Move mc-invites config to main infra repo

configs/litestream/wlm.yml

@@ -0,0 +1,8 @@
+dbs:
+  - path: wlm/db.sqlite3
+    replicas:
+      - type:     sftp
+        host:     ${LITESTREAM_USERNAME}.your-storagebox.de
+        user:     ${LITESTREAM_USERNAME}
+        password: ${LITESTREAM_PASSWORD}
+        path:     /

rapps/registry.yml

@@ -13,8 +13,8 @@ spec:
       mountPath: "/var/lib/registry"
     resources:
       limits:
-        memory: "128Mi"
-        cpu: "500m"
+        memory: "256Mi"
+        cpu: "2"
       requests:
         memory: "64Mi"
         cpu: "100m"

rapps/vaultwarden.yml

@@ -1,12 +1,13 @@
 apiVersion: apps/v1
-kind: Deployment
+kind: StatefulSet
 metadata:
   name: vaultwarden
-  namespace: default
 spec:
   selector:
     matchLabels:
       app: vaultwarden
+  serviceName: vaultwarden
+  replicas: 1
   template:
     metadata:
       labels:
@@ -19,10 +20,6 @@ spec:
         - name: config
           configMap:
             name: vaultwarden
-        - name: data
-          persistentVolumeClaim:
-            claimName: vaultwarden-data
-
       initContainers:
         - name: init-litestream
           image: litestream/litestream:sha-565f7a4
@@ -55,15 +52,15 @@ spec:
           requests:
             memory: "64Mi"
             cpu: "100m"
+        ports:
+        - containerPort: 80
+          name: web
         volumeMounts:
         - name: data
           mountPath: /data
         - name: config
           mountPath: /data/config.json
           subPath: vaultwarden.json
-        ports:
-        - containerPort: 80
-
       - name: litestream
         image: litestream/litestream:sha-565f7a4
         args: ['replicate']
@@ -94,17 +91,15 @@ spec:
           requests:
             memory: "64Mi"
             cpu: "100m"
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: vaultwarden
-spec:
-  selector:
-    app: vaultwarden
-  ports:
-  - port: 80
-    targetPort: 80
+
+  volumeClaimTemplates:
+  - metadata:
+      name: data
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      resources:
+        requests:
+          storage: 1Gi
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

wlm/deployment.yml

@@ -0,0 +1,150 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mc-invites
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: mc-invites
+  serviceName: mc-invites
+  template:
+    metadata:
+      labels:
+        app: mc-invites
+    spec:
+      volumes:
+        - name: litestream-config
+          configMap:
+            name: litestream
+      initContainers:
+        - name: init-litestream
+          image: litestream/litestream:0.3.8
+          args: ['restore', '-if-db-not-exists', '-if-replica-exists', '-v', 'wlm/db.sqlite3']
+          volumeMounts:
+          - name: data
+            mountPath: /wlm
+          - name: litestream-config
+            mountPath: /etc/litestream.yml
+            subPath: litestream-config.yml
+          env:
+          - name: LITESTREAM_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: litestream
+                key: username
+          - name: LITESTREAM_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: litestream
+                key: password
+
+      containers:
+      - name: backend
+        image: icr.gmem.ca/wlm:latest
+        imagePullPolicy: Always
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "500m"
+          requests:
+            memory: "64Mi"
+            cpu: "100m"
+        volumeMounts:
+        - name: data
+          mountPath: /wlm
+        env:
+          - name: WLM_DATABASE_PATH
+            value: "/wlm/db.sqlite3"
+          - name: AZURE_OAUTH_CLIENT_ID
+            valueFrom:
+              secretKeyRef:
+                name: mc-invites-oauth
+                key: client-id
+                optional: false
+          - name: AZURE_OAUTH_CLIENT_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: mc-invites-oauth
+                key: client-secret
+                optional: false
+        ports:
+        - containerPort: 8080
+
+      - name: litestream
+        image: litestream/litestream:0.3.8
+        args: ['replicate']
+        volumeMounts:
+        - name: data
+          mountPath: /data
+        - name: litestream-config
+          mountPath: /etc/litestream.yml
+          subPath: litestream-config.yml
+        env:
+        - name: LITESTREAM_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: litestream
+              key: username
+        - name: LITESTREAM_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: litestream
+              key: password
+        ports:
+        - name: metrics
+          containerPort: 9090
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "500m"
+          requests:
+            memory: "64Mi"
+            cpu: "100m"
+  volumeClaimTemplates:
+  - metadata:
+      name: data
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      resources:
+        requests:
+          storage: 2Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mc-invites-frontend
+spec:
+  selector:
+    matchLabels:
+      app: mc-invites-frontend
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: mc-invites-frontend
+    spec:
+      containers:
+      - name: frontend
+        image: icr.gmem.ca/wlm-svelte:latest
+        imagePullPolicy: Always
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "500m"
+          requests:
+            memory: "64Mi"
+            cpu: "100m"
+        ports:
+        - containerPort: 3000
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mc-invites-frontend
+spec:
+  selector:
+    app: mc-invites-frontend
+  ports:
+  - port: 3000
+    targetPort: 3000

wlm/ingress.yml

@@ -0,0 +1,31 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: mc-inv-ingress
+  annotations:
+    cert-manager.io/issuer: "letsencrypt-prod"
+  namespace: default
+
+spec:
+  tls:
+  - hosts:
+    - mc.gmem.ca
+    secretName: mc-inv-tls
+  rules:
+    - host: mc.gmem.ca
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name:  mc-invites-frontend
+                port:
+                  number: 3000
+          - path: /api
+            pathType: Prefix
+            backend:
+              service:
+                name:  mc-invites
+                port:
+                  number: 8080

wlm/issuer.yml

@@ -0,0 +1,20 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-prod
+  namespace: default
+
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: mc-invites@gmem.ca
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-pro
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    - http01:
+        ingress:
+          class: traefik

wlm/service.yml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mc-invites
+  namespace: default
+
+spec:
+  selector:
+    app: mc-invites
+  ports:
+  - port: 8080
+    targetPort: 8080
+    name: api
+  - port: 80
+    targetPort: 3000
+    name: frontend

wlm/statefulset.yml

@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mystatefulset
+spec:
+  selector:
+    matchLabels:
+      app: myapp
+  serviceName: <ServiceName>
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: myapp
+    spec:
+      containers:
+      - name: myapp
+        image: k8s.gcr.io/nginx-slim:0.8
+        ports:
+        - containerPort: 80
+          name: web
+        volumeMounts:
+        - name: www
+          mountPath: /usr/share/nginx/html
+  volumeClaimTemplates:
+  - metadata:
+      name: www
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      resources:
+        requests:
+          storage: 1Gi