From 431e1764394d759fe3eb63bf4bc9134c7c740a1d Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Fri, 16 Sep 2022 10:25:00 +0200 Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20wallabag?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cluster/apps/data/freshrss/kustomization.yaml | 5 - cluster/apps/data/freshrss/volume.yaml | 15 --- cluster/apps/data/joplin/helm-release.yaml | 63 ------------- cluster/apps/data/joplin/kustomization.yaml | 4 - cluster/apps/data/kustomization.yaml | 1 - .../apps/data/vaultwarden/helm-release.yaml | 94 ------------------- .../apps/data/vaultwarden/kustomization.yaml | 5 - cluster/apps/data/vaultwarden/volume.yaml | 15 --- cluster/apps/data/whoogle/helm-release.yaml | 72 -------------- cluster/apps/data/whoogle/kustomization.yaml | 4 - cluster/apps/web-tools/kustomization.yaml | 1 + .../wallabag}/helm-release.yaml | 60 ++++++------ .../web-tools/wallabag/kustomization.yaml | 10 ++ .../apps/web-tools/wallabag/patches/env.yaml | 19 ++++ .../web-tools/wallabag/patches/postgres.yaml | 31 ++++++ .../apps/web-tools/wallabag/secret.sops.yaml | 30 ++++++ 16 files changed, 124 insertions(+), 305 deletions(-) delete mode 100644 cluster/apps/data/freshrss/kustomization.yaml delete mode 100644 cluster/apps/data/freshrss/volume.yaml delete mode 100644 cluster/apps/data/joplin/helm-release.yaml delete mode 100644 cluster/apps/data/joplin/kustomization.yaml delete mode 100644 cluster/apps/data/vaultwarden/helm-release.yaml delete mode 100644 cluster/apps/data/vaultwarden/kustomization.yaml delete mode 100644 cluster/apps/data/vaultwarden/volume.yaml delete mode 100644 cluster/apps/data/whoogle/helm-release.yaml delete mode 100644 cluster/apps/data/whoogle/kustomization.yaml rename cluster/apps/{data/freshrss => web-tools/wallabag}/helm-release.yaml (51%) create mode 100644 cluster/apps/web-tools/wallabag/kustomization.yaml create mode 100644 cluster/apps/web-tools/wallabag/patches/env.yaml create mode 100644 cluster/apps/web-tools/wallabag/patches/postgres.yaml create mode 100644 cluster/apps/web-tools/wallabag/secret.sops.yaml diff --git a/cluster/apps/data/freshrss/kustomization.yaml b/cluster/apps/data/freshrss/kustomization.yaml deleted file mode 100644 index 21f1d9e05..000000000 --- a/cluster/apps/data/freshrss/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - helm-release.yaml - - volume.yaml diff --git a/cluster/apps/data/freshrss/volume.yaml b/cluster/apps/data/freshrss/volume.yaml deleted file mode 100644 index 8ff3239cf..000000000 --- a/cluster/apps/data/freshrss/volume.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: freshrss-config - namespace: data - labels: - kasten-io/backup: "true" -spec: - accessModes: - - ReadWriteOnce - storageClassName: rook-ceph-block - resources: - requests: - storage: 1Gi diff --git a/cluster/apps/data/joplin/helm-release.yaml b/cluster/apps/data/joplin/helm-release.yaml deleted file mode 100644 index 116cc0609..000000000 --- a/cluster/apps/data/joplin/helm-release.yaml +++ /dev/null @@ -1,63 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: &app joplin - namespace: data -spec: - interval: 15m - chart: - spec: - chart: kah-common-chart - version: 1.2.2 - sourceRef: - kind: HelmRepository - name: k8s-at-home-charts - namespace: flux-system - interval: 15m - install: - createNamespace: true - remediation: - retries: 5 - upgrade: - remediation: - retries: 5 - values: - global: - nameOverride: *app - - image: - repository: joplin/server - tag: 2.7.4-beta - - env: - APP_BASE_URL: https://joplin.${SECRET_CLUSTER_DOMAIN} - APP_PORT: 22300 - DB_CLIENT: pg - POSTGRES_HOST: postgres.