arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Initial commit, porting existing apps

Browse source 
Includes vaultwarden, hue and basic registry
This commit is contained in:
Gabriel Simmer 2022-07-10 00:45:18 +01:00
commit e5e4c83f81
6 changed files with 290 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
configs/litestream.yml Normal file
View file

@ -0,0 +1,8 @@
dbs:
- path: /data/db.sqlite3
replicas:
- type: sftp
host: ${LITESTREAM_USERNAME}.your-storagebox.de
user: ${LITESTREAM_USERNAME}
password: ${LITESTREAM_PASSWORD}
path: /

50
rapps/hue.yml Normal file
View file

@ -0,0 +1,50 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: hue
namespace: default
spec:
selector:
matchLabels:
app: hue
template:
metadata:
labels:
app: hue
spec:
containers:
- name: hue
image: icr.gmem.ca/hue
resources:
limits:
memory: "32Mi"
cpu: "100m"
requests:
memory: "16Mi"
cpu: "1m"
ports:
- containerPort: 80
env:
- name: PORT
value: "80"
- name: HUE_USERNAME
valueFrom:
secretKeyRef:
name: hue
key: username
- name: HUE_HUB_ADDRESS
valueFrom:
secretKeyRef:
name: hue
key: address
---
apiVersion: v1
kind: Service
metadata:
name: hue
spec:
selector:
app: hue
ports:
- port: 80
targetPort: 80

46
rapps/ingress.yml Normal file
View file

@ -0,0 +1,46 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: primary-ingress
annotations:
cert-manager.io/issuer: "le-issuer"
namespace: default
spec:
tls:
- hosts:
- pw.gmem.ca
- icr.gmem.ca
- hue.gmem.ca
secretName: primary-tls
rules:
- host: pw.gmem.ca
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: vaultwarden
port:
number: 80
- host: icr.gmem.ca
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: registry
port:
number: 5000
- host: hue.gmem.ca
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hue
port:
number: 80

20
rapps/issuer.yml Normal file
View file

@ -0,0 +1,20 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: le-issuer
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: mc-invites@gmem.ca
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-pro
# Enable the HTTP-01 challenge provider
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cloudflare
key: api-token

47
rapps/registry.yml Normal file
View file

@ -0,0 +1,47 @@
apiVersion: v1
kind: Pod
metadata:
name: registry
labels:
app: registry
spec:
containers:
- name: registry
image: registry:2.6.2
volumeMounts:
- name: registry-repo
mountPath: "/var/lib/registry"
resources:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "64Mi"
cpu: "100m"
volumes:
- name: registry-repo
persistentVolumeClaim:
claimName: registry-repo
---
apiVersion: v1
kind: Service
metadata:
name: registry
spec:
selector:
app: registry
ports:
- port: 5000
targetPort: 5000
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: registry-repo
namespace: default
spec:
resources:
requests:
storage: 10Gi
accessModes:
- ReadWriteOnce

119
rapps/vaultwarden.yml Normal file
View file

@ -0,0 +1,119 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: vaultwarden
namespace: default
spec:
selector:
matchLabels:
app: vaultwarden
template:
metadata:
labels:
app: vaultwarden
spec:
volumes:
- name: litestream
configMap:
name: litestream
- name: config
configMap:
name: vaultwarden
- name: data
persistentVolumeClaim:
claimName: vaultwarden-data
initContainers:
- name: init-litestream
image: litestream/litestream:sha-565f7a4
args: ['restore', '-if-db-not-exists', '-if-replica-exists', '-v', '/data/db.sqlite3']
volumeMounts:
- name: data
mountPath: /data
- name: litestream
mountPath: /etc/litestream.yml
subPath: litestream.yml
env:
- name: LITESTREAM_USERNAME
valueFrom:
secretKeyRef:
name: litestream
key: username
- name: LITESTREAM_PASSWORD
valueFrom:
secretKeyRef:
name: litestream
key: password
containers:
- name: vaultwarden
image: docker.io/vaultwarden/server
resources:
limits:
memory: "128Mi"
cpu: "500m"
requests:
memory: "64Mi"
cpu: "100m"
volumeMounts:
- name: data
mountPath: /data
- name: config
mountPath: /data/config.json
subPath: vaultwarden.json
ports:
- containerPort: 80
- name: litestream
image: litestream/litestream:sha-565f7a4
args: ['replicate']
volumeMounts:
- name: data
mountPath: /data
- name: litestream
mountPath: /etc/litestream.yml
subPath: litestream.yml
env:
- name: LITESTREAM_USERNAME
valueFrom:
secretKeyRef:
name: litestream
key: username
- name: LITESTREAM_PASSWORD
valueFrom:
secretKeyRef:
name: litestream
key: password
ports:
- name: metrics
containerPort: 9090
resources:
limits:
memory: "128Mi"
cpu: "300m"
requests:
memory: "64Mi"
cpu: "100m"
---
apiVersion: v1
kind: Service
metadata:
name: vaultwarden
spec:
selector:
app: vaultwarden
ports:
- port: 80
targetPort: 80
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: vaultwarden-data
namespace: default
spec:
resources:
requests:
storage: 100Mi
accessModes:
- ReadWriteOnce