Initial commit, porting existing apps
Includes vaultwarden, hue and basic registry
This commit is contained in:
commit
e5e4c83f81
8
configs/litestream.yml
Normal file
8
configs/litestream.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
dbs:
|
||||
- path: /data/db.sqlite3
|
||||
replicas:
|
||||
- type: sftp
|
||||
host: ${LITESTREAM_USERNAME}.your-storagebox.de
|
||||
user: ${LITESTREAM_USERNAME}
|
||||
password: ${LITESTREAM_PASSWORD}
|
||||
path: /
|
50
rapps/hue.yml
Normal file
50
rapps/hue.yml
Normal file
|
@ -0,0 +1,50 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: hue
|
||||
namespace: default
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: hue
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: hue
|
||||
spec:
|
||||
containers:
|
||||
- name: hue
|
||||
image: icr.gmem.ca/hue
|
||||
resources:
|
||||
limits:
|
||||
memory: "32Mi"
|
||||
cpu: "100m"
|
||||
requests:
|
||||
memory: "16Mi"
|
||||
cpu: "1m"
|
||||
ports:
|
||||
- containerPort: 80
|
||||
env:
|
||||
- name: PORT
|
||||
value: "80"
|
||||
- name: HUE_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: hue
|
||||
key: username
|
||||
- name: HUE_HUB_ADDRESS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: hue
|
||||
key: address
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: hue
|
||||
spec:
|
||||
selector:
|
||||
app: hue
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 80
|
46
rapps/ingress.yml
Normal file
46
rapps/ingress.yml
Normal file
|
@ -0,0 +1,46 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: primary-ingress
|
||||
annotations:
|
||||
cert-manager.io/issuer: "le-issuer"
|
||||
namespace: default
|
||||
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- pw.gmem.ca
|
||||
- icr.gmem.ca
|
||||
- hue.gmem.ca
|
||||
secretName: primary-tls
|
||||
rules:
|
||||
- host: pw.gmem.ca
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: vaultwarden
|
||||
port:
|
||||
number: 80
|
||||
- host: icr.gmem.ca
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: registry
|
||||
port:
|
||||
number: 5000
|
||||
- host: hue.gmem.ca
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: hue
|
||||
port:
|
||||
number: 80
|
20
rapps/issuer.yml
Normal file
20
rapps/issuer.yml
Normal file
|
@ -0,0 +1,20 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: le-issuer
|
||||
spec:
|
||||
acme:
|
||||
# The ACME server URL
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
# Email address used for ACME registration
|
||||
email: mc-invites@gmem.ca
|
||||
# Name of a secret used to store the ACME account private key
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-pro
|
||||
# Enable the HTTP-01 challenge provider
|
||||
solvers:
|
||||
- dns01:
|
||||
cloudflare:
|
||||
apiTokenSecretRef:
|
||||
name: cloudflare
|
||||
key: api-token
|
47
rapps/registry.yml
Normal file
47
rapps/registry.yml
Normal file
|
@ -0,0 +1,47 @@
|
|||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: registry
|
||||
labels:
|
||||
app: registry
|
||||
spec:
|
||||
containers:
|
||||
- name: registry
|
||||
image: registry:2.6.2
|
||||
volumeMounts:
|
||||
- name: registry-repo
|
||||
mountPath: "/var/lib/registry"
|
||||
resources:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "64Mi"
|
||||
cpu: "100m"
|
||||
volumes:
|
||||
- name: registry-repo
|
||||
persistentVolumeClaim:
|
||||
claimName: registry-repo
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: registry
|
||||
spec:
|
||||
selector:
|
||||
app: registry
|
||||
ports:
|
||||
- port: 5000
|
||||
targetPort: 5000
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: registry-repo
|
||||
namespace: default
|
||||
spec:
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
119
rapps/vaultwarden.yml
Normal file
119
rapps/vaultwarden.yml
Normal file
|
@ -0,0 +1,119 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: vaultwarden
|
||||
namespace: default
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: vaultwarden
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: vaultwarden
|
||||
spec:
|
||||
volumes:
|
||||
- name: litestream
|
||||
configMap:
|
||||
name: litestream
|
||||
- name: config
|
||||
configMap:
|
||||
name: vaultwarden
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: vaultwarden-data
|
||||
|
||||
initContainers:
|
||||
- name: init-litestream
|
||||
image: litestream/litestream:sha-565f7a4
|
||||
args: ['restore', '-if-db-not-exists', '-if-replica-exists', '-v', '/data/db.sqlite3']
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
- name: litestream
|
||||
mountPath: /etc/litestream.yml
|
||||
subPath: litestream.yml
|
||||
env:
|
||||
- name: LITESTREAM_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: litestream
|
||||
key: username
|
||||
- name: LITESTREAM_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: litestream
|
||||
key: password
|
||||
|
||||
containers:
|
||||
- name: vaultwarden
|
||||
image: docker.io/vaultwarden/server
|
||||
resources:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
requests:
|
||||
memory: "64Mi"
|
||||
cpu: "100m"
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
- name: config
|
||||
mountPath: /data/config.json
|
||||
subPath: vaultwarden.json
|
||||
ports:
|
||||
- containerPort: 80
|
||||
|
||||
- name: litestream
|
||||
image: litestream/litestream:sha-565f7a4
|
||||
args: ['replicate']
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
- name: litestream
|
||||
mountPath: /etc/litestream.yml
|
||||
subPath: litestream.yml
|
||||
env:
|
||||
- name: LITESTREAM_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: litestream
|
||||
key: username
|
||||
- name: LITESTREAM_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: litestream
|
||||
key: password
|
||||
ports:
|
||||
- name: metrics
|
||||
containerPort: 9090
|
||||
resources:
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "300m"
|
||||
requests:
|
||||
memory: "64Mi"
|
||||
cpu: "100m"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: vaultwarden
|
||||
spec:
|
||||
selector:
|
||||
app: vaultwarden
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 80
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: vaultwarden-data
|
||||
namespace: default
|
||||
spec:
|
||||
resources:
|
||||
requests:
|
||||
storage: 100Mi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
Loading…
Reference in a new issue