${SECRET_DOMAIN} - POSTGRES_PORT: 5432 - POSTGRES_DATABASE: joplin - POSTGRES_USER: joplin - POSTGRES_PASSWORD: ${SECRET_JOPLIN_DB_PASSWORD} - - service: - main: - ports: - http: - port: 22300 - - ingress: - main: - enabled: true - ingressClassName: "nginx" - annotations: - external-dns.alpha.kubernetes.io/target: "services.${SECRET_DOMAIN}." - external-dns/is-public: "true" - hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - *host diff --git a/cluster/apps/data/joplin/kustomization.yaml b/cluster/apps/data/joplin/kustomization.yaml deleted file mode 100644 index 34a8531ce..000000000 --- a/cluster/apps/data/joplin/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - helm-release.yaml diff --git a/cluster/apps/data/kustomization.yaml b/cluster/apps/data/kustomization.yaml index 23447e064..3b5f81eaf 100644 --- a/cluster/apps/data/kustomization.yaml +++ b/cluster/apps/data/kustomization.yaml @@ -12,4 +12,3 @@ resources: - tandoor - truecommand - vikunja - - wallabag diff --git a/cluster/apps/data/vaultwarden/helm-release.yaml b/cluster/apps/data/vaultwarden/helm-release.yaml deleted file mode 100644 index fc39581ce..000000000 --- a/cluster/apps/data/vaultwarden/helm-release.yaml +++ /dev/null @@ -1,94 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: &app vaultwarden - namespace: data -spec: - interval: 15m - chart: - spec: - chart: kah-common-chart - version: 1.2.2 - sourceRef: - kind: HelmRepository - name: k8s-at-home-charts - namespace: flux-system - interval: 15m - install: - createNamespace: true - remediation: - retries: 5 - upgrade: - remediation: - retries: 5 - values: - global: - nameOverride: *app - - image: - repository: ghcr.io/k8s-at-home/vaultwarden - tag: v1.25.2 - - strategy: - type: Recreate - - env: - DATA_FOLDER: "data" - ICON_CACHE_FOLDER: "data/icon_cache" - ATTACHMENTS_FOLDER: "data/attachments" - DOMAIN: "https://vaultwarden.${SECRET_CLUSTER_DOMAIN}" - ADMIN_TOKEN: ${SECRET_VAULTWARDEN_ADMIN_TOKEN} - DATABASE_URL: ${SECRET_VAULTWARDEN_DB_URL} - TZ: "${TIMEZONE}" - SIGNUPS_ALLOWED: "false" - WEBSOCKET_ENABLED: "true" - WEBSOCKET_ADDRESS: 0.0.0.0 - WEBSOCKET_PORT: 3012 - SMTP_HOST: smtp-relay.default.svc.cluster.local - SMTP_FROM: vaultwarden@${SECRET_DOMAIN} - SMTP_FROM_NAME: vaultwarden - SMTP_PORT: 2525 - - service: - main: - ports: - http: - port: 80 - websocket: - enabled: true - port: 3012 - - persistence: - data: - enabled: true - existingClaim: vaultwarden-data - mountPath: /data - - ingress: - main: - enabled: true - ingressClassName: "nginx" - annotations: - external-dns.alpha.kubernetes.io/target: "services.${SECRET_DOMAIN}." - external-dns/is-public: "true" - hosts: - - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" - paths: - - path: / - pathType: Prefix - - path: /notifications/hub - pathType: Prefix - - path: /notifications/hub/negotiate - pathType: Prefix - service: - port: 3012 - tls: - - hosts: - - *host - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - memory: 2Gi diff --git a/cluster/apps/data/vaultwarden/kustomization.yaml b/cluster/apps/data/vaultwarden/kustomization.yaml deleted file mode 100644 index 21f1d9e05..000000000 --- a/cluster/apps/data/vaultwarden/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - helm-release.yaml - - volume.yaml diff --git a/cluster/apps/data/vaultwarden/volume.yaml b/cluster/apps/data/vaultwarden/volume.yaml deleted file mode 100644 index 01830c681..000000000 --- a/cluster/apps/data/vaultwarden/volume.