initial setup

2024-02-03 14:39:45 +01:00
parent 742b883256
commit 981f86f1c7
67 changed files with 274 additions and 2607 deletions
--- a/deployment/kustomization.yaml
+++ b/deployment/kustomization.yaml
@@ -0,0 +1,31 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+  - pvc.yaml
+  - nginx.configmap.yaml
+  - nginx.deployment.yaml
+  - nginx.service.yaml
+  - nginx-auth.sealedsecret.yaml
+  # - nginx.ingress.yaml
+  - quartz-build.cronjob.yaml
+  - s3-credentials.sealedsecret.yaml
+
+namespace: eth-physics
+
+
+images:
+  - name: node
+    newName: node
+    newTag: 20-slim
+
+  - name: git
+    newName: alpine/git
+    newTag: latest
+
+  - name: s3
+    newName: public.ecr.aws/aws-cli/aws-cli
+    newTag: latest
+
+
--- a/deployment/namespace.yaml
+++ b/deployment/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: placeholder
--- a/deployment/nginx-auth.sealedsecret.yaml
+++ b/deployment/nginx-auth.sealedsecret.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: nginx-auth
+  namespace: eth-physics
+spec:
+  encryptedData:
+    password: AgC97t4d1KE6AABv+aL90uB3x8juIpLaVEOwXLSaHn/tPddN5pnHDi5TE/X6/yL8jeAmqCU6sL2kmaiNYU0Fa1kX6G6lvjNCq7ohwqPAuabk3Dw7W/w3iRlBVeGrqRqoUK6FjZllu6WB03Rn3kmNrYfM5NOHyRAKi2gYjnaKy5ITmK8uYvg2vpK8+M8FPaPU55s6ls7TcqdlmDuFhTMx1a4ODCJfp/iSShGiSS96pP/CHsvuv5aDQLFD/YdPHzzZdkkoq4K1UbYFB/HRSi2db2RjOznoYGhQJdL+BgXAU1zJWCFlBrRxzDnb/YH93WcS33rGisQP7rjXK56xntG0QBEB2GW4owxSotKQ+/QbVjuEnvoodrXefVEx7CCiRudchbZ34Wh7UWTd4cdwckQWKVMEtbEFmCBYa5UmWnJ2xCRiSACCFnsDjE+5zClQT7+JsQVpGEOdegOTWbXl1lO2e/Jkj2H9GHsk+2QAzxOCZ97+nW+vLB0jMq0x0TIOI2ncOKyubnUdqIXyCn5/K3a7nLL4lAmLTNmeyDEiIUROCaUF4px9TGaa+9klhJkwc+13fCyeIqdj3Ms9dPYSKRwF2EhwJr9TvndHSIADRVwkaRfb+RsGZ7tryl90WHIYSz3Y7xQGjMmI78oF6172OQ4G8+mRGacwfcqmTnKeVH9JIa3ycpJibWd9AX1a8n5k/0tZrzLKav25
+    username: AgBggU2NBRwe0CpQHEjF3k4EGio70ryemVClaQjqs9aEIWJQqcSxEuSpV8zac8qrONR+YT3344heZf6iU8cmTFMec/Oif5WthHpQvPBIF4600rQEzAaGh/hDF2BZQKu3e9KHLxE9lSVOHWFtFrLkGa6dpK5EYB29VZ8kyYIdOg8UGCXtq8T6BcbhaBIh1H13kKk7sxXW6iPsIEkLiYxAvqsBMRwvg1BCRgSihXLkTpgOCDgrbP2t90wrlWn4N6xtWFkQgkSfw22CHNzBQhTOY5VYYimFvhOF4AHMRqV9pNgt3rMFzN9l3wjJnv3welQ9vFAbkr2nVlaGg+WlDJnD3GZuRL02YX3wiVg90mG33gAKv2wUidLarYSMztzvCpYX98Vr8sQ8axPgxTOE1jrjKSNrXTyfBxAIowV9P0GBHm+tucvMIvi5LKm8mGMz3OQ/EtP//FEMDuFLXVq64jpR4B9nab4BXRiZ2y0olUEcY4eIKs6Mu+KyEXaV7v8Hm2knv7Pkllygj8XUlIKgT7f4t5VXwUh0/dvYG2kjbBZEzpIU8ERMSY6cSEI1x7d2Cm0ATKmG3tvoyngGLgZj4ZJl+OA7BosHk6zzlQQ/9Ai3ovpU390KkfjTY6zQeisUYEK0zunRJxy43l5Pdwf7tMfwXblunTLmctgX8dKS48aMmCzcws1WwcgoUfJbqcczNEZrgC6UfTbM707Z
+  template:
+    metadata:
+      creationTimestamp: null
+      name: nginx-auth
+      namespace: eth-physics
+    type: kubernetes.io/basic-auth
--- a/deployment/nginx.configmap.yaml
+++ b/deployment/nginx.configmap.yaml
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nginx-config
+data:
+  nginx.conf: |
+    events {
+        worker_connections 1024;
+    }
+
+    http {
+        include mime.types;
+        sendfile on;
+
+        server {
+            listen       80;
+            listen  [::]:80;
+            server_name  localhost;
+
+            #access_log  /var/log/nginx/host.access.log  main;
