add recipes

2024-02-10 10:45:53 +01:00 · 2024-02-10 10:45:53 +01:00 · bad024861a
commit bad024861a
parent fe5d6a9014
10 changed files with 300 additions and 0 deletions
--- a/apps/recipes/configmap.yaml
+++ b/apps/recipes/configmap.yaml
@ -0,0 +1,29 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  labels:
+    app: recipes
+  name: recipes-nginx-config
+data:
+  nginx-config: |-
+    events {
+      worker_connections 1024;
+    }
+    http {
+      include mime.types;
+      server {
+        listen 80;
+        server_name _;
+
+        client_max_body_size 16M;
+
+        # serve static files
+        location /static/ {
+          alias /static/;
+        }
+        # serve media files
+        location /media/ {
+          alias /media/;
+        }
+      }
+    }
--- a/apps/recipes/deployment.yaml
+++ b/apps/recipes/deployment.yaml
@ -0,0 +1,161 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: recipes
+  labels:
+    app: recipes
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: recipes
+  template:
+    metadata:
+      labels:
+        app: recipes
+    spec:
+      restartPolicy: Always
+      serviceAccount: recipes
+      serviceAccountName: recipes
+      initContainers:
+      - name: init-chmod-data
+        env:
+          - name: SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: recipes
+                key: secret-key
+          - name: DB_ENGINE
+            value: django.db.backends.sqlite
+        image: recipes
+        imagePullPolicy: Always
+        resources:
+          requests:
+            cpu: 250m
+            memory: 64Mi
+        command:
+        - sh
+        - -c
+        - |
+          set -e
+          source venv/bin/activate
+          echo "Updating database"
+          python manage.py migrate
+          python manage.py collectstatic_js_reverse
+          python manage.py collectstatic --noinput
+          echo "Setting media file attributes"
+          chown -R 65534:65534 /opt/recipes/mediafiles
+          find /opt/recipes/mediafiles -type d | xargs -r chmod 755
+          find /opt/recipes/mediafiles -type f | xargs -r chmod 644
+          echo "Done"
+        securityContext:
+          runAsUser: 0
+        volumeMounts:
+        - mountPath: /opt/recipes/mediafiles
+          name: media
+          # mount as subPath due to lost+found on ext4 pvc
+          subPath: files
+        - mountPath: /opt/recipes/staticfiles
+          name: static
+          # mount as subPath due to lost+found on ext4 pvc
+          subPath: files
+      containers:
+      - name: recipes-nginx
+        image: nginx:latest
+        imagePullPolicy: IfNotPresent
+        ports:
+          - containerPort: 80
+            protocol: TCP
+            name: http
+          - containerPort: 8080
+            protocol: TCP
+            name: gunicorn
+        resources:
+          requests:
+            cpu: 250m
+            memory: 64Mi
+        volumeMounts:
+          - mountPath: /media
+            name: media
+            # mount as subPath due to lost+found on ext4 pvc
+            subPath: files
+          - mountPath: /static
+            name: static
+            # mount as subPath due to lost+found on ext4 pvc
+            subPath: files
+          - name: nginx-config
+            mountPath: /etc/nginx/nginx.conf
+            subPath: nginx-config
+            readOnly: true
+      - name: recipes
+        image: recipes
+        imagePullPolicy: IfNotPresent
+        command:
+          - /opt/recipes/venv/bin/gunicorn
+          - -b
+          - :8080
+          - --access-logfile
+          - "-"
+          - --error-logfile
+          - "-"
+          - --log-level
+          - INFO
+          - recipes.wsgi
+        livenessProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /
+            port: 8080
+            scheme: HTTP
+          periodSeconds: 30
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 8080
+            scheme: HTTP
+          periodSeconds: 30
+        resources:
+          requests:
+            cpu: 250m
+            memory: 64Mi
+        volumeMounts:
+          - mountPath: /opt/recipes/mediafiles
+            name: media
+            # mount as subPath due to lost+found on ext4 pvc
+            subPath: files
+          - mountPath: /opt/recipes/staticfiles
