Trivernis
/
cluster-config
mirror of https://codeberg.org/Trivernis/cluster-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add tandoor

Browse Source
main
trivernis 1 year ago
parent ec5bd17212
commit 10e857d4b8
Signed by: Trivernis
GPG Key ID: 7E6D18B61C8D2F4B
10 changed files with 350 additions and 0 deletions
Show Stats Download Patch File Download Diff File

16
apps/apps.yaml
Unescape Escape View File

@ -36,3 +36,19 @@ resources:
- searxng/config.yaml - searxng/config.yaml
- searxng/deploy.yaml - searxng/deploy.yaml
- searxng/route.yaml - searxng/route.yaml
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: tandoor
metadata:
name: tandoor
resources:
- tandoor/namespace.yaml
- tandoor/service-account.yaml
- searxng/recipes-sealedsecret.yaml
- tandoor/config.yaml
- tandoor/pvc.yaml
- tandoor/postgres.yaml
- searxng/deploy.yaml
- searxng/service.yaml
- searxng/route.yaml

30
apps/tandoor/config.yaml
Unescape Escape View File

@ -0,0 +1,30 @@
kind: ConfigMap
apiVersion: v1
metadata:
labels:
app: recipes
name: recipes-nginx-config
namespace: tandoor
data:
nginx-config: |-
events {
worker_connections 1024;
}
http {
include mime.types;
server {
listen 80;
server_name _;
client_max_body_size 16M;
# serve static files
location /static/ {
alias /static/;
}
# serve media files
location /media/ {
alias /media/;
}
}
}

189
apps/tandoor/deploy.yaml
Unescape Escape View File

@ -0,0 +1,189 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: recipes
namespace: tandoor
labels:
app: recipes
environment: production
tier: frontend
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: recipes
environment: production
template:
metadata:
labels:
app: recipes
tier: frontend
environment: production
spec:
restartPolicy: Always
serviceAccount: recipes
serviceAccountName: recipes
initContainers:
- name: init-chmod-data
env:
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: recipes-secret
key: secret-key
- name: DB_ENGINE
value: django.db.backends.postgresql_psycopg2
- name: POSTGRES_HOST
value: recipes-db
- name: POSTGRES_PORT
value: "5432"
- name: POSTGRES_USER
value: postgres
- name: POSTGRES_DB
value: postgres
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: recipes-secret
key: postgresql-password
image: vabene1111/recipes
imagePullPolicy: Always
resources:
requests:
cpu: 250m
memory: 64Mi
command:
- sh
- -c
- |
set -e
source venv/bin/activate
echo "Updating database"
python manage.py migrate
python manage.py collectstatic_js_reverse
python manage.py collectstatic --noinput
echo "Setting media file attributes"
chown -R 65534:65534 /opt/recipes/mediafiles
find /opt/recipes/mediafiles -type d | xargs -r chmod 755
find /opt/recipes/mediafiles -type f | xargs -r chmod 644
echo "Done"
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/recipes/mediafiles
name: media
# mount as subPath due to lost+found on ext4 pvc
subPath: files
- mountPath: /opt/recipes/staticfiles
name: static
# mount as subPath due to lost+found on ext4 pvc
subPath: files
containers:
- name: recipes-nginx
image: nginx:alpine-slim
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
protocol: TCP
name: http
- containerPort: 8080
protocol: TCP
name: gunicorn
resources:
requests:
cpu: 250m
memory: 64Mi
volumeMounts:
- mountPath: /media
name: media
# mount as subPath due to lost+found on ext4 pvc
subPath: files
- mountPath: /static
name: static
# mount as subPath due to lost+found on ext4 pvc
subPath: files
- name: nginx-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx-config
readOnly: true
- name: recipes
image: vabene1111/recipes
imagePullPolicy: IfNotPresent
command:
- /opt/recipes/venv/bin/gunicorn
- -b
- :8080
- --access-logfile
- "-"
- --error-logfile
- "-"
- --log-level
- INFO
- recipes.wsgi
livenessProbe:
failureThreshold: 3
httpGet:
path: /
port: 8080
scheme: HTTP
periodSeconds: 30
readinessProbe:
httpGet:
path: /
port: 8080
scheme: HTTP
periodSeconds: 30
resources:
requests:
cpu: 250m
memory: 64Mi
volumeMounts:
- mountPath: /opt/recipes/mediafiles
name: media
# mount as subPath due to lost+found on ext4 pvc
subPath: files
- mountPath: /opt/recipes/staticfiles
name: static
# mount as subPath due to lost+found on ext4 pvc
subPath: files
env:
- name: DEBUG
value: "0"
- name: ALLOWED_HOSTS
value: '*'
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: recipes-secret
key: secret-key
- name: GUNICORN_MEDIA
value: "0"
- name: DB_ENGINE
value: django.db.backends.postgresql_psycopg2
- name: POSTGRES_HOST
value: recipes-db
- name: POSTGRES_PORT
value: "5432"
- name: POSTGRES_USER
value: postgres
- name: POSTGRES_DB
value: postgres
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: recipes-secret
key: postgresql-password
securityContext:
runAsUser: 65534
volumes:
- name: media
persistentVolumeClaim:
claimName: recipes-media
- name: static
persistentVolumeClaim:
claimName: recipes-static
- name: nginx-config
configMap:
name: recipes-nginx-config

