From e45902803554d6eaed0ef8b72b3ee4762aada040 Mon Sep 17 00:00:00 2001 From: salasource Date: Mon, 16 Feb 2026 15:49:54 +0200 Subject: [PATCH] help --- Chart.yaml | 3 + LICENSE | 190 ++++++++++++++++ README.md | 2 + templates/cert-grafana.yaml | 49 ++++ templates/cert.yaml | 47 ++++ templates/grafana.yaml | 440 ++++++++++++++++++++++++++++++++++++ templates/memelord.yaml | 150 ++++++++++++ templates/pornhub.yaml | 13 ++ templates/postgre.yaml | 58 +++++ templates/redis.yaml | 28 +++ templates/s3.yaml | 48 ++++ values.yaml | 2 + 12 files changed, 1030 insertions(+) create mode 100644 Chart.yaml create mode 100644 LICENSE create mode 100644 templates/cert-grafana.yaml create mode 100644 templates/cert.yaml create mode 100644 templates/grafana.yaml create mode 100644 templates/memelord.yaml create mode 100644 templates/pornhub.yaml create mode 100644 templates/postgre.yaml create mode 100644 templates/redis.yaml create mode 100644 templates/s3.yaml create mode 100644 values.yaml diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..47546c6 --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,3 @@ +name: memelord +version: 1.0.0 + diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..6d8cea4 --- /dev/null +++ b/LICENSE @@ -0,0 +1,190 @@ +EUROPEAN UNION PUBLIC LICENCE v. 1.2 +EUPL © the European Union 2007, 2016 + +This European Union Public Licence (the ‘EUPL’) applies to the Work (as defined below) which is provided under the +terms of this Licence. Any use of the Work, other than as authorised under this Licence is prohibited (to the extent such +use is covered by a right of the copyright holder of the Work). +The Work is provided under the terms of this Licence when the Licensor (as defined below) has placed the following +notice immediately following the copyright notice for the Work: + Licensed under the EUPL +or has expressed by any other means his willingness to license under the EUPL. + +1.Definitions +In this Licence, the following terms have the following meaning: +— ‘The Licence’:this Licence. +— ‘The Original Work’:the work or software distributed or communicated by the Licensor under this Licence, available +as Source Code and also as Executable Code as the case may be. +— ‘Derivative Works’:the works or software that could be created by the Licensee, based upon the Original Work or +modifications thereof. This Licence does not define the extent of modification or dependence on the Original Work +required in order to classify a work as a Derivative Work; this extent is determined by copyright law applicable in +the country mentioned in Article 15. +— ‘The Work’:the Original Work or its Derivative Works. +— ‘The Source Code’:the human-readable form of the Work which is the most convenient for people to study and +modify. +— ‘The Executable Code’:any code which has generally been compiled and which is meant to be interpreted by +a computer as a program. +— ‘The Licensor’:the natural or legal person that distributes or communicates the Work under the Licence. +— ‘Contributor(s)’:any natural or legal person who modifies the Work under the Licence, or otherwise contributes to +the creation of a Derivative Work. +— ‘The Licensee’ or ‘You’:any natural or legal person who makes any usage of the Work under the terms of the +Licence. +— ‘Distribution’ or ‘Communication’:any act of selling, giving, lending, renting, distributing, communicating, +transmitting, or otherwise making available, online or offline, copies of the Work or providing access to its essential +functionalities at the disposal of any other natural or legal person. + +2.Scope of the rights granted by the Licence +The Licensor hereby grants You a worldwide, royalty-free, non-exclusive, sublicensable licence to do the following, for +the duration of copyright vested in the Original Work: +— use the Work in any circumstance and for all usage, +— reproduce the Work, +— modify the Work, and make Derivative Works based upon the Work, +— communicate to the public, including the right to make available or display the Work or copies thereof to the public +and perform publicly, as the case may be, the Work, +— distribute the Work or copies thereof, +— lend and rent the Work or copies thereof, +— sublicense rights in the Work or copies thereof. +Those rights can be exercised on any media, supports and