shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

♻️ tandoor

Browse Source
This commit is contained in:
auricom
2023-04-11 00:37:14 +02:00
parent 67e6406b13
commit 82d02d97e1
7 changed files with 96 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kubernetes/apps/default/cloudnative-pg/cluster/backups/external-backup.yaml
View File

@@ -20,7 +20,7 @@ spec:
- name: POSTGRES_HOST - name: POSTGRES_HOST
value: ${POSTGRES_HOST} value: ${POSTGRES_HOST}
- name: POSTGRES_DB - name: POSTGRES_DB
value: "authelia,drone,freshrss,gitea,invidious,joplin,lychee,paperless,recipes,semaphore,sharry,outline,vaultwarden,vikunja,wallabag" value: "authelia,drone,freshrss,gitea,invidious,joplin,lychee,paperless,semaphore,sharry,tandoor,outline,vaultwarden,vikunja,wallabag"
- name: POSTGRES_USER - name: POSTGRES_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:

6
kubernetes/apps/default/tandoor/app/backups/replicationsource.yaml
View File

@@ -17,9 +17,9 @@ spec:
volumeSnapshotClassName: csi-ceph-blockpool volumeSnapshotClassName: csi-ceph-blockpool
storageClassName: rook-ceph-block storageClassName: rook-ceph-block
moverSecurityContext: moverSecurityContext:
runAsUser: 70 runAsUser: 568
runAsGroup: 70 runAsGroup: 568
fsGroup: 70 fsGroup: 568
retain: retain:
daily: 10 daily: 10
within: 3d within: 3d

9
kubernetes/apps/default/tandoor/app/config/nginx-config
View File

@@ -1,10 +1,11 @@
pid /tmp/nginx.pid;
events { events {
worker_connections 1024; worker_connections 1024;
} }
http { http {
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
server { server {
listen 80; listen 8080;
server_name _; server_name _;
client_max_body_size 128M; client_max_body_size 128M;
# serve media files # serve media files
@@ -15,11 +16,5 @@ http {
location /static/ { location /static/ {
alias /static/; alias /static/;
} }
# pass requests for dynamic content to gunicorn
location / {
proxy_set_header Host $host;
proxy_set_header REMOTE-USER $http_x_authentik_username;
proxy_pass http://localhost:8080;
}
} }
} }

89
kubernetes/apps/default/tandoor/app/helmrelease.yaml
View File

@@ -27,17 +27,33 @@ spec:
uninstall: uninstall:
keepHistory: false keepHistory: false
values: values:
controller:
annotations:
reloader.stakater.com/auto: "true"
image: image:
repository: vabene1111/recipes repository: vabene1111/recipes
tag: "1.4.8" tag: 1.4.8
envFrom: envFrom:
- secretRef: - secretRef:
name: *app name: tandoor-secret
command:
- /opt/recipes/venv/bin/gunicorn
- -b
- :8888
- --access-logfile
- "-"
- --error-logfile
- "-"
- --log-level
- INFO
- recipes.wsgi
service: service:
main: main:
ports: ports:
http: http:
port: 80 port: &port 8888
nginx:
port: &port2 8080
ingress: ingress:
main: main:
enabled: true enabled: true
@@ -46,13 +62,16 @@ spec:
hajimari.io/icon: mdi:chef-hat hajimari.io/icon: mdi:chef-hat
hosts: hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}" - host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths: paths: &paths
- path: / - path: /
pathType: Prefix - path: /media
service:
port: *port2
- path: /static
service:
port: *port2
- host: &host2 "recipes.${SECRET_CLUSTER_DOMAIN}" - host: &host2 "recipes.${SECRET_CLUSTER_DOMAIN}"
paths: paths: *paths
- path: /
pathType: Prefix
tls: tls:
- hosts: - hosts:
- *host - *host
@@ -70,32 +89,70 @@ spec:
volumeSpec: volumeSpec:
configMap: configMap:
name: *app name: *app
django-js-reverse:
enabled: true
type: emptyDir
mountPath: /opt/recipes/cookbook/static/django_js_reverse
static: static:
enabled: true enabled: true
mountPath: /opt/recipes/staticfiles mountPath: /opt/recipes/staticfiles
type: emptyDir type: emptyDir
cache:
enabled: true
mountPath: /mnt/cache
type: emptyDir
podSecurityContext: podSecurityContext:
runAsUser: 0 runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
podAnnotations: podAnnotations:
configMap.reloader.stakater.com/reload: *app configMap.reloader.stakater.com/reload: *app
secret.reloader.stakater.com/reload: *app secret.reloader.stakater.com/reload: *app
securityContext:
runAsUser: 65534
resources: resources:
requests: requests:
cpu: 100m cpu: 100m
memory: 256Mi memory: 256Mi
limits: limits:
memory: 512Mi memory: 512Mi
initContainers:
init-migrate:
image: vabene1111/recipes:1.4.8
env:
- name: DB_ENGINE
value: django.db.backends.postgresql_psycopg2
- name: POSTGRES_HOST
value: ${POSTGRES_HOST}
- name: POSTGRES_PORT
value: ${POSTGRES_PORT}
- name: POSTGRES_DB
value: tandoor
envFrom:
- secretRef:
name: tandoor-secret
command:
- sh
- -c
- |
set -e
source /opt/recipes/venv/bin/activate
echo "Updating database"
python3 /opt/recipes/manage.py migrate
python3 /opt/recipes/manage.py collectstatic_js_reverse
python3 /opt/recipes/manage.py collectstatic --noinput
volumeMounts:
- name: django-js-reverse
mountPath: /opt/recipes/cookbook/static/django_js_reverse
- name: static
mountPath: /opt/recipes/staticfiles
additionalContainers: additionalContainers:
nginx: nginx:
name: nginx name: nginx
image: nginx:1.23.4 image: nginxinc/nginx-unprivileged:1.22.1-alpine
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- name: http - name: nginx
containerPort: 80 containerPort: *port2
protocol: TCP
volumeMounts: volumeMounts:
- name: nginx-config - name: nginx-config
readOnly: true readOnly: true
@@ -105,3 +162,5 @@ spec:
mountPath: /media mountPath: /media
- name: static - name: static
mountPath: /static mountPath: /static
- name: cache
mountPath: /var/cache/nginx

