348 lines
7.7 KiB
YAML
348 lines
7.7 KiB
YAML
# kubectl create namespace memelord-kkurval
|
|
# kubectl diff -n memelord-kkurval -f memelord-kkurval.yaml
|
|
# kubectl apply -n memelord-kkurval -f memelord-kkurval.yaml
|
|
|
|
|
|
---
|
|
# For session info, fast database
|
|
apiVersion: secretgenerator.mittwald.de/v1alpha1
|
|
kind: StringSecret
|
|
metadata:
|
|
# Not very good. Find something better then redis
|
|
name: memelord-kkurval-redis
|
|
spec:
|
|
fields:
|
|
- fieldName: redis-password
|
|
length: "32"
|
|
encoding: hex
|
|
|
|
---
|
|
apiVersion: dragonflydb.io/v1alpha1
|
|
kind: Dragonfly
|
|
metadata:
|
|
name: memelord-kkurval-redis
|
|
spec:
|
|
authentication:
|
|
passwordFromSecret:
|
|
name: memelord-kkurval-redis
|
|
key: redis-password
|
|
replicas: 1
|
|
resources:
|
|
requests:
|
|
cpu: 500m
|
|
memory: 500Mi
|
|
limits:
|
|
cpu: 600m
|
|
memory: 750Mi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
apiVersion: secretgenerator.mittwald.de/v1alpha1
|
|
kind: StringSecret
|
|
metadata:
|
|
name: memelord-kkurval-database
|
|
labels:
|
|
cnpg.io/reload: "true"
|
|
spec:
|
|
data:
|
|
username: memelord-kkurval
|
|
fields:
|
|
- fieldName: password
|
|
length: "32"
|
|
encoding: hex
|
|
|
|
# For regular database data..
|
|
---
|
|
apiVersion: postgresql.cnpg.io/v1
|
|
kind: Cluster
|
|
metadata:
|
|
name: memelord-kkurval-database
|
|
spec:
|
|
instances: 1
|
|
imageName: ghcr.io/cloudnative-pg/postgresql:17
|
|
storage:
|
|
size: 1Gi
|
|
storageClass: postgres
|
|
affinity:
|
|
podAntiAffinityType: required
|
|
nodeSelector:
|
|
codemowers.io/lvm-ubuntu-vg: enterprise-ssd
|
|
resources:
|
|
requests:
|
|
cpu: "100m"
|
|
memory: "1Gi"
|
|
limits:
|
|
cpu: "1"
|
|
memory: "4Gi"
|
|
postgresql:
|
|
parameters:
|
|
max_connections: "300"
|
|
shared_buffers: "512MB"
|
|
effective_cache_size: "2GB"
|
|
managed:
|
|
roles:
|
|
- name: memelord-kkurval
|
|
ensure: present
|
|
login: true
|
|
passwordSecret:
|
|
name: memelord-kkurval-database
|
|
|
|
---
|
|
apiVersion: postgresql.cnpg.io/v1
|
|
kind: Database
|
|
metadata:
|
|
name: memelord-kkurval
|
|
spec:
|
|
name: memelord-kkurval
|
|
owner: memelord-kkurval
|
|
cluster:
|
|
name: memelord-kkurval-database
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
apiVersion: s3.onyxia.sh/v1alpha1
|
|
kind: Policy
|
|
metadata:
|
|
name: memelord-kkurval-policy
|
|
spec:
|
|
name: memelord-kkurval-policy
|
|
s3InstanceRef: minio/default
|
|
policyContent: >-
|
|
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"s3:ListBucket",
|
|
"s3:GetObject",
|
|
"s3:PutObject"
|
|
],
|
|
"Resource": [
|
|
"arn:aws:s3:::memelord-kkurval",
|
|
"arn:aws:s3:::memelord-kkurval/*"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
|
|
---
|
|
apiVersion: s3.onyxia.sh/v1alpha1
|
|
kind: S3User
|
|
metadata:
|
|
name: memelord-kkurval-bucket
|
|
spec:
|
|
accessKey: memelord-kkurval-bucket # This is automatically created
|
|
policies:
|
|
- memelord-kkurval-policy
|
|
s3InstanceRef: minio/default
|
|
|
|
---
|
|
apiVersion: s3.onyxia.sh/v1alpha1
|
|
kind: Bucket
|
|
metadata:
|
|
name: memelord-kkurval
|
|
spec:
|
|
name: memelord-kkurval
|
|
s3InstanceRef: minio/default
|
|
quota:
|
|
default: 100000000
|
|
|
|
# Minio is depricated. No sure what it is for...
|
|
# Maps key to file. Instead of filesystem and filename...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Mingi lampi app. Tee Kube deployment ja hiljem vaata kas on OK support.
