shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

♻️ tandoor

Browse Source
This commit is contained in:
auricom
2023-04-11 00:37:14 +02:00
parent 67e6406b13
commit 82d02d97e1
7 changed files with 96 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kubernetes/apps/default/cloudnative-pg/cluster/backups/external-backup.yaml
View File

@@ -20,7 +20,7 @@ spec:
- name: POSTGRES_HOST
value: ${POSTGRES_HOST}
- name: POSTGRES_DB
value: "authelia,drone,freshrss,gitea,invidious,joplin,lychee,paperless,recipes,semaphore,sharry,outline,vaultwarden,vikunja,wallabag"
value: "authelia,drone,freshrss,gitea,invidious,joplin,lychee,paperless,semaphore,sharry,tandoor,outline,vaultwarden,vikunja,wallabag"
- name: POSTGRES_USER
valueFrom:
secretKeyRef:

6
kubernetes/apps/default/tandoor/app/backups/replicationsource.yaml
View File

@@ -17,9 +17,9 @@ spec:
volumeSnapshotClassName: csi-ceph-blockpool
storageClassName: rook-ceph-block
moverSecurityContext:
runAsUser: 70
runAsGroup: 70
fsGroup: 70
runAsUser: 568
runAsGroup: 568
fsGroup: 568
retain:
daily: 10
within: 3d

9
kubernetes/apps/default/tandoor/app/config/nginx-config
View File

@@ -1,10 +1,11 @@
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
server {
listen 80;
listen 8080;
server_name _;
client_max_body_size 128M;
# serve media files
@@ -15,11 +16,5 @@ http {
location /static/ {
alias /static/;
}
# pass requests for dynamic content to gunicorn
location / {
proxy_set_header Host $host;
proxy_set_header REMOTE-USER $http_x_authentik_username;
proxy_pass http://localhost:8080;
}
}
}

89
kubernetes/apps/default/tandoor/app/helmrelease.yaml
View File

@@ -27,17 +27,33 @@ spec:
uninstall:
keepHistory: false
values:
controller:
annotations:
reloader.stakater.com/auto: "true"
image:
repository: vabene1111/recipes
tag: "1.4.8"
tag: 1.4.8
envFrom:
- secretRef:
name: *app
name: tandoor-secret
command:
- /opt/recipes/venv/bin/gunicorn
- -b
- :8888
- --access-logfile
- "-"
- --error-logfile
- "-"
- --log-level
- INFO
- recipes.wsgi
service:
main:
ports:
http:
port: 80
port: &port 8888
nginx:
port: &port2 8080
ingress:
main:
enabled: true
@@ -46,13 +62,16 @@ spec:
hajimari.io/icon: mdi:chef-hat
hosts:
- host: &host "{{ .Release.Name }}.${SECRET_CLUSTER_DOMAIN}"
paths:
paths: &paths
- path: /
pathType: Prefix
- path: /media
service:
port: *port2
- path: /static
service:
port: *port2
- host: &host2 "recipes.${SECRET_CLUSTER_DOMAIN}"
paths:
- path: /
pathType: Prefix
paths: *paths
tls:
- hosts:
- *host
@@ -70,32 +89,70 @@ spec:
volumeSpec:
configMap:
name: *app
django-js-reverse:
enabled: true
type: emptyDir
mountPath: /opt/recipes/cookbook/static/django_js_reverse
static:
enabled: true
mountPath: /opt/recipes/staticfiles
type: emptyDir
cache:
enabled: true
mountPath: /mnt/cache
type: emptyDir
podSecurityContext:
runAsUser: 0
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: "OnRootMismatch"
podAnnotations:
configMap.reloader.stakater.com/reload: *app
secret.reloader.stakater.com/reload: *app
securityContext:
runAsUser: 65534
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
memory: 512Mi
initContainers:
init-migrate:
image: vabene1111/recipes:1.4.8
env:
- name: DB_ENGINE
value: django.db.backends.postgresql_psycopg2
- name: POSTGRES_HOST
value: ${POSTGRES_HOST}
- name: POSTGRES_PORT
value: ${POSTGRES_PORT}
- name: POSTGRES_DB
value: tandoor
envFrom:
- secretRef:
name: tandoor-secret
command:
- sh
- -c
- |
set -e
source /opt/recipes/venv/bin/activate
echo "Updating database"
python3 /opt/recipes/manage.py migrate
python3 /opt/recipes/manage.py collectstatic_js_reverse
python3 /opt/recipes/manage.py collectstatic --noinput
volumeMounts:
- name: django-js-reverse
mountPath: /opt/recipes/cookbook/static/django_js_reverse
- name: static
mountPath: /opt/recipes/staticfiles
additionalContainers:
nginx:
name: nginx
image: nginx:1.23.4
image: nginxinc/nginx-unprivileged:1.22.1-alpine
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 80
protocol: TCP
- name: nginx
containerPort: *port2
volumeMounts:
- name: nginx-config
readOnly: true
@@ -105,3 +162,5 @@ spec:
mountPath: /media
- name: static
mountPath: /static
- name: cache
mountPath: /var/cache/nginx

