From 569f7e7b881f3d454915b5a827e33a1ff0f23b7a Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Sat, 2 Sep 2023 14:54:40 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=80=20babybuddy?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../default/babybuddy/app/externalsecret.yaml | 36 ++++++++ .../apps/default/babybuddy/app/gatus.yaml | 22 +++++ .../default/babybuddy/app/helmrelease.yaml | 87 +++++++++++++++++++ .../default/babybuddy/app/kustomization.yaml | 11 +++ .../apps/default/babybuddy/app/volsync.yaml | 49 +++++++++++ .../apps/default/babybuddy/app/volume.yaml | 17 ++++ kubernetes/apps/default/babybuddy/ks.yaml | 27 ++++++ kubernetes/apps/default/kustomization.yaml | 1 + 8 files changed, 250 insertions(+) create mode 100644 kubernetes/apps/default/babybuddy/app/externalsecret.yaml create mode 100644 kubernetes/apps/default/babybuddy/app/gatus.yaml create mode 100644 kubernetes/apps/default/babybuddy/app/helmrelease.yaml create mode 100644 kubernetes/apps/default/babybuddy/app/kustomization.yaml create mode 100644 kubernetes/apps/default/babybuddy/app/volsync.yaml create mode 100644 kubernetes/apps/default/babybuddy/app/volume.yaml create mode 100644 kubernetes/apps/default/babybuddy/ks.yaml diff --git a/kubernetes/apps/default/babybuddy/app/externalsecret.yaml b/kubernetes/apps/default/babybuddy/app/externalsecret.yaml new file mode 100644 index 000000000..a62c085b3 --- /dev/null +++ b/kubernetes/apps/default/babybuddy/app/externalsecret.yaml @@ -0,0 +1,36 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: babybuddy + namespace: default +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: babybuddy-secret + creationPolicy: Owner + template: + engineVersion: v2 + data: + # App + DB_NAME: &dbName babybuddy + DB_HOST: &dbHost postgres-rw.default.svc.cluster.local + DB_USER: &dbUser "{{ .POSTGRES_USER }}" + DB_PASS: &dbPass "{{ .POSTGRES_PASS }}" + SECRET_KEY: "{{ .BABYBUDDY_SECRET_KEY }}" + # Postgres Init + INIT_POSTGRES_DBNAME: *dbName + INIT_POSTGRES_HOST: *dbHost + INIT_POSTGRES_USER: *dbUser + INIT_POSTGRES_PASS: *dbPass + INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" + INIT_GRANT_SCHEMA_PUBLIC: "true" + + dataFrom: + - extract: + key: babybuddy + - extract: + key: cloudnative-pg diff --git a/kubernetes/apps/default/babybuddy/app/gatus.yaml b/kubernetes/apps/default/babybuddy/app/gatus.yaml new file mode 100644 index 000000000..e7fc09042 --- /dev/null +++ b/kubernetes/apps/default/babybuddy/app/gatus.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: babybuddy-gatus-ep + namespace: default + labels: + gatus.io/enabled: "true" +data: + config.yaml: | + endpoints: + - name: babybuddy + group: internal + url: https://babybuddy.${SECRET_CLUSTER_DOMAIN}/login/ + interval: 1m + client: + insecure: true + conditions: + - "[STATUS] == 200" + alerts: + - type: pushover + diff --git a/kubernetes/apps/default/babybuddy/app/helmrelease.yaml b/kubernetes/apps/default/babybuddy/app/helmrelease.yaml new file mode 100644 index 000000000..c876536f3 --- /dev/null +++ b/kubernetes/apps/default/babybuddy/app/helmrelease.yaml @@ -0,0 +1,87 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: &app babybuddy + namespace: default +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 1.5.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + maxHistory: 2 + install: + createNamespace: true + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + uninstall: + keepHistory: false + values: + initContainers: + 01-init-db: + image: ghcr.io/auricom/postgres-init:15.4@sha256:903b455bc6aafdca7f4bb5db0c75eefedcb122875ff9c55302614203ef87cd81 + imagePullPolicy: IfNotPresent + envFrom: &envFrom + - secretRef: + name: babybuddy-secret + 02-migrations: + image: ghcr.io/auricom/babybuddy:2.0.4@sha256:c84c9ebaa61e87b346b127c597ad9c2f42d7867429bd4e855c327d78a7ac1c6f + imagePullPolicy: IfNotPresent + envFrom: *envFrom + command: + - "/bin/bash" + - "-c" + - | + #!