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: vaultwarden-data - namespace: data - labels: - kasten-io/backup: "true" -spec: - accessModes: - - ReadWriteOnce - storageClassName: rook-ceph-block - resources: - requests: - storage: 1Gi diff --git a/cluster/apps/data/whoogle/helm-release.yaml b/cluster/apps/data/whoogle/helm-release.yaml deleted file mode 100644 index e3952f24d..000000000 --- a/cluster/apps/data/whoogle/helm-release.yaml +++ /dev/null @@ -1,72 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: &app whoogle - namespace: data -spec: - interval: 5m - chart: - spec: - chart: kah-common-chart - version: 1.2.2 - sourceRef: - kind: HelmRepository - name: k8s-at-home-charts - namespace: flux-system - interval: 5m - install: - createNamespace: true - values: - fullnameOverride: *app - controller: - replicas: 2 - strategy: RollingUpdate - image: - repository: docker.io/benbusby/whoogle-search - tag: 0.7.4 - env: - WHOOGLE_ALT_TW: farside.link/nitter - WHOOGLE_ALT_YT: farside.link/invidious - WHOOGLE_ALT_IG: imginn.com - WHOOGLE_ALT_RD: farside.link/libreddit - WHOOGLE_ALT_MD: farside.link/scribe - WHOOGLE_ALT_TL: farside.link/lingva - WHOOGLE_ALT_IMG: farside.link/rimgo - WHOOGLE_CONFIG_ALTS: 1 - WHOOGLE_CONFIG_COUNTRY: FR - WHOOGLE_CONFIG_THEME: system - WHOOGLE_CONFIG_URL: https://whoogle.${SECRET_CLUSTER_DOMAIN}/ - service: - main: - ports: - http: - port: 5000 - ingress: - main: - enabled: true - ingressClassName: "nginx" - annotations: - external-dns.alpha.kubernetes.io/target: "services.${SECRET_DOMAIN}." - external-dns/is-public: "true" - hosts: - - host: &host "whoogle.${SECRET_CLUSTER_DOMAIN}" - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - *host - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - app.kubernetes.io/name: *app - resources: - requests: - cpu: 10m - memory: 50Mi - limits: - memory: 250Mi diff --git a/cluster/apps/data/whoogle/kustomization.yaml b/cluster/apps/data/whoogle/kustomization.yaml deleted file mode 100644 index 34a8531ce..000000000 --- a/cluster/apps/data/whoogle/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - helm-release.yaml diff --git a/cluster/apps/web-tools/kustomization.yaml b/cluster/apps/web-tools/kustomization.yaml index 8c68e099c..c7a0258e1 100644 --- a/cluster/apps/web-tools/kustomization.yaml +++ b/cluster/apps/web-tools/kustomization.yaml @@ -8,4 +8,5 @@ resources: - music-transcode - theme-park - vaultwarden + - wallabag - whoogle diff --git a/cluster/apps/data/freshrss/helm-release.yaml b/cluster/apps/web-tools/wallabag/helm-release.yaml similarity index 51% rename from cluster/apps/data/freshrss/helm-release.yaml rename to cluster/apps/web-tools/wallabag/helm-release.yaml index 2fd375d92..0f537125b 100644 --- a/cluster/apps/data/freshrss/helm-release.yaml +++ b/cluster/apps/web-tools/wallabag/helm-release.yaml @@ -2,19 +2,18 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: &app freshrss - namespace: data + name: &app wallabag + namespace: default spec: interval: 15m chart: spec: - chart: kah-common-chart - version: 1.2.2 + chart: app-template + version: 0.1.1 sourceRef: kind: HelmRepository - name: k8s-at-home-charts + name: bjw-s-charts namespace: flux-system - interval: 15m install: createNamespace: true remediation: @@ -22,35 +21,33 @@ spec: upgrade: remediation: retries: 5 + dependsOn: + - name: postgres + namespace: default + - name: redis + namespace: default values: - global: - nameOverride: *app - + controller: + replicas: 1 + strategy: RollingUpdate image: - repository: freshrss/freshrss - tag: 1.20.0 - + repository: wallabag/wallabag + tag: 2.5.1 + envFrom: + - secretRef: + name: *app + enableServiceLinks: false service: main: ports: http: port: 80 - - env: - TZ: ${TIMEZONE} - CRON_MIN: "18,48" - DOMAIN: "https://freshrss.