+
+            location / {
+                try_files $uri $uri.html $uri/ =404;
+                root   /usr/share/nginx/html;
+                index  index.html index.htm;
+            }
+        }
+    }
--- a/deployment/nginx.deployment.yaml
+++ b/deployment/nginx.deployment.yaml
@@ -0,0 +1,35 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: quartz-physics
+spec:
+  selector:
+    matchLabels:
+      app: quartz-physics
+  template:
+    metadata:
+      labels:
+        app: quartz-physics
+    spec:
+      containers:
+      - name: quartz-physics
+        image: nginx
+        resources:
+          limits:
+            memory: "128Mi"
+            cpu: "500m"
+        ports:
+        - containerPort: 80
+        volumeMounts:
+        - mountPath: /usr/share/nginx/html
+          name: quartz-physics
+        - mountPath: /etc/nginx/nginx.conf
+          subPath: nginx.conf
+          name: nginx
+      volumes:
+      - name: quartz-physics
+        persistentVolumeClaim:
+          claimName: quartz-nfs
+      - name: nginx
+        configMap:
+          name: nginx-config
--- a/deployment/nginx.ingress.yaml
+++ b/deployment/nginx.ingress.yaml
@@ -0,0 +1,26 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: quartz-physics-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`physics.kluster.moll.re`)
+      middlewares:
+        - name: quartz-physics-auth
+      kind: Rule
+      services:
+        - name: quartz-physics-web
+          port: 80
+  tls:
+    certResolver: default-tls
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: quartz-physics-auth
+spec:
+  basicAuth:
+    secret: nginx-auth
--- a/deployment/nginx.service.yaml
+++ b/deployment/nginx.service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: quartz-physics-web
+spec:
+  selector:
+    app: quartz-physics
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
--- a/deployment/pvc.yaml
+++ b/deployment/pvc.yaml
@@ -0,0 +1,23 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: quartz-nfs
+spec:
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Gi
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: vault-nfs
+spec:
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Gi
--- a/deployment/quartz-build.cronjob.yaml
+++ b/deployment/quartz-build.cronjob.yaml
@@ -0,0 +1,76 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: quartz-build
+spec:
+  schedule: "0 */12 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          initContainers:
+          - name: s3-sync
+            image: s3
+            env:
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: s3-credentials
+                  key: S3_ACCESS_KEY_ID
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: s3-credentials
+                  key: S3_SECRET_ACCESS_KEY
+            - name: S3_BUCKET
+              value: obsidian-eth
+            - name: S3_REGION
+              value: us-west-1
+            command: ["/bin/sh", "-c"]
+            args: ["aws --endpoint-url https://s3.kluster.moll.re s3 sync s3://$S3_BUCKET /config"]
+
+            volumeMounts:
+              - name: vault