6
apps/tandoor/namespace.yaml
Unescape Escape View File

@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: tandoor
labels:
name: tandoor

22
apps/tandoor/postgres.yaml
Unescape Escape View File

@ -0,0 +1,22 @@
apiVersion: kubegres.reactive-tech.io/v1
kind: Kubegres
metadata:
name: recipes-db
namespace: tandoor
spec:
replicas: 2
image: postgres:16-alpine
database:
size: 2Gi
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: recipes-secret
key: postgresql-password
- name: POSTGRES_REPLICATION_PASSWORD
valueFrom:
secretKeyRef:
name: recipes-secret
key: replication-password

28
apps/tandoor/pvc.yaml
Unescape Escape View File

@ -0,0 +1,28 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: recipes-media
namespace: tandoor
labels:
app: recipes
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn-hdd-crypto-global
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: recipes-static
namespace: tandoor
labels:
app: recipes
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

18
apps/tandoor/recipes-sealedsecret.yaml
Unescape Escape View File

@ -0,0 +1,18 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: recipes-secret
namespace: tandoor
spec:
encryptedData:
postgresql-password: AgBcusmDi53vbvZL/v6yTwABvww94o+keuVCKMj6sy6muRzLpLvOu+On3vbNl49hoCXALqsMLQ3NGZ78UpuTWbfUU49nJYrmPyGdBMUW+Nwz1jqkIX/jloUcB/Ltac0YtWu57BOTbhwlGUGSS7LwF8/A2UK3wlQVF/QvUBXU6JRWvWEbzJoQFZQ1xumQR8G1WEqYgMyd99BgJiJYeqoXDFPiYPd+2cUND8B47OgNgXY1MpLo48osbtbdV+lBcCchflX+foGwTHrKTqsrqzhVUQSkEJReAcLg7GzA0f2/vcKxJTZRCv0xgrz8ejo0uz81Xvp0Z0PeLGXmPcT0D3wba1pO+jX32maUtyTBfDwSW8W017fA3q35t0sEPnhJmEFDiIevghjbG0guu9cNubW5pJBs2iHlytzO8e4J1bOfYec23pwbbdJDz1C6Csnh6GfvpYS2E67yKLoEXUDIQPlhRpL2myE1be1DtD3owrh0EsZlAVjWcB9TEnOmVDW2QbJPrCbtattCTCB1RIAEaCB8XT4V1muIX2Y8fwQnGfzWilmbA7TyagwUBbp3WpYAea/Jo+/V9su8QzYgQTyGlbiL0LQpQ96pPZ5ZDYkJRQN0NMfWo0IbdMaUHrD4/5afTEF+hSA6l92qAm2UxcvYonrMvwDfpDUBOgBkrJEwEafiVUNeDkV9d3iukLC1QzT7ubf8WpEXlB12CGYlDy7amrowMhpa