${SECRET_CLUSTER_DOMAIN}/" - - persistence: - config: - enabled: true - existingClaim: freshrss-config - mountPath: /var/www/FreshRSS/data - ingress: main: enabled: true ingressClassName: "nginx" + annotations: + external-dns.home.arpa/enabled: "true" hosts: - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" paths: @@ -59,8 +56,17 @@ spec: tls: - hosts: - *host - + securityContext: + runAsUser: 0 + persistence: + images: + enabled: true + existingClaim: wallabag-images + podAnnotations: + secret.reloader.stakater.com/reload: *app resources: requests: - cpu: 50m - memory: 256Mi + cpu: 100m + memory: 250Mi + limits: + memory: 100Gi diff --git a/cluster/apps/web-tools/wallabag/kustomization.yaml b/cluster/apps/web-tools/wallabag/kustomization.yaml new file mode 100644 index 000000000..a80766656 --- /dev/null +++ b/cluster/apps/web-tools/wallabag/kustomization.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - secret.sops.yaml + - helm-release.yaml +patchesStrategicMerge: + - patches/env.yaml + - patches/postgres.yaml diff --git a/cluster/apps/web-tools/wallabag/patches/env.yaml b/cluster/apps/web-tools/wallabag/patches/env.yaml new file mode 100644 index 000000000..7abc4ab5e --- /dev/null +++ b/cluster/apps/web-tools/wallabag/patches/env.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: wallabag + namespace: default +spec: + values: + env: + SYMFONY__ENV__DATABASE_DRIVER: pdo_pgsql + SYMFONY__ENV__DATABASE_HOST: postgres-rw.default.svc.cluster.local + SYMFONY__ENV__DATABASE_PORT: 5432 + SYMFONY__ENV__DATABASE_NAME: wallabag + SYMFONY__ENV__REDIS_HOST: redis.default.svc.cluster.local + SYMFONY__ENV__DOMAIN_NAME: https://wallabag.${SECRET_CLUSTER_DOMAIN} + SYMFONY__ENV__SERVER_NAME: Wallabag + SYMFONY__ENV__FOSUSER_REGISTRATION: "false" + SYMFONY__ENV__FOSUSER_CONFIRMATION: "false" + POPULATE_DATABASE: "false" diff --git a/cluster/apps/web-tools/wallabag/patches/postgres.yaml b/cluster/apps/web-tools/wallabag/patches/postgres.yaml new file mode 100644 index 000000000..7a47a864f --- /dev/null +++ b/cluster/apps/web-tools/wallabag/patches/postgres.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: wallabag + namespace: default +spec: + values: + initContainers: + init-db: + image: ghcr.io/onedr0p/postgres-initdb:14.5 + env: + - name: POSTGRES_HOST + value: postgres-rw.default.svc.cluster.local + - name: POSTGRES_DB + value: wallabag + - name: POSTGRES_SUPER_PASS + valueFrom: + secretKeyRef: + name: postgres-superuser + key: password + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: wallabag + key: SYMFONY__ENV__DATABASE_USER + - name: POSTGRES_PASS + valueFrom: + secretKeyRef: + name: wallabag + key: SYMFONY__ENV__DATABASE_PASSWORD diff --git a/cluster/apps/web-tools/wallabag/secret.sops.yaml b/cluster/apps/web-tools/wallabag/secret.sops.yaml new file mode 100644 index 000000000..2825eaf27 --- /dev/null +++ b/cluster/apps/web-tools/wallabag/secret.sops.yaml @@ -0,0 +1,30 @@ +# yamllint disable +apiVersion: v1 +kind: Secret +metadata: + name: wallabag + namespace: default +type: Opaque +stringData: + SYMFONY__ENV__DATABASE_USER: ENC[AES256_GCM,data:h8pfT3ZnClc=,iv:2zW23/OmEWJJIf1NFJKqnVBenNsB+NA4qchYNLzuiJ4=,tag:JCl+8+z2tCByWzEomYsiCQ==,type:str] + SYMFONY__ENV__DATABASE_PASSWORD: ENC[AES256_GCM,data:1fIzVV2zPYBs/NUimG8=,iv:4LiY6LJtmV7UHlvw+GQn0HmISm3WL11y382gkPl+aCQ=,tag:CCL/dmqz2JolNe7H8ybDVg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4TWU5YTlFY3FPQWhnZ2I2 + akxnZ2xIRVNFZTdOWmg0dFhxTUNoZEFIM1cwCit5WnduNlQ1MkF2aytCVldMeVlC + Yk5QNWRQRllOT3ZTL3VGcjJNK1VqeUkKLS0tIFMyWHNFd29nc2tMektxclJkK0pT + Ny9OQ0l4ZXMrdW40NmRsbzgvZ0w5V3cKqTGvN5zk2TPgtxoVfwI7Wsz4N+lC9+Kq + DCXTgTU/QXm9dvo4ErPPzeWFqdk4JchExhvSJV2JfM32O+3z+EGhNg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-09-16T09:15:34Z" + mac: ENC[AES256_GCM,data:RQzfap7GaeaS0dnZs0wdzPsNT4T1Wsz0ovSO1d766U/w9FlfU2nLfmVCHjKdmhCDq99gxazA5mKzaE1sUPtRrtO1td80G4KTe7jm8DDOLMQOQXgo+QN+W6hJ398uCfkrobtaQFE3YCa9sGyON5Rq2jubQ3+WyvZv/gV1oIvCVAU=,iv:o/wxk2bB97j9wcKqM3/T4kCYWrrKSGlIqgFhvTo9H9E=,tag:0VKKqxudYaNBDjGUm9O/ww==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.7.3