+                mountPath: /vault
+          
+          - name: git-clone
+            image: git
+            env:
+            - name: GIT_URL
+              value: https://git.kluster.moll.re/remoll/eth-physics.git
+            volumeMounts:
+              - name: config
+                mountPath: /config
+            command: ["/bin/sh", "-c"]
+            args: ["git clone $GIT_URL /config"]
+            
+            
+          containers:
+          - name: quartz-build
+            image: node
+            command: ["/bin/sh", "-c"]
+            args:
+              - cd /config &&
+              - ln -s /vault content
+              - npm ci &&
+              - npx quartz build &&
+              - rm -rfv /dist/* &&
+              - cp --verbose -r public/* /dist
+
+            volumeMounts:
+            - name: vault
+              mountPath: /vault
+            - name: dist
+              mountPath: /dist
+
+          restartPolicy: Never
+
+          volumes:
+          - name: vault
+            persistentVolumeClaim:
+              claimName: vault-nfs
+          - name: dist
+            persistentVolumeClaim:
+              claimName: quartz-nfs
+          - name: config
+            emptyDir: {}
--- a/deployment/s3-credentials.sealedsecret.yaml
+++ b/deployment/s3-credentials.sealedsecret.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: s3-credentials
+  namespace: eth-physics
+spec:
+  encryptedData:
+    S3_ACCESS_KEY_ID: AgBy5YcEJeZOdV9Qv0osG2JGIR2m0KwPC1PKxIDFhKW3u7yn2fPc3dpRWGDw/MYs9N1RIjAC96eRE4e28ZIr8wg774bvzvTNWDFI26JkhkODL/CayiiT+9LlD3liesWXaSAMkdRMY9NQByAAgXMawyAXAEC8NIUX/edLZDN8XFPso17K0/Yia9XlY0uGO9vrtKENjJmNVtb+pE5UOyIpCKfSU47VBiRZfj5AZvBD3y2CEGz0V5HVQstZlusnFjTf8BzkBHXJ9XfUfbN4yy6XLHlyOUpIT5kR9xBLDmktA11L6efp/7TGBccEk8qC7q62RUMbVh/nYdzNVvOalLQFLwwdfdSEBSc07VuEzGlCHu/qHERH8JpPJsXBQKjskINqJY9OFd7zKSfm+J6IRHGEfeLIoxsVg/G/i7XP0jmrBhD3SfNOeRPvqH2bpYsp3ti990nrANBqliPZyo98iPvGYbJNmmbLciPLLQEpW9QjhuBm5ET4h0WFqLlGugTByookQc0vlYosob/pWjAIaKdmwiYyPG0hDhuzmOK/4n3KL0tzn/m249ve2w49R9W7e6Z906g9OFVTZzoh7ucxkC76YsrM1VgRiu+Aww62hpdI1NtvYeUC2/D6P/4l91hJ8zZeR3gYBQInUsjmDS0tMSwnHS8KMTL4Iq1nr3TMGIUqYkRC+d06d0n/N/bftG+YmrVttnOiF6eYhShPU53vjiYPsbmzXRnD9A==
+    S3_SECRET_ACCESS_KEY: AgC7P8nXdQq8a3vlWNTx5Eym5BAKLM2qHQ5V8FY4hjQ6qLdGOmefQkRWXwEfokr06yrDnOCQ7zE/gJDFCrnDKCYTUMMCKzyE8zYoPACD9u9y0eKJlH8BsYMnZF4TZ77ezatY3dyVE4Scw1ecI3WmBah5KUVQw+go7Q4WD8tV+M5+T/+i92pi5lrhV2VtoMmxvxapCL/S+5/6f/B8dyWMxsBOfW3iYSNsEs+XG6UCgQr11r2DYUcY9deIUq+fTL4ttBZNUeoeUBRyLevKsG1+g7F+ByWKOuJaEUd++X1lFu+PccMfjPoYpbxJnt6/+vIq/n2SH7Skh5XyvdXRLzw+NvPBeL7kiSy4HVzTXBIloopDuu6Ofrco7XdtH8Uabv8XjFs1oiN3pTK1ysy48R7fg4GO0dsFPLYAvfmiI6bLa7k4dDVYbgG94ua8Y8Md5WuMT5UKOULqkFn06bylzcw6hRbYGmob2XCYl3pzFf5F8LYmta23fPWyx9Ph3Vo9qpTlmf001BSuPiGlrt9EiBEn7tiQXk4mfhsphaqZ8qc7C2EFGECceB32uy2+a+eyJCYfS8gaOMO9cUqzlxA0A1o3bBUMaApEdaOxcvvFT1KPfa+U5mZORX0gjkTq4MvBJs5kGvwsdjztAGKCd/uWdmfOsvYL7q3RdzIQvkyVWAsWm2RIvTSi3Tw4hjqo1FMp63F7DOdy1ahzF/l1Rbl+s0hHN0SX92xBNcBzg9CqdmmnoZp7Zw8rxjPdWX13
+  template:
+    metadata:
+      creationTimestamp: null
+      name: s3-credentials
+      namespace: eth-physics
+    type: Opaque