formats, whether now known or later invented, as far as the +applicable law permits so. +In the countries where moral rights apply, the Licensor waives his right to exercise his moral right to the extent allowed +by law in order to make effective the licence of the economic rights here above listed. +The Licensor grants to the Licensee royalty-free, non-exclusive usage rights to any patents held by the Licensor, to the +extent necessary to make use of the rights granted on the Work under this Licence. + +3.Communication of the Source Code +The Licensor may provide the Work either in its Source Code form, or as Executable Code. If the Work is provided as +Executable Code, the Licensor provides in addition a machine-readable copy of the Source Code of the Work along with +each copy of the Work that the Licensor distributes or indicates, in a notice following the copyright notice attached to +the Work, a repository where the Source Code is easily and freely accessible for as long as the Licensor continues to +distribute or communicate the Work. + +4.Limitations on copyright +Nothing in this Licence is intended to deprive the Licensee of the benefits from any exception or limitation to the +exclusive rights of the rights owners in the Work, of the exhaustion of those rights or of other applicable limitations +thereto. + +5.Obligations of the Licensee +The grant of the rights mentioned above is subject to some restrictions and obligations imposed on the Licensee. Those +obligations are the following: + +Attribution right: The Licensee shall keep intact all copyright, patent or trademarks notices and all notices that refer to +the Licence and to the disclaimer of warranties. The Licensee must include a copy of such notices and a copy of the +Licence with every copy of the Work he/she distributes or communicates. The Licensee must cause any Derivative Work +to carry prominent notices stating that the Work has been modified and the date of modification. + +Copyleft clause: If the Licensee distributes or communicates copies of the Original Works or Derivative Works, this +Distribution or Communication will be done under the terms of this Licence or of a later version of this Licence unless +the Original Work is expressly distributed only under this version of the Licence — for example by communicating +‘EUPL v. 1.2 only’. The Licensee (becoming Licensor) cannot offer or impose any additional terms or conditions on the +Work or Derivative Work that alter or restrict the terms of the Licence. + +Compatibility clause: If the Licensee Distributes or Communicates Derivative Works or copies thereof based upon both +the Work and another work licensed under a Compatible Licence, this Distribution or Communication can be done +under the terms of this Compatible Licence. For the sake of this clause, ‘Compatible Licence’ refers to the licences listed +in the appendix attached to this Licence. Should the Licensee's obligations under the Compatible Licence conflict with +his/her obligations under this Licence, the obligations of the Compatible Licence shall prevail. + +Provision of Source Code: When distributing or communicating copies of the Work, the Licensee will provide +a machine-readable copy of the Source Code or indicate a repository where this Source will be easily and freely available +for as long as the Licensee continues to distribute or communicate the Work. +Legal Protection: This Licence does not grant permission to use the trade names, trademarks, service marks, or names +of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and +reproducing the content of the copyright notice. + +6.Chain of Authorship +The original Licensor warrants that the copyright in the Original Work granted hereunder is owned by him/her or +licensed to him/her and that he/she has the power and authority to grant the Licence. +Each Contributor warrants that the copyright in the modifications he/she brings to the Work are owned by him/her or +licensed to him/her and that he/she has the power and authority to grant the Licence. +Each time You accept the Licence, the original Licensor and subsequent Contributors grant You a licence to their contributions +to the Work, under the terms of this Licence. + +7.Disclaimer of Warranty +The Work is a work in progress, which is continuously improved by numerous