/bin/bash + + set -o errexit + set -o nounset + + python3 www/public/manage.py migrate --noinput + python3 www/public/manage.py createcachetable + controller: + annotations: + reloader.stakater.com/auto: "true" + image: + repository: ghcr.io/auricom/babybuddy + tag: 2.0.4@sha256:c84c9ebaa61e87b346b127c597ad9c2f42d7867429bd4e855c327d78a7ac1c6f + service: + main: + ports: + http: + port: 3000 + env: + TZ: ${TIMEZONE} + envFrom: *envFrom + persistence: + config: + enabled: true + existingClaim: babybuddy-config + ingress: + main: + enabled: true + ingressClassName: "nginx" + annotations: + hajimari.io/icon: mdi:baby-face-outline + hosts: + - host: &host "babybuddy.${SECRET_CLUSTER_DOMAIN}" + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - *host + resources: + requests: + cpu: 100m + memory: 256Mi diff --git a/kubernetes/apps/default/babybuddy/app/kustomization.yaml b/kubernetes/apps/default/babybuddy/app/kustomization.yaml new file mode 100644 index 000000000..370332bbf --- /dev/null +++ b/kubernetes/apps/default/babybuddy/app/kustomization.yaml @@ -0,0 +1,11 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./externalsecret.yaml + - ./gatus.yaml + - ./helmrelease.yaml + - ./volume.yaml + - ./volsync.yaml diff --git a/kubernetes/apps/default/babybuddy/app/volsync.yaml b/kubernetes/apps/default/babybuddy/app/volsync.yaml new file mode 100644 index 000000000..5a7e0f221 --- /dev/null +++ b/kubernetes/apps/default/babybuddy/app/volsync.yaml @@ -0,0 +1,49 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: babybuddy-restic + namespace: default +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: babybuddy-restic-secret + creationPolicy: Owner + template: + engineVersion: v2 + data: + RESTIC_REPOSITORY: '{{ .REPOSITORY_TEMPLATE }}/babybuddy' + RESTIC_PASSWORD: '{{ .RESTIC_PASSWORD }}' + AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}' + AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}' + dataFrom: + - extract: + key: volsync-restic-template +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/volsync.backube/replicationsource_v1alpha1.json +apiVersion: volsync.backube/v1alpha1 +kind: ReplicationSource +metadata: + name: babybuddy + namespace: default +spec: + sourcePVC: babybuddy-config + trigger: + schedule: "0 7 * * *" + restic: + copyMethod: Snapshot + pruneIntervalDays: 7 + repository: babybuddy-restic-secret + cacheCapacity: 10Gi + volumeSnapshotClassName: csi-ceph-blockpool + storageClassName: rook-ceph-block + moverSecurityContext: + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + retain: + daily: 7 + within: 3d diff --git a/kubernetes/apps/default/babybuddy/app/volume.yaml b/kubernetes/apps/default/babybuddy/app/volume.yaml new file mode 100644 index 000000000..35a6134dc --- /dev/null +++ b/kubernetes/apps/default/babybuddy/app/volume.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: babybuddy-config + namespace: default + labels: + app.kubernetes.io/name: &name babybuddy + app.kubernetes.io/instance: *name + snapshot.home.arpa/enabled: "true" +spec: + accessModes: + - ReadWriteOnce + storageClassName: rook-ceph-block + resources: + requests: + storage: 1Gi diff --git a/kubernetes/apps/default/babybuddy/ks.yaml b/kubernetes/apps/default/babybuddy/ks.yaml new file mode 100644 index 000000000..dbbae6ea1 --- /dev/null +++ b/kubernetes/apps/default/babybuddy/ks.yaml @@ -0,0 +1,27 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cluster-apps-babybuddy + namespace: flux-system + labels: + substitution.flux.home.arpa/enabled: "true" +spec: + path: ./kubernetes/apps/default/babybuddy/app + prune: true + sourceRef: + kind: GitRepository + name: home-ops-kubernetes + dependsOn: + - name: cluster-apps-cloudnative-pg-cluster + - name: cluster-apps-external-secrets-stores + - name: cluster-apps-volsync-app + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v2beta1 + kind: HelmRelease + name: babybuddy + namespace: default + interval: 30m + retryInterval: 1m + timeout: 3m diff --git a/kubernetes/apps/default/kustomization.yaml b/kubernetes/apps/default/kustomization.yaml index ca6100f3a..46d00c508 100644 --- a/kubernetes/apps/default/kustomization.yaml +++ b/kubernetes/apps/default/kustomization.yaml @@ -7,6 +7,7 @@ resources: - ./namespace.yaml # Flux-Kustomizations - ./authelia/ks.yaml + - ./babybuddy/ks.yaml - ./bazarr/ks.yaml - ./calibre/ks.yaml - ./cloudnative-pg/ks.yaml