# kubectl create namespace memelord-kkurval # kubectl diff -n memelord-kkurval -f memelord-kkurval.yaml # kubectl apply -n memelord-kkurval -f memelord-kkurval.yaml --- # For session info, fast database apiVersion: secretgenerator.mittwald.de/v1alpha1 kind: StringSecret metadata: # Not very good. Find something better then redis name: memelord-kkurval-redis spec: fields: - fieldName: redis-password length: "32" encoding: hex --- apiVersion: dragonflydb.io/v1alpha1 kind: Dragonfly metadata: name: memelord-kkurval-redis spec: authentication: passwordFromSecret: name: memelord-kkurval-redis key: redis-password replicas: 1 resources: requests: cpu: 500m memory: 500Mi limits: cpu: 600m memory: 750Mi --- apiVersion: secretgenerator.mittwald.de/v1alpha1 kind: StringSecret metadata: name: memelord-kkurval-database labels: cnpg.io/reload: "true" spec: data: username: memelord-kkurval fields: - fieldName: password length: "32" encoding: hex # For regular database data.. --- apiVersion: postgresql.cnpg.io/v1 kind: Cluster metadata: name: memelord-kkurval-database spec: instances: 1 imageName: ghcr.io/cloudnative-pg/postgresql:17 storage: size: 1Gi storageClass: postgres affinity: podAntiAffinityType: required nodeSelector: codemowers.io/lvm-ubuntu-vg: enterprise-ssd resources: requests: cpu: "100m" memory: "1Gi" limits: cpu: "1" memory: "4Gi" postgresql: parameters: max_connections: "300" shared_buffers: "512MB" effective_cache_size: "2GB" managed: roles: - name: memelord-kkurval ensure: present login: true passwordSecret: name: memelord-kkurval-database --- apiVersion: postgresql.cnpg.io/v1 kind: Database metadata: name: memelord-kkurval spec: name: memelord-kkurval owner: memelord-kkurval cluster: name: memelord-kkurval-database --- apiVersion: s3.onyxia.sh/v1alpha1 kind: Policy metadata: name: memelord-kkurval-policy spec: name: memelord-kkurval-policy s3InstanceRef: minio/default policyContent: >- { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::memelord-kkurval", "arn:aws:s3:::memelord-kkurval/*" ] } ] } --- apiVersion: s3.onyxia.sh/v1alpha1 kind: S3User metadata: name: memelord-kkurval-bucket spec: accessKey: memelord-kkurval-bucket # This is automatically created policies: - memelord-kkurval-policy s3InstanceRef: minio/default --- apiVersion: s3.onyxia.sh/v1alpha1 kind: Bucket metadata: name: memelord-kkurval spec: name: memelord-kkurval s3InstanceRef: minio/default quota: default: 100000000 # Minio is depricated. No sure what it is for... # Maps key to file. Instead of filesystem and filename... # Mingi lampi app. Tee Kube deployment ja hiljem vaata kas on OK support. # Conteiner READ only. Valideerib, et andmed pole lokaalselt salvestanud # Ehk vaja uue appiga kohe laamendada, et on näha kas app salvestab andmeid korrektselt # --- apiVersion: apps/v1 kind: Deployment # Stateless rakenduste jaoks. Tõmbab enne uue üles kui vana maha läheb. No client impact metadata: name: memelord-kkurval-app spec: replicas: 1 selector: matchLabels: app: memelord-kkurval-app template: metadata: labels: app: memelord-kkurval-app spec: # securityContext: # runAsUser: 1000 # Adjust based on /etc/passwd output # runAsGroup: 1000 # Adjust based on /etc/passwd output # fsGroup: 1000 # Adjust based on /etc/passwd output containers: - name: memelord image: ghcr.io/l4rm4nd/memelord:latest imagePullPolicy: Always # securityContext: # readOnlyRootFilesystem: true # allowPrivilegeEscalation: false # runAsNonRoot: true # capabilities: # drop: # - ALL ports: - name: http containerPort: 8000 # volumeMounts: # - name: tmp # mountPath: /tmp # - name: logs # mountPath: /opt/app/logs # - name: cache # mountPath: /var/cache env: - name: DOMAIN value: "memelord-kkurval.ee-lte-1.codemowers.io" - name: DB_ENGINE value: postgres - name: POSTGRES_HOST value: memelord-kkurval-database-rw - name: POSTGRES_PORT value: '5432' - name: POSTGRES_DB value: memelord-kkurval - name: POSTGRES_USER valueFrom: secretKeyRef: name: memelord-kkurval-database key: username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: memelord-kkurval-database key: password - name: REDIS_HOST value: memelord-kkurval-redis - name: REDIS_PORT value: '6379' - name: REDIS_PASSWORD valueFrom: secretKeyRef: name: memelord-kkurval-redis key: redis-password - name: STORAGE_BACKEND value: s3 - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: memelord-kkurval-bucket key: accessKey - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: memelord-kkurval-bucket key: secretKey - name: AWS_STORAGE_BUCKET_NAME value: memelord-kkurval - name: AWS_S3_ENDPOINT_URL value: https://minio.ee-lte-1.codemowers.io/ - name: AWS_S3_REGION_NAME value: ee-lte-1 - name: DEBUG value: "True" - name: SECURE_COOKIES value: "True" # volumes: # - name: tmp # emptyDir: {} # - name: logs # emptyDir: {} # - name: cache # emptyDir: {} # For public access --- apiVersion: v1 kind: Service metadata: name: memelord-kkurval-app spec: type: ClusterIP selector: app: memelord-kkurval-app ports: - name: http port: 80 targetPort: 8000 # Warning: spec.privateKey.rotationPolicy: In cert-manager >= v1.18.0, the default value changed from `Never` to `Always`. --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: memelord-kkurval spec: secretName: memelord-kkurval-tls dnsNames: - memelord-kkurval.ee-lte-1.codemowers.io issuerRef: name: letsencrypt kind: ClusterIssuer --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: memelord-kkurval annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure spec: ingressClassName: traefik rules: - host: memelord-kkurval.ee-lte-1.codemowers.io http: paths: - pathType: Prefix path: "/" backend: service: name: memelord-kkurval-app port: number: 80 tls: - secretName: memelord-kkurval-tls # --- # apiVersion: v1 # kind: ConfigMap # metadata: # name: settings # data: # settings.py: | # # kopipasteeri uuendatud sisu siia # # võid proovida eemaldada ka üleliigse a'la Azure pläust # # Pane kinni faili logimine