Contributors. It is not a finished work +and may therefore contain defects or ‘bugs’ inherent to this type of development. +For the above reason, the Work is provided under the Licence on an ‘as is’ basis and without warranties of any kind +concerning the Work, including without limitation merchantability, fitness for a particular purpose, absence of defects or +errors, accuracy, non-infringement of intellectual property rights other than copyright as stated in Article 6 of this +Licence. +This disclaimer of warranty is an essential part of the Licence and a condition for the grant of any rights to the Work. + +8.Disclaimer of Liability +Except in the cases of wilful misconduct or damages directly caused to natural persons, the Licensor will in no event be +liable for any direct or indirect, material or moral, damages of any kind, arising out of the Licence or of the use of the +Work, including without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, loss +of data or any commercial damage, even if the Licensor has been advised of the possibility of such damage. However, +the Licensor will be liable under statutory product liability laws as far such laws apply to the Work. + +9.Additional agreements +While distributing the Work, You may choose to conclude an additional agreement, defining obligations or services +consistent with this Licence. However, if accepting obligations, You may act only on your own behalf and on your sole +responsibility, not on behalf of the original Licensor or any other Contributor, and only if You agree to indemnify, +defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against such Contributor by +the fact You have accepted any warranty or additional liability. + +10.Acceptance of the Licence +The provisions of this Licence can be accepted by clicking on an icon ‘I agree’ placed under the bottom of a window +displaying the text of this Licence or by affirming consent in any other similar way, in accordance with the rules of +applicable law. Clicking on that icon indicates your clear and irrevocable acceptance of this Licence and all of its terms +and conditions. +Similarly, you irrevocably accept this Licence and all of its terms and conditions by exercising any rights granted to You +by Article 2 of this Licence, such as the use of the Work, the creation by You of a Derivative Work or the Distribution +or Communication by You of the Work or copies thereof. + +11.Information to the public +In case of any Distribution or Communication of the Work by means of electronic communication by You (for example, +by offering to download the Work from a remote location) the distribution channel or media (for example, a website) +must at least provide to the public the information requested by the applicable law regarding the Licensor, the Licence +and the way it may be accessible, concluded, stored and reproduced by the Licensee. + +12.Termination of the Licence +The Licence and the rights granted hereunder will terminate automatically upon any breach by the Licensee of the terms +of the Licence. +Such a termination will not terminate the licences of any person who has received the Work from the Licensee under +the Licence, provided such persons remain in full compliance with the Licence. + +13.Miscellaneous +Without prejudice of Article 9 above, the Licence represents the complete agreement between the Parties as to the +Work. +If any provision of the Licence is invalid or unenforceable under applicable law, this will not affect the validity or +enforceability of the Licence as a whole. Such provision will be construed or reformed so as necessary to make it valid +and enforceable. +The European Commission may publish other linguistic versions or new versions of this Licence or updated versions of +the Appendix, so far this is required and reasonable, without reducing the scope of the rights granted by the Licence. +New versions of the Licence will be published with a unique version number. +All linguistic versions of this Licence, approved by the European Commission, have identical value. Parties can take +advantage of the linguistic version of their choice. + +14.Jurisdiction +Without prejudice to specific agreement between parties, +— any litigation resulting from the interpretation of this License, arising between the European Union