From e54921a4cc7b4ec3d0664e620785ce689ba91877 Mon Sep 17 00:00:00 2001 From: Kustas Kurval Date: Tue, 10 Feb 2026 13:16:07 +0200 Subject: [PATCH] add(memelord-kkurval.yaml) --- memelord-kkurval.yaml | 348 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 348 insertions(+) create mode 100644 memelord-kkurval.yaml diff --git a/memelord-kkurval.yaml b/memelord-kkurval.yaml new file mode 100644 index 0000000..bd2cca8 --- /dev/null +++ b/memelord-kkurval.yaml @@ -0,0 +1,348 @@ +# kubectl create namespace memelord-kkurval +# kubectl diff -n memelord-kkurval -f memelord-kkurval.yaml +# kubectl apply -n memelord-kkurval -f memelord-kkurval.yaml + + +--- +# For session info, fast database +apiVersion: secretgenerator.mittwald.de/v1alpha1 +kind: StringSecret +metadata: + # Not very good. Find something better then redis + name: memelord-kkurval-redis +spec: + fields: + - fieldName: redis-password + length: "32" + encoding: hex + +--- +apiVersion: dragonflydb.io/v1alpha1 +kind: Dragonfly +metadata: + name: memelord-kkurval-redis +spec: + authentication: + passwordFromSecret: + name: memelord-kkurval-redis + key: redis-password + replicas: 1 + resources: + requests: + cpu: 500m + memory: 500Mi + limits: + cpu: 600m + memory: 750Mi + + + + + + + + +--- +apiVersion: secretgenerator.mittwald.de/v1alpha1 +kind: StringSecret +metadata: + name: memelord-kkurval-database + labels: + cnpg.io/reload: "true" +spec: + data: + username: memelord-kkurval + fields: + - fieldName: password + length: "32" + encoding: hex + +# For regular database data.. +--- +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: memelord-kkurval-database +spec: + instances: 1 + imageName: ghcr.io/cloudnative-pg/postgresql:17 + storage: + size: 1Gi + storageClass: postgres + affinity: + podAntiAffinityType: required + nodeSelector: + codemowers.io/lvm-ubuntu-vg: enterprise-ssd + resources: + requests: + cpu: "100m" + memory: "1Gi" + limits: + cpu: "1" + memory: "4Gi" + postgresql: + parameters: + max_connections: "300" + shared_buffers: "512MB" + effective_cache_size: "2GB" + managed: + roles: + - name: memelord-kkurval + ensure: present + login: true + passwordSecret: + name: memelord-kkurval-database + +--- +apiVersion: postgresql.cnpg.io/v1 +kind: Database +metadata: + name: memelord-kkurval +spec: + name: memelord-kkurval + owner: memelord-kkurval + cluster: + name: memelord-kkurval-database + + + + + + + +--- +apiVersion: s3.onyxia.sh/v1alpha1 +kind: Policy +metadata: + name: memelord-kkurval-policy +spec: + name: memelord-kkurval-policy + s3InstanceRef: minio/default + policyContent: >- + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:ListBucket", + "s3:GetObject", + "s3:PutObject" + ], + "Resource": [ + "arn:aws:s3:::memelord-kkurval", + "arn:aws:s3:::memelord-kkurval/*" + ] + } + ] + } + +--- +apiVersion: s3.onyxia.sh/v1alpha1 +kind: S3User +metadata: + name: memelord-kkurval-bucket +spec: + accessKey: memelord-kkurval-bucket # This is automatically created + policies: + - memelord-kkurval-policy + s3InstanceRef: minio/default + +--- +apiVersion: s3.onyxia.sh/v1alpha1 +kind: Bucket +metadata: + name: memelord-kkurval +spec: + name: memelord-kkurval + s3InstanceRef: minio/default + quota: + default: 100000000 + +# Minio is depricated. No sure what it is for... +# Maps key to file. Instead of filesystem and filename... + + + + + + + +# Mingi lampi app. Tee Kube deployment ja hiljem vaata kas on OK support. +# Conteiner READ only. Valideerib, et andmed pole lokaalselt salvestanud +# Ehk vaja uue appiga kohe laamendada, et on näha kas app salvestab andmeid korrektselt +# +--- +apiVersion: apps/v1 +kind: Deployment # Stateless rakenduste jaoks. Tõmbab enne uue üles kui vana maha läheb. No client impact +metadata: + name: memelord-kkurval-app +spec: + replicas: 1 + selector: + matchLabels: + app: memelord-kkurval-app + template: + metadata: + labels: + app: memelord-kkurval-app + spec: + # securityContext: + # runAsUser: 1000 # Adjust based on /etc/passwd output + # runAsGroup: 1000 # Adjust based on /etc/passwd output + # fsGroup: 1000 # Adjust based on /etc/passwd output + containers: + - name: memelord + image: ghcr.io/l4rm4nd/memelord:latest + imagePullPolicy: Always + # securityContext: + # readOnlyRootFilesystem: true + # allowPrivilegeEscalation: false + # runAsNonRoot: true + # capabilities: + # drop: + # - ALL + ports: + - name: http + containerPort: 8000 + # volumeMounts: + # - name: tmp + # mountPath: /tmp + # - name: logs + # mountPath: /opt/app/logs + # - name: cache + # mountPath: /var/cache + env: + - name: DOMAIN + value: "memelord-kkurval.ee-lte-1.codemowers.io" + + - name: DB_ENGINE + value: postgres + - name: POSTGRES_HOST + value: memelord-kkurval-database-rw + - name: POSTGRES_PORT + value: '5432' + - name: POSTGRES_DB + value: memelord-kkurval + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: memelord-kkurval-database + key: username + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: memelord-kkurval-database + key: password + - name: REDIS_HOST + value: memelord-kkurval-redis + - name: REDIS_PORT + value: '6379' + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: memelord-kkurval-redis + key: redis-password + - name: STORAGE_BACKEND + value: s3 + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: memelord-kkurval-bucket + key: accessKey + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: memelord-kkurval-bucket + key: secretKey + - name: AWS_STORAGE_BUCKET_NAME + value: memelord-kkurval + - name: AWS_S3_ENDPOINT_URL + value: https://minio.ee-lte-1.codemowers.io/ + - name: AWS_S3_REGION_NAME + value: ee-lte-1 + - name: DEBUG + value: "True" + - name: SECURE_COOKIES + value: "True" + # volumes: + # - name: tmp + # emptyDir: {} + # - name: logs + # emptyDir: {} + # - name: cache + # emptyDir: {} + + + + + +# For public access +--- +apiVersion: v1 +kind: Service +metadata: + name: memelord-kkurval-app +spec: + type: ClusterIP + selector: + app: memelord-kkurval-app + ports: + - name: http + port: 80 + targetPort: 8000 + +# Warning: spec.privateKey.rotationPolicy: In cert-manager >= v1.18.0, the default value changed from `Never` to `Always`. +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: memelord-kkurval +spec: + secretName: memelord-kkurval-tls + dnsNames: + - memelord-kkurval.ee-lte-1.codemowers.io + issuerRef: + name: letsencrypt + kind: ClusterIssuer + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: memelord-kkurval + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure +spec: + ingressClassName: traefik + rules: + - host: memelord-kkurval.ee-lte-1.codemowers.io + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: memelord-kkurval-app + port: + number: 80 + tls: + - secretName: memelord-kkurval-tls + + + + + + + + +# --- +# apiVersion: v1 +# kind: ConfigMap +# metadata: +# name: settings +# data: +# settings.py: | +# # kopipasteeri uuendatud sisu siia +# # võid proovida eemaldada ka üleliigse a'la Azure pläust +# # Pane kinni faili logimine \ No newline at end of file