4
kubernetes/apps/default/tandoor/app/patches/env.yaml
View File

@@ -13,10 +13,10 @@ spec:
DB_ENGINE: django.db.backends.postgresql_psycopg2 DB_ENGINE: django.db.backends.postgresql_psycopg2
POSTGRES_HOST: ${POSTGRES_HOST} POSTGRES_HOST: ${POSTGRES_HOST}
POSTGRES_PORT: ${POSTGRES_PORT} POSTGRES_PORT: ${POSTGRES_PORT}
POSTGRES_DB: recipes POSTGRES_DB: tandoor
GUNICORN_MEDIA: "0" GUNICORN_MEDIA: "0"
TIMEZONE: ${TIMEZONE} TIMEZONE: ${TIMEZONE}
TANDOOR_PORT: 8080 TANDOOR_PORT: 8888
FRACTION_PREF_DEFAULT: "0" FRACTION_PREF_DEFAULT: "0"
COMMENT_PREF_DEFAULT: "1" COMMENT_PREF_DEFAULT: "1"
SHOPPING_MIN_AUTOSYNC_INTERVAL: "5" SHOPPING_MIN_AUTOSYNC_INTERVAL: "5"

6
kubernetes/apps/default/tandoor/app/patches/postgres.yaml
View File

@@ -14,7 +14,7 @@ spec:
- name: POSTGRES_HOST - name: POSTGRES_HOST
value: ${POSTGRES_HOST} value: ${POSTGRES_HOST}
- name: POSTGRES_DB - name: POSTGRES_DB
value: recipes value: tandoor
- name: POSTGRES_SUPER_PASS - name: POSTGRES_SUPER_PASS
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@@ -23,10 +23,10 @@ spec:
- name: POSTGRES_USER - name: POSTGRES_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: tandoor name: tandoor-secret
key: POSTGRES_USER key: POSTGRES_USER
- name: POSTGRES_PASS - name: POSTGRES_PASS
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: tandoor name: tandoor-secret
key: POSTGRES_PASSWORD key: POSTGRES_PASSWORD

