Move mc-invites config to main infra repo
This commit is contained in:
parent
e5e4c83f81
commit
ac68724a9b
8
configs/litestream/wlm.yml
Normal file
8
configs/litestream/wlm.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
dbs:
|
||||||
|
- path: wlm/db.sqlite3
|
||||||
|
replicas:
|
||||||
|
- type: sftp
|
||||||
|
host: ${LITESTREAM_USERNAME}.your-storagebox.de
|
||||||
|
user: ${LITESTREAM_USERNAME}
|
||||||
|
password: ${LITESTREAM_PASSWORD}
|
||||||
|
path: /
|
|
@ -13,8 +13,8 @@ spec:
|
||||||
mountPath: "/var/lib/registry"
|
mountPath: "/var/lib/registry"
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
memory: "128Mi"
|
memory: "256Mi"
|
||||||
cpu: "500m"
|
cpu: "2"
|
||||||
requests:
|
requests:
|
||||||
memory: "64Mi"
|
memory: "64Mi"
|
||||||
cpu: "100m"
|
cpu: "100m"
|
||||||
|
|
|
@ -1,12 +1,13 @@
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: StatefulSet
|
||||||
metadata:
|
metadata:
|
||||||
name: vaultwarden
|
name: vaultwarden
|
||||||
namespace: default
|
|
||||||
spec:
|
spec:
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app: vaultwarden
|
app: vaultwarden
|
||||||
|
serviceName: vaultwarden
|
||||||
|
replicas: 1
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
|
@ -19,10 +20,6 @@ spec:
|
||||||
- name: config
|
- name: config
|
||||||
configMap:
|
configMap:
|
||||||
name: vaultwarden
|
name: vaultwarden
|
||||||
- name: data
|
|
||||||
persistentVolumeClaim:
|
|
||||||
claimName: vaultwarden-data
|
|
||||||
|
|
||||||
initContainers:
|
initContainers:
|
||||||
- name: init-litestream
|
- name: init-litestream
|
||||||
image: litestream/litestream:sha-565f7a4
|
image: litestream/litestream:sha-565f7a4
|
||||||
|
@ -55,15 +52,15 @@ spec:
|
||||||
requests:
|
requests:
|
||||||
memory: "64Mi"
|
memory: "64Mi"
|
||||||
cpu: "100m"
|
cpu: "100m"
|
||||||
|
ports:
|
||||||
|
- containerPort: 80
|
||||||
|
name: web
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: data
|
- name: data
|
||||||
mountPath: /data
|
mountPath: /data
|
||||||
- name: config
|
- name: config
|
||||||
mountPath: /data/config.json
|
mountPath: /data/config.json
|
||||||
subPath: vaultwarden.json
|
subPath: vaultwarden.json
|
||||||
ports:
|
|
||||||
- containerPort: 80
|
|
||||||
|
|
||||||
- name: litestream
|
- name: litestream
|
||||||
image: litestream/litestream:sha-565f7a4
|
image: litestream/litestream:sha-565f7a4
|
||||||
args: ['replicate']
|
args: ['replicate']
|
||||||
|
@ -94,17 +91,15 @@ spec:
|
||||||
requests:
|
requests:
|
||||||
memory: "64Mi"
|
memory: "64Mi"
|
||||||
cpu: "100m"
|
cpu: "100m"
|
||||||
---
|
|
||||||
apiVersion: v1
|
volumeClaimTemplates:
|
||||||
kind: Service
|
- metadata:
|
||||||
metadata:
|
name: data
|
||||||
name: vaultwarden
|
spec:
|
||||||
spec:
|
accessModes: [ "ReadWriteOnce" ]
|
||||||
selector:
|
resources:
|
||||||
app: vaultwarden
|
requests:
|
||||||
ports:
|
storage: 1Gi
|
||||||
- port: 80
|
|
||||||
targetPort: 80
|
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: PersistentVolumeClaim
|
kind: PersistentVolumeClaim
|
||||||
|
|
150
wlm/deployment.yml
Normal file
150
wlm/deployment.yml
Normal file
|
@ -0,0 +1,150 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: StatefulSet
|
||||||
|
metadata:
|
||||||
|
name: mc-invites
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: mc-invites
|
||||||
|
serviceName: mc-invites
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: mc-invites
|
||||||
|
spec:
|
||||||
|
volumes:
|
||||||
|
- name: litestream-config
|
||||||
|
configMap:
|
||||||
|
name: litestream
|
||||||
|
initContainers:
|
||||||
|
- name: init-litestream
|
||||||
|
image: litestream/litestream:0.3.8
|
||||||
|
args: ['restore', '-if-db-not-exists', '-if-replica-exists', '-v', 'wlm/db.sqlite3']
|
||||||
|
volumeMounts:
|
||||||
|
- name: data
|
||||||
|
mountPath: /wlm
|
||||||
|
- name: litestream-config
|
||||||
|
mountPath: /etc/litestream.yml
|
||||||
|
subPath: litestream-config.yml
|
||||||
|
env:
|
||||||
|
- name: LITESTREAM_USERNAME
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: litestream
|
||||||
|
key: username
|
||||||
|
- name: LITESTREAM_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: litestream
|
||||||
|
key: password
|
||||||
|
|
||||||
|
containers:
|
||||||
|
- name: backend
|
||||||
|
image: icr.gmem.ca/wlm:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "500m"
|
||||||
|
requests:
|
||||||
|
memory: "64Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
volumeMounts:
|
||||||
|
- name: data
|
||||||
|
mountPath: /wlm
|
||||||
|
env:
|
||||||
|
- name: WLM_DATABASE_PATH
|
||||||
|
value: "/wlm/db.sqlite3"
|
||||||
|
- name: AZURE_OAUTH_CLIENT_ID