|
|
# Conteiner READ only. Valideerib, et andmed pole lokaalselt salvestanud
|
|
# Ehk vaja uue appiga kohe laamendada, et on näha kas app salvestab andmeid korrektselt
|
|
#
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment # Stateless rakenduste jaoks. Tõmbab enne uue üles kui vana maha läheb. No client impact
|
|
metadata:
|
|
name: memelord-kkurval-app
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: memelord-kkurval-app
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: memelord-kkurval-app
|
|
spec:
|
|
# securityContext:
|
|
# runAsUser: 1000 # Adjust based on /etc/passwd output
|
|
# runAsGroup: 1000 # Adjust based on /etc/passwd output
|
|
# fsGroup: 1000 # Adjust based on /etc/passwd output
|
|
containers:
|
|
- name: memelord
|
|
image: ghcr.io/l4rm4nd/memelord:latest
|
|
imagePullPolicy: Always
|
|
# securityContext:
|
|
# readOnlyRootFilesystem: true
|
|
# allowPrivilegeEscalation: false
|
|
# runAsNonRoot: true
|
|
# capabilities:
|
|
# drop:
|
|
# - ALL
|
|
ports:
|
|
- name: http
|
|
containerPort: 8000
|
|
# volumeMounts:
|
|
# - name: tmp
|
|
# mountPath: /tmp
|
|
# - name: logs
|
|
# mountPath: /opt/app/logs
|
|
# - name: cache
|
|
# mountPath: /var/cache
|
|
env:
|
|
- name: DOMAIN
|
|
value: "memelord-kkurval.ee-lte-1.codemowers.io"
|
|
|
|
- name: DB_ENGINE
|
|
value: postgres
|
|
- name: POSTGRES_HOST
|
|
value: memelord-kkurval-database-rw
|
|
- name: POSTGRES_PORT
|
|
value: '5432'
|
|
- name: POSTGRES_DB
|
|
value: memelord-kkurval
|
|
- name: POSTGRES_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: memelord-kkurval-database
|
|
key: username
|
|
- name: POSTGRES_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: memelord-kkurval-database
|
|
key: password
|
|
- name: REDIS_HOST
|
|
value: memelord-kkurval-redis
|
|
- name: REDIS_PORT
|
|
value: '6379'
|
|
- name: REDIS_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: memelord-kkurval-redis
|
|
key: redis-password
|
|
- name: STORAGE_BACKEND
|
|
value: s3
|
|
- name: AWS_ACCESS_KEY_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: memelord-kkurval-bucket
|
|
key: accessKey
|
|
- name: AWS_SECRET_ACCESS_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: memelord-kkurval-bucket
|
|
key: secretKey
|
|
- name: AWS_STORAGE_BUCKET_NAME
|
|
value: memelord-kkurval
|
|
- name: AWS_S3_ENDPOINT_URL
|
|
value: https://minio.ee-lte-1.codemowers.io/
|
|
- name: AWS_S3_REGION_NAME
|
|
value: ee-lte-1
|
|
- name: DEBUG
|
|
value: "True"
|
|
- name: SECURE_COOKIES
|
|
value: "True"
|
|
# volumes:
|
|
# - name: tmp
|
|
# emptyDir: {}
|
|
# - name: logs
|
|
# emptyDir: {}
|
|
# - name: cache
|
|
# emptyDir: {}
|
|
|
|
|
|
|
|
|
|
|
|
# For public access
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: memelord-kkurval-app
|
|
spec:
|
|
type: ClusterIP
|
|
selector:
|
|
app: memelord-kkurval-app
|
|
ports:
|
|
- name: http
|
|
port: 80
|
|
targetPort: 8000
|
|
|
|
# Warning: spec.privateKey.rotationPolicy: In cert-manager >= v1.18.0, the default value changed from `Never` to `Always`.
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: memelord-kkurval
|
|
spec:
|
|
secretName: memelord-kkurval-tls
|
|
dnsNames:
|
|
- memelord-kkurval.ee-lte-1.codemowers.io
|
|
issuerRef:
|
|
name: letsencrypt
|
|
kind: ClusterIssuer
|
|
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: memelord-kkurval
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
spec:
|
|
ingressClassName: traefik
|
|
rules:
|
|
- host: memelord-kkurval.ee-lte-1.codemowers.io
|
|
http:
|
|
paths:
|
|
- pathType: Prefix
|
|
path: "/"
|
|
backend:
|
|
service:
|
|
name: memelord-kkurval-app
|
|
port:
|
|
number: 80
|
|
tls:
|
|
- secretName: memelord-kkurval-tls
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# ---
|
|
# apiVersion: v1
|
|
# kind: ConfigMap
|
|
# metadata:
|
|
# name: settings
|
|
# data:
|
|
# settings.py: |
|
|
# # kopipasteeri uuendatud sisu siia
|
|
# # võid proovida eemaldada ka üleliigse a'la Azure pläust
|
|
# # Pane kinni faili logimine |