4
kubernetes/apps/default/tandoor/app/patches/env.yaml
View File

@@ -13,10 +13,10 @@ spec:
DB_ENGINE: django.db.backends.postgresql_psycopg2
POSTGRES_HOST: ${POSTGRES_HOST}
POSTGRES_PORT: ${POSTGRES_PORT}
POSTGRES_DB: recipes
POSTGRES_DB: tandoor
GUNICORN_MEDIA: "0"
TIMEZONE: ${TIMEZONE}
TANDOOR_PORT: 8080
TANDOOR_PORT: 8888
FRACTION_PREF_DEFAULT: "0"
COMMENT_PREF_DEFAULT: "1"
SHOPPING_MIN_AUTOSYNC_INTERVAL: "5"

6
kubernetes/apps/default/tandoor/app/patches/postgres.yaml
View File

@@ -14,7 +14,7 @@ spec:
- name: POSTGRES_HOST
value: ${POSTGRES_HOST}
- name: POSTGRES_DB
value: recipes
value: tandoor
- name: POSTGRES_SUPER_PASS
valueFrom:
secretKeyRef:
@@ -23,10 +23,10 @@ spec:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: tandoor
name: tandoor-secret
key: POSTGRES_USER
- name: POSTGRES_PASS
valueFrom:
secretKeyRef:
name: tandoor
name: tandoor-secret
key: POSTGRES_PASSWORD