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: mc-invites-oauth
|
||||||
|
key: client-id
|
||||||
|
optional: false
|
||||||
|
- name: AZURE_OAUTH_CLIENT_SECRET
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: mc-invites-oauth
|
||||||
|
key: client-secret
|
||||||
|
optional: false
|
||||||
|
ports:
|
||||||
|
- containerPort: 8080
|
||||||
|
|
||||||
|
- name: litestream
|
||||||
|
image: litestream/litestream:0.3.8
|
||||||
|
args: ['replicate']
|
||||||
|
volumeMounts:
|
||||||
|
- name: data
|
||||||
|
mountPath: /data
|
||||||
|
- name: litestream-config
|
||||||
|
mountPath: /etc/litestream.yml
|
||||||
|
subPath: litestream-config.yml
|
||||||
|
env:
|
||||||
|
- name: LITESTREAM_USERNAME
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: litestream
|
||||||
|
key: username
|
||||||
|
- name: LITESTREAM_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: litestream
|
||||||
|
key: password
|
||||||
|
ports:
|
||||||
|
- name: metrics
|
||||||
|
containerPort: 9090
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "500m"
|
||||||
|
requests:
|
||||||
|
memory: "64Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
volumeClaimTemplates:
|
||||||
|
- metadata:
|
||||||
|
name: data
|
||||||
|
spec:
|
||||||
|
accessModes: [ "ReadWriteOnce" ]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 2Gi
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: mc-invites-frontend
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: mc-invites-frontend
|
||||||
|
replicas: 1
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: mc-invites-frontend
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: frontend
|
||||||
|
image: icr.gmem.ca/wlm-svelte:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "500m"
|
||||||
|
requests:
|
||||||
|
memory: "64Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
ports:
|
||||||
|
- containerPort: 3000
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: mc-invites-frontend
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: mc-invites-frontend
|
||||||
|
ports:
|
||||||
|
- port: 3000
|
||||||
|
targetPort: 3000
|
31
wlm/ingress.yml
Normal file
31
wlm/ingress.yml
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: mc-inv-ingress
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/issuer: "letsencrypt-prod"
|
||||||
|
namespace: default
|
||||||
|
|
||||||
|
spec:
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- mc.gmem.ca
|
||||||
|
secretName: mc-inv-tls
|
||||||
|
rules:
|
||||||
|
- host: mc.gmem.ca
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: mc-invites-frontend
|
||||||
|
port:
|
||||||
|
number: 3000
|
||||||
|
- path: /api
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: mc-invites
|
||||||
|
port:
|
||||||
|
number: 8080
|
20
wlm/issuer.yml
Normal file
20
wlm/issuer.yml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Issuer
|
||||||
|
metadata:
|
||||||
|
name: letsencrypt-prod
|
||||||
|
namespace: default
|
||||||
|
|
||||||
|
spec:
|
||||||
|
acme:
|
||||||
|
# The ACME server URL
|
||||||
|
server: https://acme-v02.api.letsencrypt.org/directory
|
||||||
|
# Email address used for ACME registration
|
||||||
|
email: mc-invites@gmem.ca
|
||||||
|
# Name of a secret used to store the ACME account private key
|
||||||
|
privateKeySecretRef:
|
||||||
|
name: letsencrypt-pro
|
||||||
|
# Enable the HTTP-01 challenge provider
|
||||||
|
solvers:
|
||||||
|
- http01:
|
||||||
|
ingress:
|
||||||
|
class: traefik
|
16
wlm/service.yml
Normal file
16
wlm/service.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: mc-invites
|
||||||
|
namespace: default
|
||||||
|
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app: mc-invites
|
||||||
|
ports:
|
||||||
|
- port: 8080
|
||||||
|
targetPort: 8080
|
||||||
|
name: api
|
||||||
|
- port: 80
|
||||||
|
targetPort: 3000
|
||||||
|
name: frontend
|
32
wlm/statefulset.yml
Normal file
32
wlm/statefulset.yml
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: StatefulSet
|
||||||
|
metadata:
|
||||||
|
name: mystatefulset
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: myapp
|
||||||
|
serviceName: <ServiceName>
|
||||||
|
replicas: 2
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: myapp
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: myapp
|
||||||
|
image: k8s.gcr.io/nginx-slim:0.8
|
||||||
|
ports:
|
||||||
|
- containerPort: 80
|
||||||
|
name: web
|
||||||
|
volumeMounts:
|
||||||
|
- name: www
|
||||||
|
mountPath: /usr/share/nginx/html
|
||||||
|
volumeClaimTemplates:
|
||||||
|
- metadata:
|
||||||
|
name: www
|
||||||
|
spec:
|
||||||
|
accessModes: [ "ReadWriteOnce" ]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 1Gi
|
Loading…
Reference in a new issue