22
kubernetes/apps/default/tandoor/app/secret.sops.yaml
View File

@@ -2,13 +2,13 @@
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: tandoor name: tandoor-secret
namespace: default namespace: default
type: Opaque type: Opaque
stringData: stringData:
SECRET_KEY: ENC[AES256_GCM,data:Em/RAzEFrQ0vSHrTUAe2CfWii49IVRZkZQt9czp41j0=,iv:cF+q2+E9gtF5LKP974Y5o/MOrdxcvfe8VXUqHhP46Mc=,tag:RlY7ciWvKsZl5S/ljUc9GA==,type:str] SECRET_KEY: ENC[AES256_GCM,data:Q6F1yVx9o5l+NGOYDe+m6DH/v1MxJQCSKT89IVwjqYI=,iv:KAkiYOyzD+i4ybTb19cIUaZlLq9/Hkda9c9ksf+FQrg=,tag:5nEYJe8JnrwScW2a8+dekw==,type:str]
POSTGRES_USER: ENC[AES256_GCM,data:2l2CmdToJg==,iv:lP3yvRedxN3L8sheO71sI5BNOBIEAnQ+QoAm5j4pyyc=,tag:b0yimiebuxKE/PIjhpWr6g==,type:str] POSTGRES_USER: ENC[AES256_GCM,data:FYYcjxl00w==,iv:Qhyu+2pCDrLynJVKb88olLiG1S9mmSVJgdsWuBu2iPQ=,tag:XngsCKqqnv/eZUN715cY5A==,type:str]
POSTGRES_PASSWORD: ENC[AES256_GCM,data:eGkJzNO6i0vARiw3XXK87g==,iv:iVwOOiTuwI3aK+zdDIZotgLCvbyvYC7sl8vuhyMSyUg=,tag:Vix0RHru20p0fj0a5LH9Sw==,type:str] POSTGRES_PASSWORD: ENC[AES256_GCM,data:7nRBJj4SN//W6kcD4RwDOw==,iv:uTlW+I/H72vTlUIH7m9AVqRKSA+XMAQoJLGcu5cFFFM=,tag:tkeMqZVP8NHgyH4aOWSlFw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@@ -18,14 +18,14 @@ sops:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4TWU5YTlFY3FPQWhnZ2I2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TlpyT0RXNHdBVHBKVkJo
akxnZ2xIRVNFZTdOWmg0dFhxTUNoZEFIM1cwCit5WnduNlQ1MkF2aytCVldMeVlC dGhPZDgvTHlOVHJ5d3JDeEZhd2NmQUxVdURrCkZKTWVPK2Y0L3NWVDJCbHRUYVQ2
Yk5QNWRQRllOT3ZTL3VGcjJNK1VqeUkKLS0tIFMyWHNFd29nc2tMektxclJkK0pT MGVuRXdSMHZzSFFpOHFNa2laNEF5T1EKLS0tIGcvVDBRWTJPeVJzVTg2ZzNRdTFJ
Ny9OQ0l4ZXMrdW40NmRsbzgvZ0w5V3cKqTGvN5zk2TPgtxoVfwI7Wsz4N+lC9+Kq VjJ5ZzIyNE9OMGVVcFBiOWRjazFGYkUK8wW2HI/BuiFMAyOV/BABZkE+L6qLVAuE
DCXTgTU/QXm9dvo4ErPPzeWFqdk4JchExhvSJV2JfM32O+3z+EGhNg== LM+b1l2q79np70ostH7Jmox9KP4QsMLYxDhjse/ygS5e8oQRbb1oTg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-09-17T09:12:23Z" lastmodified: "2023-04-11T21:32:22Z"
mac: ENC[AES256_GCM,data:aftbkgTFye4mvKE2cT8ygQ76Ybx8Lt5dd9moHJgdMqRzQZBeOctMlaMD2Jm7EY0psuAUkGz4+OS5pv7HJ2/1/rVYNqMsLSpoIYs236te0F58BS1yjHHi1YPNsfhdskPBs6e7xONQTrwQ9Swp/jynosNvuchDCBufxDVk5WG8auo=,iv:JjmbM44EKp6Suw/B2VLLcBZmsfxNuA6OZPaUoWQDvVo=,tag:X1Cuo0XvgmyOWiOQxIZiKg==,type:str] mac: ENC[AES256_GCM,data:y+O9Ry6ybIm1hmfZspcyiJPzjGDa89e2Qa+oMj+qsye6T6Y3k0JRn/POGkrxHCsw05exKMa3+8ldQQgHewdiiv1TOJ3Xwap377AtYlId+hBfwyfPG1VtnBNu4pHDe919f6q7DNRJbaQscmZgFuZYRMyIeI+rBNT7slGuvAWwAjc=,iv:4DFc9cJ9BaDwv/E3ZVBFwf82879ePff6BoOryRBn0Oo=,tag:n870pnOy32XnELnZzyukvQ==,type:str]
pgp: [] pgp: []
encrypted_regex: ^(data|stringData)$ encrypted_regex: ^(data|stringData)$
version: 3.7.3 version: 3.7.3