institutions, +bodies, offices or agencies, as a Licensor, and any Licensee, will be subject to the jurisdiction of the Court of Justice +of the European Union, as laid down in article 272 of the Treaty on the Functioning of the European Union, +— any litigation arising between other parties and resulting from the interpretation of this License, will be subject to +the exclusive jurisdiction of the competent court where the Licensor resides or conducts its primary business. + +15.Applicable Law +Without prejudice to specific agreement between parties, +— this Licence shall be governed by the law of the European Union Member State where the Licensor has his seat, +resides or has his registered office, +— this licence shall be governed by Belgian law if the Licensor has no seat, residence or registered office inside +a European Union Member State. + + + Appendix + +‘Compatible Licences’ according to Article 5 EUPL are: +— GNU General Public License (GPL) v. 2, v. 3 +— GNU Affero General Public License (AGPL) v. 3 +— Open Software License (OSL) v. 2.1, v. 3.0 +— Eclipse Public License (EPL) v. 1.0 +— CeCILL v. 2.0, v. 2.1 +— Mozilla Public Licence (MPL) v. 2 +— GNU Lesser General Public Licence (LGPL) v. 2.1, v. 3 +— Creative Commons Attribution-ShareAlike v. 3.0 Unported (CC BY-SA 3.0) for works other than software +— European Union Public Licence (EUPL) v. 1.1, v. 1.2 +— Québec Free and Open-Source Licence — Reciprocity (LiLiQ-R) or Strong Reciprocity (LiLiQ-R+). + +The European Commission may update this Appendix to later versions of the above licences without producing +a new version of the EUPL, as long as they provide the rights granted in Article 2 of this Licence and protect the +covered Source Code from exclusive appropriation. +All other changes or additions to this Appendix require the production of a new EUPL version. diff --git a/README.md b/README.md index e69de29..8fe0eb2 100644 --- a/README.md +++ b/README.md @@ -0,0 +1,2 @@ +# memelordz + diff --git a/templates/cert-grafana.yaml b/templates/cert-grafana.yaml new file mode 100644 index 0000000..0d1a8a0 --- /dev/null +++ b/templates/cert-grafana.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: grafana + labels: + app: grafana +spec: + type: ClusterIP + selector: + app: grafana + ports: + - name: http + port: 3000 + targetPort: 3000 +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: grafana +spec: + secretName: grafana-tls + dnsNames: + - grafana-sala.ee-lte-1.codemowers.io + issuerRef: + name: letsencrypt + kind: ClusterIssuer +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: grafana + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure +spec: + ingressClassName: traefik + rules: + - host: grafana-sala.ee-lte-1.codemowers.io + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: grafana + port: + number: 3000 + tls: + - secretName: grafana-tls diff --git a/templates/cert.yaml b/templates/cert.yaml new file mode 100644 index 0000000..a97178e --- /dev/null +++ b/templates/cert.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: memelord +spec: + type: ClusterIP + selector: + app: memelord + ports: + - name: http + port: 80 + targetPort: 8000 +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: memelord-sala +spec: + secretName: memelord-sala-tls + dnsNames: + - {{ .Values.hostname }} + issuerRef: + name: letsencrypt + kind: ClusterIssuer +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: memelord-sala + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure +spec: + ingressClassName: traefik + rules: + - host: {{ .Values.hostname }} + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: memelord + port: + number: 80 + tls: + - secretName: memelord-sala-tls diff --git a/templates/grafana.yaml b/templates/grafana.yaml new file mode 100644 index 0000000..6b5b855 --- /dev/null +++ b/templates/grafana.yaml @@ -0,0 +1,440 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: grafana + labels: + app: grafana +spec: + serviceName: grafana + replicas: 1 + selector: + matchLabels: + app: grafana + template: + metadata: + labels: + app: grafana + spec: + volumes: + - name: data + emptyDir: {} + - name: tmp + emptyDir: {} + - name: config + configMap: + name: grafana-config + - name: config-datasources + configMap: + name: grafana-config-datasources + - name: config-dashboards + configMap: + name: grafana-config-dashboards + - name: dashboards + configMap: + name: grafana-dashboards + containers: + - name: grafana + image: grafana/grafana:latest + imagePullPolicy: IfNotPresent + ports: + - containerPort: 3000 + name: http + env: + - name: GF_DATABASE_TYPE + value: sqlite3 + - name: GF_DATABASE_PATH + value: /var/lib/grafana/grafana.db + - name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID + valueFrom: + secretKeyRef: + name: oidc-client-grafana-owner-secrets + key: OIDC_CLIENT_ID + - name: GF_AUTH_GENERIC_OAUTH_SCOPES + valueFrom: + secretKeyRef: + name: oidc-client-grafana-owner-secrets + key: OIDC_AVAILABLE_SCOPES + - name: GF_AUTH_GENERIC_OAUTH_AUTH_URL + valueFrom: + secretKeyRef: + name: oidc-client-grafana-owner-secrets + key: OIDC_IDP_AUTH_URI + - name: GF_AUTH_GENERIC_OAUTH_TOKEN_URL + value: "https://auth.ee-lte-1.codemowers.io/token" + - name: GF_AUTH_GENERIC_OAUTH_API_URL + valueFrom: + secretKeyRef: + name: oidc-client-grafana-owner-secrets + key: OIDC_IDP_URI + - name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: oidc-client-grafana-owner-secrets + key: OIDC_CLIENT_SECRET + - name: GF_AUTH_GENERIC_OAUTH_USE_ID_TOKEN + value: "false" + - name: GF_SERVER_DOMAIN + value: grafana-sala.ee-lte-1.codemowers.io + - name: GF_SERVER_ROOT_URL + value: "https://%(domain)s/" + - name: GF_AUTH_OAUTH_ALLOW_INSECURE_EMAIL_LOOKUP + value: "true" + - name: GF_AUTH_BASIC_ENABLED + value: "false" + - name: GF_AUTH_GENERIC_OAUTH_ENABLED + value: "true" + - name: GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP + value: "true" + - name: GF_AUTH_GENERIC_OAUTH_USE_PKCE + value: "true" + - name: GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN + value: "true" + - name: GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION + value: "true" + - name: GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH + value: "contains(groups[*], 'github.com:codemowers:admins') && 'Admin' || 'Viewer'" + volumeMounts: + - name: grafana-storage + mountPath: /var/lib/grafana + - name: config-datasources + mountPath: /etc/grafana/provisioning/datasources + - name: config-dashboards + mountPath: /etc/grafana/provisioning/dashboards + - name: dashboards + mountPath: /var/lib/grafana/dashboards/ + readinessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 10 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 30 + periodSeconds: 10 + volumeClaimTemplates: + - metadata: + name: grafana-storage + spec: + accessModes: + - ReadWriteOnce + storageClassName: sqlite + resources: + requests: + storage: 5Gi +--- +apiVersion: codemowers.cloud/v1beta1 +kind: OIDCClient +metadata: + name: grafana + namespace: memelord-sala +spec: + displayName: Grafana sala + uri: https://grafana-sala.ee-lte-1.codemowers.io/login/generic_oauth + redirectUris: + - https://grafana-sala.ee-lte-1.codemowers.io/login/generic_oauth + grantTypes: + - authorization_code + - refresh_token + responseTypes: + - code + availableScopes: + - openid + - profile + - groups + pkce: true +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-config-datasources +data: + prometheus.yaml: | + apiVersion: 1 + prune: true + datasources: + - name: Prometheus + type: prometheus + orgId: 1 + url: http://prometheus-operated.monitoring.svc.cluster.local:9090 + version: 1 + editable: false + - name: Thanos + type: prometheus + orgId: 1 + url: http://thanos-query.monitoring.svc.cluster.local:10902 + version: 1 + editable: false + - name: Loki + type: loki + orgId: 1 + url: http://loki.monitoring.svc.cluster.local:3100 + version: 1 + editable: false +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-config-dashboards +data: + dashboards.yaml: | + apiVersion: 1 + providers: + - name: dashboards + orgId: 1 + folder: Dashboards + type: file + options: + path: /var/lib/grafana/dashboards/ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-dashboards +data: + LogAggregator.json: | + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 1, + "links": [], + "panels": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "opacity", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "msg/s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.2.