present: false
+
+  document-start:
+    level: error
+    present: true
+
+  empty-lines:
+    level: error
+    max: 3
+    max-start: 0
+    max-end: 0
+
+  hyphens:
+    level: error
+    max-spaces-after: 1
+
+  indentation:
+    level: error
+    spaces: 2
+    indent-sequences: true
+    check-multi-line-strings: true
+
+  line-length:
+    level: warning
+    max: 100
+    allow-non-breakable-inline-mappings: true
+
+  new-lines:
+    level: error
+    type: unix
+
+  truthy: disable

docs/projects/kustomize/index.md

@@ -0,0 +1,32 @@
+---
+title: Kustomize Manifests
+description: Documentation home for No Fuss Computing's Kubernetes Kustomize Manifests
+date: 2025-06-12
+template: project.html
+about: https://github.com/nofusscomputing/kubernetes
+---
+
+<span style="text-align: center;">
+
+![Endpoint Badge](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnofusscomputing%2Fkubernetes%2Frefs%2Fheads%2Fdevelopment%2F.meta%2Fproject_status.json)
+
+----
+
+![GitHub forks](https://img.shields.io/github/forks/NofussComputing/kubernetes?logo=github&style=plastic&color=000000&labell=Forks) ![GitHub stars](https://img.shields.io/github/stars/NofussComputing/kubernetes?color=000000&logo=github&style=plastic) ![Github Watchers](https://img.shields.io/github/watchers/NofussComputing/kubernetes?color=000000&label=Watchers&logo=github&style=plastic)
+
+</span>
+
+This project exists to provide a single location for all you Kubernetes deployment puposes. Contained within the [Kustomize repository](https://github.com/nofusscomputing/kubernetes) are Kubernetes Kustomize manifests ready for deployment. You are free to use them and that includes to collaborate in the addition and maintenance of the manifests.
+
+
+## Problems to Solve
+
+As the intent of this repository is for config management, although limited to the deployment configuration minus any secrets and customizations. As much as possible **There is a requirement for CI for Quality Control.** To aid in this tooling to assist in the process will need to be created. The following list includes and is not limited to, problems to solve:
+
+- Deploying the manifests to test they work
+
+- Identifying if a base / component has a dependency. _i.e. other apps that must be deployed first._
+
+- Updating manifest repo locations.
+
+  if a manifest that is fetched via git has had an update, then being able to update this when it occurs or close to.

manifests/alert-manager/base/AlertManager-cluster.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: monitoring.coreos.com/v1
+kind: Alertmanager
+metadata:
+  labels:
+    app.kubernetes.io/component: alerting
+  name: cluster
+spec:
+  externalUrl: alert-manager.local
+  nodeSelector:
+    kubernetes.io/os: linux
+  podMetadata:
+    labels:
+      app.kubernetes.io/component: alerting
+  replicas: 1
+  resources:
+    limits:
+      cpu: 100m
+      memory: 100Mi
+    requests:
+      cpu: 4m
+      memory: 100Mi
+  securityContext:
+    fsGroup: 2000
+    runAsNonRoot: true
+    runAsUser: 1000
+  serviceAccountName: alertmanager
+  version: v0.27.0

manifests/alert-manager/base/Service-alertmanager.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/component: alerting
+  name: cluster
+spec:
+  ports:
+    - name: web
+      port: 9093
+      targetPort: web
+    - name: reloader-web
+      port: 8080
+      targetPort: reloader-web
+  selector:
+    app.kubernetes.io/component: alerting
+  sessionAffinity: ClientIP

manifests/alert-manager/base/ServiceAccount-alertmanager.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+automountServiceAccountToken: false
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/component: alerting
+  name: alertmanager

manifests/alert-manager/base/kustomization.yaml

@@ -0,0 +1,50 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+
+namespace: alert
+
+labels:
+  - includeSelectors: true
+    pairs:
+      app.kubernetes.io/instance: cluster
+      app.kubernetes.io/name: alertmanager
+      app.kubernetes.io/part-of: alertmanager
+
+
+resources:
+  # - Secret-alertmanager.yaml
+  - ServiceAccount-alertmanager.yaml
+  - AlertManager-cluster.yaml
+  - Service-alertmanager.yaml
+  # - PrometheusRule-alertmanager.yaml
+  # - serviceMonitor-alertmanager.yaml
+
+
+patches:
+  # yamllint disable rule:indentation
+  - target:
+      kind: Alertmanager
+      name: cluster
+    patch: |-
+      - op: replace
+        path: /spec/version
+        value: v0.27.0
+
+      - op: replace
+        path: /spec/externalUrl
+        value: alert-manager.local
+  # yamllint enable rule:indentation
+
+replacements:
+  - source:
+      kind: Alertmanager
+      name: cluster
+      fieldPath: metadata.labels
+    targets:
+      - select:
+          kind: Alertmanager
+          name: cluster
+        fieldPaths:
+          - spec.podMetadata.labels

manifests/alert-manager/components/dashboard/GrafanaDashboard-AlertManager.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: grafana.integreatly.org/v1beta1
+kind: GrafanaDashboard
+metadata:
+  labels:
+    app.kubernetes.io/component: alerting
+  name: alertmanager
+spec:
+  allowCrossNamespaceImport: true
+  folder: "General"
+  resyncPeriod: 24h
+  instanceSelector:
+    matchLabels:
+      dashboards: grafana
+  grafanaCom:
+    id: 9578
+    revision: 4     # as @ 19-09-23

manifests/alert-manager/components/dashboard/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+
+resources:
+  - GrafanaDashboard-AlertManager.yaml

manifests/alert-manager/components/ingress/Ingress-alert-manager.yaml

@@ -0,0 +1,34 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/common-name: alert-manager.local
+    cert-manager.io/duration: 2160h
+    cert-manager.io/private-key-algorithm: ECDSA
+    cert-manager.io/private-key-rotation-policy: Always
+    cert-manager.io/private-key-size: "384"
+    cert-manager.io/subject-countries: N/A
+    cert-manager.io/subject-organizationalunits: N/A
+    cert-manager.io/subject-organizations: N/A
+    cert-manager.io/subject-provinces: N/A
+  labels:
+    app.kubernetes.io/component: alerting
+  name: alert-manager
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: alert-manager.local
+      http:
+        paths:
+          - backend:
+              service:
+                name: cluster
+                port:
+                  name: web
+            path: /
+            pathType: Prefix
+  tls:
+    - hosts:
+        - alert-manager.local
+      secretName: certificate-tls-alert-manager