Move mc-invites config to main infra repo
This commit is contained in:
parent
e5e4c83f81
commit
ac68724a9b
8
configs/litestream/wlm.yml
Normal file
8
configs/litestream/wlm.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
dbs:
|
||||
- path: wlm/db.sqlite3
|
||||
replicas:
|
||||
- type: sftp
|
||||
host: ${LITESTREAM_USERNAME}.your-storagebox.de
|
||||
user: ${LITESTREAM_USERNAME}
|
||||
password: ${LITESTREAM_PASSWORD}
|
||||
path: /
|
|
@ -13,8 +13,8 @@ spec:
|
|||
mountPath: "/var/lib/registry"
|
||||
resources:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
memory: "256Mi"
|
||||
cpu: "2"
|
||||
requests:
|
||||
memory: "64Mi"
|
||||
cpu: "100m"
|
||||
|
|
|
@ -1,12 +1,13 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: vaultwarden
|
||||
namespace: default
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: vaultwarden
|
||||
serviceName: vaultwarden
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
|
@ -19,10 +20,6 @@ spec:
|
|||
- name: config
|
||||
configMap:
|
||||
name: vaultwarden
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: vaultwarden-data
|
||||
|
||||
initContainers:
|
||||
- name: init-litestream
|
||||
image: litestream/litestream:sha-565f7a4
|
||||
|
@ -55,15 +52,15 @@ spec:
|
|||
requests:
|
||||
memory: "64Mi"
|
||||
cpu: "100m"
|
||||
ports:
|
||||
- containerPort: 80
|
||||
name: web
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
- name: config
|
||||
mountPath: /data/config.json
|
||||
subPath: vaultwarden.json
|
||||
ports:
|
||||
- containerPort: 80
|
||||
|
||||
- name: litestream
|
||||
image: litestream/litestream:sha-565f7a4
|
||||
args: ['replicate']
|
||||
|
@ -94,17 +91,15 @@ spec:
|
|||
requests:
|
||||
memory: "64Mi"
|
||||
cpu: "100m"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: vaultwarden
|
||||
spec:
|
||||
selector:
|
||||
app: vaultwarden
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 80
|
||||
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: data
|
||||
spec:
|
||||
accessModes: [ "ReadWriteOnce" ]
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
|
|
150
wlm/deployment.yml
Normal file
150
wlm/deployment.yml
Normal file
|
@ -0,0 +1,150 @@
|
|||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: mc-invites
|
||||
namespace: default
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: mc-invites
|
||||
serviceName: mc-invites
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: mc-invites
|
||||
spec:
|
||||
volumes:
|
||||
- name: litestream-config
|
||||
configMap:
|
||||
name: litestream
|
||||
initContainers:
|
||||
- name: init-litestream
|
||||
image: litestream/litestream:0.3.8
|
||||
args: ['restore', '-if-db-not-exists', '-if-replica-exists', '-v', 'wlm/db.sqlite3']
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /wlm
|
||||
- name: litestream-config
|
||||
mountPath: /etc/litestream.yml
|
||||
subPath: litestream-config.yml
|
||||
env:
|
||||
- name: LITESTREAM_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: litestream
|
||||
key: username
|
||||
- name: LITESTREAM_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: litestream
|
||||
key: password
|
||||
|
||||
containers:
|
||||
- name: backend
|
||||
image: icr.gmem.ca/wlm:latest
|
||||
imagePullPolicy: Always
|
||||
resources:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "64Mi"
|
||||
cpu: "100m"
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /wlm
|
||||
env:
|
||||
- name: WLM_DATABASE_PATH
|
||||
value: "/wlm/db.sqlite3"
|
||||
- name: AZURE_OAUTH_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: mc-invites-oauth
|
||||
key: client-id
|
||||
optional: false
|
||||
- name: AZURE_OAUTH_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: mc-invites-oauth
|
||||
key: client-secret
|
||||
optional: false
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
|
||||
- name: litestream
|
||||
image: litestream/litestream:0.3.8
|
||||
args: ['replicate']
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
- name: litestream-config
|
||||
mountPath: /etc/litestream.yml
|
||||
subPath: litestream-config.yml
|
||||
env:
|
||||
- name: LITESTREAM_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: litestream
|
||||
key: username
|
||||
- name: LITESTREAM_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: litestream
|
||||
key: password
|
||||
ports:
|
||||
- name: metrics
|
||||
containerPort: 9090
|
||||
resources:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "64Mi"
|
||||
cpu: "100m"
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: data
|
||||
spec:
|
||||
accessModes: [ "ReadWriteOnce" ]
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: mc-invites-frontend
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: mc-invites-frontend
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: mc-invites-frontend
|
||||
spec:
|
||||
containers:
|
||||
- name: frontend
|
||||
image: icr.gmem.ca/wlm-svelte:latest
|
||||
imagePullPolicy: Always
|
||||
resources:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "64Mi"
|
||||
cpu: "100m"
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: mc-invites-frontend
|
||||
spec:
|
||||
selector:
|
||||
app: mc-invites-frontend
|
||||
ports:
|
||||
- port: 3000
|
||||
targetPort: 3000
|
31
wlm/ingress.yml
Normal file
31
wlm/ingress.yml
Normal file
|
@ -0,0 +1,31 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: mc-inv-ingress
|
||||
annotations:
|
||||
cert-manager.io/issuer: "letsencrypt-prod"
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- mc.gmem.ca
|
||||
secretName: mc-inv-tls
|
||||
rules:
|
||||
- host: mc.gmem.ca
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: mc-invites-frontend
|
||||
port:
|
||||
number: 3000
|
||||
- path: /api
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: mc-invites
|
||||
port:
|
||||
number: 8080
|
20
wlm/issuer.yml
Normal file
20
wlm/issuer.yml
Normal file
|
@ -0,0 +1,20 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: letsencrypt-prod
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
acme:
|
||||
# The ACME server URL
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
# Email address used for ACME registration
|
||||
email: mc-invites@gmem.ca
|
||||
# Name of a secret used to store the ACME account private key
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-pro
|
||||
# Enable the HTTP-01 challenge provider
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: traefik
|
16
wlm/service.yml
Normal file
16
wlm/service.yml
Normal file
|
@ -0,0 +1,16 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: mc-invites
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
selector:
|
||||
app: mc-invites
|
||||
ports:
|
||||
- port: 8080
|
||||
targetPort: 8080
|
||||
name: api
|
||||
- port: 80
|
||||
targetPort: 3000
|
||||
name: frontend
|
32
wlm/statefulset.yml
Normal file
32
wlm/statefulset.yml
Normal file
|
@ -0,0 +1,32 @@
|
|||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: mystatefulset
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: myapp
|
||||
serviceName: <ServiceName>
|
||||
replicas: 2
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: myapp
|
||||
spec:
|
||||
containers:
|
||||
- name: myapp
|
||||
image: k8s.gcr.io/nginx-slim:0.8
|
||||
ports:
|
||||
- containerPort: 80
|
||||
name: web
|
||||
volumeMounts:
|
||||
- name: www
|
||||
mountPath: /usr/share/nginx/html
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: www
|
||||
spec:
|
||||
accessModes: [ "ReadWriteOnce" ]
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
Loading…
Reference in a new issue