+            name: static
+            # mount as subPath due to lost+found on ext4 pvc
+            subPath: files
+        env:
+          - name: DEBUG
+            value: "0"
+          - name: ALLOWED_HOSTS
+            value: '*'
+          - name: SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: recipes
+                key: secret-key
+          - name: GUNICORN_MEDIA
+            value: "0"
+          - name: DB_ENGINE
+            value: django.db.backends.sqlite
+            valueFrom:
+              secretKeyRef:
+                name: recipes
+                key: postgresql-postgres-password
+        securityContext:
+          runAsUser: 65534
+      volumes:
+        - name: media
+          persistentVolumeClaim:
+            claimName: recipes-media
+        - name: static
+          persistentVolumeClaim:
+            claimName: recipes-static
+        - name: nginx-config
+          configMap:
+            name: recipes-nginx-config
--- a/apps/recipes/ingress.yaml
+++ b/apps/recipes/ingress.yaml
@ -0,0 +1,26 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: recipes-ingressroute
+
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`recipes.kluster.moll.re`) && PathPrefix(`/`)
+    kind: Rule
+    services:
+    - name: recipes
+      port: 8080
+  - match: Host(`recipes.kluster.moll.re`) && PathPrefix(`/media`)
+    kind: Rule
+    services:
+    - name: recipes
+      port: 80
+  - match: Host(`recipes.kluster.moll.re`) && PathPrefix(`/static`)
+    kind: Rule
+    services:
+    - name: recipes
+      port: 80
+  tls:
+    certResolver: default-tls 
--- a/apps/recipes/kustomization.yaml
+++ b/apps/recipes/kustomization.yaml
@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources: 
+  - namespace.yaml
+  - ingress.yaml
+  - pvc.yaml
+  - recipes.sealedsecret.yaml
+
+namespace: recipes
+
+images:
+  - name: recipes
+    newName: vabene1111/recipes
+    newTag: "1.5"
--- a/apps/recipes/namespace.yaml
+++ b/apps/recipes/namespace.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: placeholder
--- a/apps/recipes/pvc.yaml
+++ b/apps/recipes/pvc.yaml
@ -0,0 +1,27 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: recipes-media
+  labels:
+    app: recipes
+spec:
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: recipes-static
+  labels:
+    app: recipes
+spec:
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
--- a/apps/recipes/recipes.sealedsecret.yaml
+++ b/apps/recipes/recipes.sealedsecret.yaml
@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: recipes
+  namespace: recipes
+spec:
+  encryptedData:
+    secret-key: AgBMrLhWyGEgrX7LTZT+XHKtA2IrAVDoUApe0SLyhKBNu0Vidzjzyw8hRubw4q3bFMS34bmf9b9gW0JwMP6wh4A2FwhjAl9qKFQONtHMTKnUCgXb5UMg2/4/mssFXSu58cn34J59f9BuoadRG2MTUttQ7SH/f9NludKlzXQdWXheIDItH955nz5Rgfmxo7WDjx0zMUU+Zl1IB+2tJ2y1BHO0/AmUpQKL/WVeRL6/1FxXXrHxnh78WkpRl5jYE2EYFZHthp7OTu4IOc9nBk4YQyY51sx45O3PUeToeBGMhOCsCSwklO0h/Sit3cSSCDNZDHdoh4TwxYh5Dvr9RuuCi3eKZYbf58/qQOq3sN9fzKnbQlhO9wPrMvGQBQ3AQtJE3pLbLkvpAPtY6ReBtfNSzhlymNrxwAvVyK9RQHe8hD9+6orHxaDSP2KHLGmLvk/IroKTGOi9ne2e4Ll1fRYrecngR3JkWj1EvTiqQYualfTNCO4C4qT5Cqr8YaAiQ/+ttAtL6CCgjQGHjedvNgDiUGmOTSqU0u1aehIQ3d3N2f06TbcZzMR9ehtM03kMEXeeveqqVMGiE0SJLFB5OHbU1STne9EXCYqo7wJX84Bb/OWth8gFyK2kVyMB0ZCR3Nms+Mhk+DyoMp79L4uAuu4jazpYCT8E+13NuEwD2oH6kKKqwoL8WE/owx83XFq191ZScjTtKC2wPdQi85LMTLIpWgE7rH4vHp0Q4L2UbN/Qf0YBClFhG3cDOIe/
+  template:
+    metadata:
+      creationTimestamp: null
+      name: recipes
+      namespace: recipes
+    type: Opaque
--- a/kluster-deployments/kustomization.yaml
+++ b/kluster-deployments/kustomization.yaml
@ -36,3 +36,4 @@ resources:
  - syncthing/
  - finance/
  - eth-physics/
+  - recipes/
--- a/kluster-deployments/recipes/application.yaml
+++ b/kluster-deployments/recipes/application.yaml
@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: recipes-application
+  namespace: argocd
+spec:
+  project: apps
+  source:
+    repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
+    targetRevision: main
+    path: apps/recipes/
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: recipes
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
--- a/kluster-deployments/recipes/kustomization.yaml
+++ b/kluster-deployments/recipes/kustomization.yaml
@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - application.yaml