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "direction": "backward", + "editorMode": "code", + "expr": "sum by (detected_level) (count_over_time ({app=~\"$app\",namespace=~\"$namespace\"}[1m]))", + "legendFormat": "{{detected_level}}", + "queryType": "range", + "refId": "A" + } + ], + "title": "Log records", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "h": 20, + "w": 24, + "x": 0, + "y": 8 + }, + "id": 1, + "options": { + "dedupStrategy": "none", + "enableInfiniteScrolling": false, + "enableLogDetails": true, + "prettifyLogMessage": true, + "showCommonLabels": true, + "showLabels": true, + "showTime": true, + "sortOrder": "Descending", + "wrapLogMessage": true + }, + "pluginVersion": "12.2.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "direction": "backward", + "editorMode": "code", + "expr": "{app=~\"$app\",namespace=~\"$namespace\"}", + "queryType": "range", + "refId": "A" + } + ], + "title": "Loki", + "type": "logs" + } + ], + "preload": false, + "refresh": "30s", + "schemaVersion": 42, + "tags": [], + "templating": { + "list": [ + { + "allValue": ".*", + "current": { + "text": "All", + "value": [ + "$__all" + ] + }, + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "definition": "", + "includeAll": true, + "multi": true, + "name": "app", + "options": [], + "query": { + "label": "app", + "refId": "LokiVariableQueryEditor-VariableQuery", + "stream": "", + "type": 1 + }, + "refresh": 1, + "regex": "", + "sort": 5, + "type": "query" + }, + { + "allValue": ".+", + "current": { + "text": "All", + "value": [ + "$__all" + ] + }, + "datasource": { + "type": "loki", + "uid": "P8E80F9AEF21F6940" + }, + "definition": "", + "includeAll": true, + "label": "namespace", + "multi": true, + "name": "namespace", + "options": [], + "query": { + "label": "namespace", + "refId": "LokiVariableQueryEditor-VariableQuery", + "stream": "", + "type": 1 + }, + "refresh": 1, + "regex": "", + "type": "query" + } + ] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": {}, + "timezone": "browser", + "title": "Log Aggregator", + "uid": "lawf6g2", + "version": 1 + } diff --git a/templates/memelord.yaml b/templates/memelord.yaml new file mode 100644 index 0000000..f938409 --- /dev/null +++ b/templates/memelord.yaml @@ -0,0 +1,150 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: memelord +spec: + replicas: 1 + selector: + matchLabels: + app: memelord + template: + metadata: + labels: + app: memelord + spec: + volumes: + - name: logs + emptyDir: {} + - name: admin + emptyDir: {} + + containers: + - name: memelord + image: ghcr.io/l4rm4nd/memelord:latest + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + runAsUser: 33 + runAsGroup: 33 + volumeMounts: + - name: logs + mountPath: /opt/app/logs + - name: admin + mountPath: /opt/app/myapp/static/admin + + ports: + - containerPort: 8000 + env: + # PostgreSQL credentials from secret + - name: DB_ENGINE + value: postgres + - name: DOMAIN + value: {{ .Values.hostname }} + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: memelord-sala-database + key: username + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: memelord-sala-database + key: password + - name: POSTGRES_DB + value: memelord-sala + - name: POSTGRES_HOST + value: memelord-sala-database-rw.memelord-sala.svc.cluster.local + - name: POSTGRES_PORT + value: "5432" + + # Redis password + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: memelord-sala-redis + key: redis-password + + - name: STORAGE_BACKEND + value: s3 + - name: AWS_S3_ENDPOINT_URL + value: https://minio.ee-lte-1.codemowers.io/ + - name: AWS_S3_REGION_NAME + value: ee-lte-1 + - name: AWS_S3_ADDRESSING_STYLE + value: path + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: memelord-sala-bucket + key: accessKey + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: memelord-sala-bucket + key: secretKey + - name: AWS_STORAGE_BUCKET_NAME + value: memelord-sala + - name: ENABLE_PUBLIC_FEED + value: "True" + - name: OIDC_ENABLED + value: "True" + - name: OIDC_RP_SIGN_ALGO + valueFrom: + secretKeyRef: + name: oidc-client-memelord-sala-owner-secrets + key: OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG + - name: OIDC_OP_JWKS_ENDPOINT + value: https://auth.ee-lte-1.codemowers.io/jwks + - name: OIDC_RP_CLIENT_ID + valueFrom: + secretKeyRef: + name: oidc-client-memelord-sala-owner-secrets + key: OIDC_CLIENT_ID + - name: OIDC_RP_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: oidc-client-memelord-sala-owner-secrets + key: OIDC_CLIENT_SECRET + - name: OIDC_OP_AUTHORIZATION_ENDPOINT + valueFrom: + secretKeyRef: + name: oidc-client-memelord-sala-owner-secrets + key: OIDC_IDP_AUTH_URI + - name: OIDC_OP_TOKEN_ENDPOINT + valueFrom: + secretKeyRef: + name: oidc-client-memelord-sala-owner-secrets + key: OIDC_IDP_TOKEN_URI + - name: OIDC_OP_USER_ENDPOINT + valueFrom: + secretKeyRef: + name: oidc-client-memelord-sala-owner-secrets + key: OIDC_IDP_USERINFO_URI + - name: SESSION_COOKIE_AGE + value: "30" + - name: SESSION_EXPIRE_AT_BROWSER_CLOSE + value: "False" + - name: TZ + value: "Europe/Berlin" + +--- +apiVersion: codemowers.cloud/v1beta1 +kind: OIDCClient +metadata: + name: memelord-sala +spec: + displayName: Memelord sala + uri: https://{{ .Values.hostname }}/ + redirectUris: + - https://{{ .Values.hostname }}/oidc/callback/ + grantTypes: + - authorization_code + - refresh_token + responseTypes: + - code + availableScopes: + - openid + - profile + pkce: false + diff --git a/templates/pornhub.yaml b/templates/pornhub.yaml new file mode 100644 index 0000000..6e286b0 --- /dev/null +++ b/templates/pornhub.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: monitoring.coreos.com/v1 +kind: Probe +metadata: + name: raivo-probe +spec: + module: http_2xx + prober: + url: blackbox-exporter.monitoring.svc.cluster.local + targets: + staticConfig: + static: + - raivo.ooo diff --git a/templates/postgre.yaml b/templates/postgre.yaml new file mode 100644 index 0000000..7db1ee5 --- /dev/null +++ b/templates/postgre.yaml @@ -0,0 +1,58 @@ +--- +apiVersion: secretgenerator.mittwald.de/v1alpha1 +kind: StringSecret +metadata: + name: memelord-sala-database + labels: + cnpg.io/reload: "true" +spec: + data: + username: memelord-sala + fields: + - fieldName: password + length: "32" + encoding: hex +--- +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: memelord-sala-database +spec: + instances: 1 + imageName: ghcr.io/cloudnative-pg/postgresql:17 + storage: + size: 1Gi + storageClass: postgres + affinity: + podAntiAffinityType: required + nodeSelector: + codemowers.io/lvm-ubuntu-vg: enterprise-ssd + resources: + requests: + cpu: "100m" + memory: "1Gi" + limits: + cpu: "1" + memory: "4Gi" + postgresql: + parameters: + max_connections: "300" + shared_buffers: "512MB" + effective_cache_size: "2GB" + managed: + roles: + - name: memelord-sala + ensure: present + login: true + passwordSecret: + name: memelord-sala-database +--- +apiVersion: postgresql.cnpg.io/v1 +kind: Database +metadata: + name: memelord-sala +spec: + name: memelord-sala + owner: memelord-sala + cluster: + name: memelord-sala-database diff --git a/templates/redis.yaml b/templates/redis.yaml new file mode 100644 index 0000000..8ac95e0 --- /dev/null +++ b/templates/redis.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: secretgenerator.mittwald.de/v1alpha1 +kind: StringSecret +metadata: + name: memelord-sala-redis +spec: + fields: + - fieldName: redis-password + length: "32" + encoding: hex +--- +apiVersion: dragonflydb.io/v1alpha1 +kind: Dragonfly +metadata: + name: memelord-sala-redis +spec: + authentication: + passwordFromSecret: + name: memelord-sala-redis + key: redis-password + replicas: 1 + resources: + requests: + cpu: 500m + memory: 500Mi + limits: + cpu: 600m + memory: 750Mi diff --git a/templates/s3.yaml b/templates/s3.yaml new file mode 100644 index 0000000..5d5703f --- /dev/null +++ b/templates/s3.yaml @@ -0,0 +1,48 @@ +--- +apiVersion: s3.onyxia.sh/v1alpha1 +kind: Policy +metadata: + name: memelord-sala-policy +spec: + name: memelord-sala-policy + s3InstanceRef: minio/default + policyContent: >- + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:ListBucket", + "s3:GetObject", + "s3:PutObject" + ], + "Resource": [ + "arn:aws:s3:::memelord-sala", + "arn:aws:s3:::memelord-sala/*" + ] + } + ] + } +--- +apiVersion: s3.onyxia.sh/v1alpha1 +kind: S3User +metadata: + name: memelord-sala-bucket +spec: + accessKey: memelord-sala-bucket # This is automatically created + policies: + - memelord-sala-policy + s3InstanceRef: minio/default +--- +apiVersion: s3.onyxia.sh/v1alpha1 +kind: Bucket +metadata: + name: memelord-sala +spec: + name: memelord-sala + s3InstanceRef: minio/default + quota: + default: 100000000 + + diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..c3f04e5 --- /dev/null +++ b/values.yaml @@ -0,0 +1,2 @@ +hostname: memelord-sala +