From e5e4c83f8170757487d0ad5f82b2969e11b4426d Mon Sep 17 00:00:00 2001 From: Gabriel Simmer Date: Sun, 10 Jul 2022 00:45:18 +0100 Subject: [PATCH] Initial commit, porting existing apps Includes vaultwarden, hue and basic registry --- configs/litestream.yml | 8 +++ rapps/hue.yml | 50 +++++++++++++++++ rapps/ingress.yml | 46 ++++++++++++++++ rapps/issuer.yml | 20 +++++++ rapps/registry.yml | 47 ++++++++++++++++ rapps/vaultwarden.yml | 119 +++++++++++++++++++++++++++++++++++++++++ 6 files changed, 290 insertions(+) create mode 100644 configs/litestream.yml create mode 100644 rapps/hue.yml create mode 100644 rapps/ingress.yml create mode 100644 rapps/issuer.yml create mode 100644 rapps/registry.yml create mode 100644 rapps/vaultwarden.yml diff --git a/configs/litestream.yml b/configs/litestream.yml new file mode 100644 index 0000000..d2911b7 --- /dev/null +++ b/configs/litestream.yml @@ -0,0 +1,8 @@ +dbs: + - path: /data/db.sqlite3 + replicas: + - type: sftp + host: ${LITESTREAM_USERNAME}.your-storagebox.de + user: ${LITESTREAM_USERNAME} + password: ${LITESTREAM_PASSWORD} + path: / \ No newline at end of file diff --git a/rapps/hue.yml b/rapps/hue.yml new file mode 100644 index 0000000..7d21269 --- /dev/null +++ b/rapps/hue.yml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: hue + namespace: default +spec: + selector: + matchLabels: + app: hue + template: + metadata: + labels: + app: hue + spec: + containers: + - name: hue + image: icr.gmem.ca/hue + resources: + limits: + memory: "32Mi" + cpu: "100m" + requests: + memory: "16Mi" + cpu: "1m" + ports: + - containerPort: 80 + env: + - name: PORT + value: "80" + - name: HUE_USERNAME + valueFrom: + secretKeyRef: + name: hue + key: username + - name: HUE_HUB_ADDRESS + valueFrom: + secretKeyRef: + name: hue + key: address +--- +apiVersion: v1 +kind: Service +metadata: + name: hue +spec: + selector: + app: hue + ports: + - port: 80 + targetPort: 80 diff --git a/rapps/ingress.yml b/rapps/ingress.yml new file mode 100644 index 0000000..c73bd19 --- /dev/null +++ b/rapps/ingress.yml @@ -0,0 +1,46 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: primary-ingress + annotations: + cert-manager.io/issuer: "le-issuer" + namespace: default + +spec: + tls: + - hosts: + - pw.gmem.ca + - icr.gmem.ca + - hue.gmem.ca + secretName: primary-tls + rules: + - host: pw.gmem.ca + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: vaultwarden + port: + number: 80 + - host: icr.gmem.ca + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: registry + port: + number: 5000 + - host: hue.gmem.ca + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: hue + port: + number: 80 \ No newline at end of file diff --git a/rapps/issuer.yml b/rapps/issuer.yml new file mode 100644 index 0000000..b5f6951 --- /dev/null +++ b/rapps/issuer.yml @@ -0,0 +1,20 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: le-issuer +spec: + acme: + # The ACME server URL + server: https://acme-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: mc-invites@gmem.ca + # Name of a secret used to store the ACME account private key + privateKeySecretRef: + name: letsencrypt-pro + # Enable the HTTP-01 challenge provider + solvers: + - dns01: + cloudflare: + apiTokenSecretRef: + name: cloudflare + key: api-token diff --git a/rapps/registry.yml b/rapps/registry.yml new file mode 100644 index 0000000..b81f21f --- /dev/null +++ b/rapps/registry.yml @@ -0,0 +1,47 @@ +apiVersion: v1 +kind: Pod +metadata: + name: registry + labels: + app: registry +spec: + containers: + - name: registry + image: registry:2.6.2 + volumeMounts: + - name: registry-repo + mountPath: "/var/lib/registry" + resources: + limits: + memory: "128Mi" + cpu: "500m" + requests: + memory: "64Mi" + cpu: "100m" + volumes: + - name: registry-repo + persistentVolumeClaim: + claimName: registry-repo +--- +apiVersion: v1 +kind: Service +metadata: + name: registry +spec: + selector: + app: registry + ports: + - port: 5000 + targetPort: 5000 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: registry-repo + namespace: default +spec: + resources: + requests: + storage: 10Gi + accessModes: + - ReadWriteOnce diff --git a/rapps/vaultwarden.yml b/rapps/vaultwarden.yml new file mode 100644 index 0000000..6b87aa5 --- /dev/null +++ b/rapps/vaultwarden.yml @@ -0,0 +1,119 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vaultwarden + namespace: default +spec: + selector: + matchLabels: + app: vaultwarden + template: + metadata: + labels: + app: vaultwarden + spec: + volumes: + - name: litestream + configMap: + name: litestream + - name: config + configMap: + name: vaultwarden + - name: data + persistentVolumeClaim: + claimName: vaultwarden-data + + initContainers: + - name: init-litestream + image: litestream/litestream:sha-565f7a4 + args: ['restore', '-if-db-not-exists', '-if-replica-exists', '-v', '/data/db.sqlite3'] + volumeMounts: + - name: data + mountPath: /data + - name: litestream + mountPath: /etc/litestream.yml + subPath: litestream.yml + env: + - name: LITESTREAM_USERNAME + valueFrom: + secretKeyRef: + name: litestream + key: username + - name: LITESTREAM_PASSWORD + valueFrom: + secretKeyRef: + name: litestream + key: password + + containers: + - name: vaultwarden + image: docker.io/vaultwarden/server + resources: + limits: + memory: "128Mi" + cpu: "500m" + requests: + memory: "64Mi" + cpu: "100m" + volumeMounts: + - name: data + mountPath: /data + - name: config + mountPath: /data/config.json + subPath: vaultwarden.json + ports: + - containerPort: 80 + + - name: litestream + image: litestream/litestream:sha-565f7a4 + args: ['replicate'] + volumeMounts: + - name: data + mountPath: /data + - name: litestream + mountPath: /etc/litestream.yml + subPath: litestream.yml + env: + - name: LITESTREAM_USERNAME + valueFrom: + secretKeyRef: + name: litestream + key: username + - name: LITESTREAM_PASSWORD + valueFrom: + secretKeyRef: + name: litestream + key: password + ports: + - name: metrics + containerPort: 9090 + resources: + limits: + memory: "128Mi" + cpu: "300m" + requests: + memory: "64Mi" + cpu: "100m" +--- +apiVersion: v1 +kind: Service +metadata: + name: vaultwarden +spec: + selector: + app: vaultwarden + ports: + - port: 80 + targetPort: 80 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: vaultwarden-data + namespace: default +spec: + resources: + requests: + storage: 100Mi + accessModes: + - ReadWriteOnce