replication-password: AgCXOtyEfTbeUjKWDfLhxLvBzbyFUMDq2Vl64ddwEV+MwVgBTACvXM0JF5GjlX2TsoRB8DvOlMBiuNxCnM+ZO0u0fc8PzjbHq/9onUXNtalzG1srgJctQi4OO/PsnNE7x2Q/CpWAKRXmzRrifHEnyqrqr0heh73C2wCrGRb6tR9Nd6m1H9nf/OaAERx+3Nd3/ChR1y+NPBjMK/VrU5H1+S1lqLw+uokK702cOZlfJxYA8Lzm6g5kigSHrsp+41l5s5xUn0FW+69KCiDPyRJuFTfnNKI+cApw4XBw1YHuL68uvn2dPI0cXGmq2djPziC+vVkABozg2HCSvUYcWlNhPPaK87wAoXUIo1PYz8lwDdsFSZyM0plLzF1ajuZmVsDNPOmBvRbponXT+xDFZV4MJR66q4fVGfiq88eEIO6LJNajdquhPjvN5//K4uWnVtQjfDEmdAJgsvBykikTUeC2BJqjHiwZv6D58eKMBWwdm+71pFOCh4L9Ei3my4M0t2QIADcB3KsPVTPD7XgXBuJvcHwl33g6xKUg7S4HaP6H3ce/gT5cn3Dqezc+U6cjJdjQenpT0CPIhg0ONXVnKY4XpmqJynasXZ2Ur4Jye6XVpnTTk+ZLMy679Bj2GF/YMNMwSaU5LT1TQvELZkdRQEZiiAl2wAES0txG1T6cz/aiW1MOsIIY7en56iIQVkDuR6WqEpmEZi7O+lxAL+4XcXi/HRpU
secret-key: AgBe6S+5Iss4/+RGwYaFYIVsfjCHq8lY5C1NSvbAqladp85C0KabkucEYR5XEv+rbkiSLzQ0fkw9sXPqpySQKIo5K35O5EZYJO8kvLNStD9qmI3pPGgD/dPowMej1n0VyXEkFfacaz6sbu/WZ03+9GjzkQ98mBkUFaCZfYtjjFuBALro6BQReqcaPHI1a2QBKCgpHlH/FTtU4lxixVjDjbH4t5qeO125cx9xt9fkFctELH9I3vCz9xFJgG+pldalSo82Paem3PiGTxYWd0dfE3+2pujRBXOS5xnOBDKYt/bY3783xt02A3rWbDrF+Tuyq97nUDXuGGDd8C2M3250UpUwsQuBz6e9P+RBcznhrrBqFdR5wHigot2Qd0yFOfQOpoXEEXM3FTOBPorwG0IvMemREtyux79tEilr4Uy59zDgcaS0KNJDg+0hBt2IIqxPAYpx2KjSZgBULwWO2JUaaPTxJs43R0UZZ6U8/PFVS1sg1gXgjvi69Kant1oa3c9MIajjfV8lbyeDilivK+/Phx2WJkAZNtbP/twDr0zRw2NIDBu6fzPe4Io6N28I8VRqoTn6jy7l4lNZGE3Zyb3gQfDvfp6JeIkv6vXYylaAdBCnq3eY/JjQosspGRrJ5lTzmoL6Ts3POkZm2w0CNueAwZjQ0sDju9hFEp98MKoB8BCg5trG+1+hu+j5djse6d15+zAQ3aTuSlrS9scV33tiBrnIbVJHB7mbfia48elJ5rvp4g==
template:
metadata:
creationTimestamp: null
name: recipes-secret
namespace: tandoor
type: Opaque

14
apps/tandoor/route.yaml
Unescape Escape View File

@ -0,0 +1,14 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: longhorn-route
namespace: longhorn-system
spec:
entryPoints:
- web
routes:
- match: Host(`recipes.trivernis.dev`) || Host(`recipes.trivernis.net`)
kind: Rule
services:
- name: recipes-service
port: 80

5
apps/tandoor/service-account.yaml
Unescape Escape View File

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: recipes
namespace: tandoor

22
apps/tandoor/service.yaml
Unescape Escape View File

@ -0,0 +1,22 @@
apiVersion: v1
kind: Service
metadata:
name: recipes-service
namespace: tandoor
labels:
app: recipes
tier: frontend
spec:
selector:
app: recipes
tier: frontend
environment: production
ports:
- port: 80
targetPort: http
name: http
protocol: TCP
- port: 8080
targetPort: gunicorn
name: gunicorn
protocol: TCP
Write Preview
Loading…
Cancel
Save