22
kubernetes/apps/default/tandoor/app/secret.sops.yaml
View File

@@ -2,13 +2,13 @@
apiVersion: v1
kind: Secret
metadata:
name: tandoor
name: tandoor-secret
namespace: default
type: Opaque
stringData:
SECRET_KEY: ENC[AES256_GCM,data:Em/RAzEFrQ0vSHrTUAe2CfWii49IVRZkZQt9czp41j0=,iv:cF+q2+E9gtF5LKP974Y5o/MOrdxcvfe8VXUqHhP46Mc=,tag:RlY7ciWvKsZl5S/ljUc9GA==,type:str]
POSTGRES_USER: ENC[AES256_GCM,data:2l2CmdToJg==,iv:lP3yvRedxN3L8sheO71sI5BNOBIEAnQ+QoAm5j4pyyc=,tag:b0yimiebuxKE/PIjhpWr6g==,type:str]
POSTGRES_PASSWORD: ENC[AES256_GCM,data:eGkJzNO6i0vARiw3XXK87g==,iv:iVwOOiTuwI3aK+zdDIZotgLCvbyvYC7sl8vuhyMSyUg=,tag:Vix0RHru20p0fj0a5LH9Sw==,type:str]
SECRET_KEY: ENC[AES256_GCM,data:Q6F1yVx9o5l+NGOYDe+m6DH/v1MxJQCSKT89IVwjqYI=,iv:KAkiYOyzD+i4ybTb19cIUaZlLq9/Hkda9c9ksf+FQrg=,tag:5nEYJe8JnrwScW2a8+dekw==,type:str]
POSTGRES_USER: ENC[AES256_GCM,data:FYYcjxl00w==,iv:Qhyu+2pCDrLynJVKb88olLiG1S9mmSVJgdsWuBu2iPQ=,tag:XngsCKqqnv/eZUN715cY5A==,type:str]
POSTGRES_PASSWORD: ENC[AES256_GCM,data:7nRBJj4SN//W6kcD4RwDOw==,iv:uTlW+I/H72vTlUIH7m9AVqRKSA+XMAQoJLGcu5cFFFM=,tag:tkeMqZVP8NHgyH4aOWSlFw==,type:str]
sops:
kms: []
gcp_kms: []
@@ -18,14 +18,14 @@ sops:
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4TWU5YTlFY3FPQWhnZ2I2
akxnZ2xIRVNFZTdOWmg0dFhxTUNoZEFIM1cwCit5WnduNlQ1MkF2aytCVldMeVlC
Yk5QNWRQRllOT3ZTL3VGcjJNK1VqeUkKLS0tIFMyWHNFd29nc2tMektxclJkK0pT
Ny9OQ0l4ZXMrdW40NmRsbzgvZ0w5V3cKqTGvN5zk2TPgtxoVfwI7Wsz4N+lC9+Kq
DCXTgTU/QXm9dvo4ErPPzeWFqdk4JchExhvSJV2JfM32O+3z+EGhNg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TlpyT0RXNHdBVHBKVkJo
dGhPZDgvTHlOVHJ5d3JDeEZhd2NmQUxVdURrCkZKTWVPK2Y0L3NWVDJCbHRUYVQ2
MGVuRXdSMHZzSFFpOHFNa2laNEF5T1EKLS0tIGcvVDBRWTJPeVJzVTg2ZzNRdTFJ
VjJ5ZzIyNE9OMGVVcFBiOWRjazFGYkUK8wW2HI/BuiFMAyOV/BABZkE+L6qLVAuE
LM+b1l2q79np70ostH7Jmox9KP4QsMLYxDhjse/ygS5e8oQRbb1oTg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-09-17T09:12:23Z"
mac: ENC[AES256_GCM,data:aftbkgTFye4mvKE2cT8ygQ76Ybx8Lt5dd9moHJgdMqRzQZBeOctMlaMD2Jm7EY0psuAUkGz4+OS5pv7HJ2/1/rVYNqMsLSpoIYs236te0F58BS1yjHHi1YPNsfhdskPBs6e7xONQTrwQ9Swp/jynosNvuchDCBufxDVk5WG8auo=,iv:JjmbM44EKp6Suw/B2VLLcBZmsfxNuA6OZPaUoWQDvVo=,tag:X1Cuo0XvgmyOWiOQxIZiKg==,type:str]
lastmodified: "2023-04-11T21:32:22Z"
mac: ENC[AES256_GCM,data:y+O9Ry6ybIm1hmfZspcyiJPzjGDa89e2Qa+oMj+qsye6T6Y3k0JRn/POGkrxHCsw05exKMa3+8ldQQgHewdiiv1TOJ3Xwap377AtYlId+hBfwyfPG1VtnBNu4pHDe919f6q7DNRJbaQscmZgFuZYRMyIeI+rBNT7slGuvAWwAjc=,iv:4DFc9cJ9BaDwv/E3ZVBFwf82879ePff6BoOryRBn0Oo=,tag:n870pnOy32XnELnZzyukvQ==,type:str]
pgp: []
encrypted_regex: ^(data|stringData)$
version: 3.7.3