diff --git a/bootstrap/kustomizations/kustomization-hoarder.yaml b/bootstrap/kustomizations/kustomization-hoarder.yaml new file mode 100644 index 0000000..30b0368 --- /dev/null +++ b/bootstrap/kustomizations/kustomization-hoarder.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: hoarder + namespace: flux-system +spec: + interval: 15m + path: ./hoarder + prune: true # remove any elements later removed from the above path + timeout: 2m # if not set, this defaults to interval duration, which is 1h + sourceRef: + kind: GitRepository + name: flux-system + healthChecks: + - apiVersion: apps/v1 + kind: Deployment + name: web + namespace: hoarder diff --git a/bootstrap/namespaces/namespace-hoarder.yaml b/bootstrap/namespaces/namespace-hoarder.yaml new file mode 100644 index 0000000..8c1a889 --- /dev/null +++ b/bootstrap/namespaces/namespace-hoarder.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: hoarder diff --git a/hoarder/chrome-deployment.yaml b/hoarder/chrome-deployment.yaml new file mode 100644 index 0000000..220350d --- /dev/null +++ b/hoarder/chrome-deployment.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: chrome + namespace: hoarder +spec: + replicas: 1 + selector: + matchLabels: + app: chrome + template: + metadata: + labels: + app: chrome + spec: + containers: + - name: chrome + image: gcr.io/zenika-hub/alpine-chrome:123 + command: + - chromium-browser + - --headless + - --no-sandbox + - --disable-gpu + - --disable-dev-shm-usage + - --remote-debugging-address=0.0.0.0 + - --remote-debugging-port=9222 + - --hide-scrollbars diff --git a/hoarder/chrome-service.yaml b/hoarder/chrome-service.yaml new file mode 100644 index 0000000..5573137 --- /dev/null +++ b/hoarder/chrome-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: chrome + namespace: hoarder +spec: + selector: + app: chrome + ports: + - protocol: TCP + port: 9222 + targetPort: 9222 + type: ClusterIP diff --git a/hoarder/data-pvc.yaml b/hoarder/data-pvc.yaml new file mode 100644 index 0000000..abfeba3 --- /dev/null +++ b/hoarder/data-pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: data-pvc + namespace: hoarder +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/hoarder/dns-endpoint.yaml b/hoarder/dns-endpoint.yaml new file mode 100644 index 0000000..6c61a5c --- /dev/null +++ b/hoarder/dns-endpoint.yaml @@ -0,0 +1,15 @@ +apiVersion: externaldns.k8s.io/v1alpha1 +kind: DNSEndpoint +metadata: + name: hoarder.michaelthomson.dev + namespace: hoarder +spec: + endpoints: + - dnsName: hoarder.michaelthomson.dev + recordTTL: 180 + recordType: CNAME + targets: + - michaelthomson.ddns.net + providerSpecific: + - name: external-dns.alpha.kubernetes.io/cloudflare-proxied + value: "true" diff --git a/hoarder/hoarder-secrets.yaml b/hoarder/hoarder-secrets.yaml new file mode 100644 index 0000000..9350023 --- /dev/null +++ b/hoarder/hoarder-secrets.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: hoarder-secrets + namespace: hoarder +spec: + encryptedData: + MEILI_MASTER_KEY: AgCHcsgG2eNFA8M//KlFEXsD8v+kh9MWiIPr/vWBXqOtoyCoA5vTcrWdQvnmO+ic93kiBy2sTRa2thR2UQd9h3GnC4+MkTGZDLmbiArlE6HltuSWUnqaZESop8NBu8p3mFJ3kX8sLA3RzEZrj4/rmFT3CFym5v6vXjXxGaaT2C0VjsCxeOnGjcEyfm4gaptNP14v43bRRsxZtLo1F/pI1vkMPMbcQPsGXuiIkOxbaMAgGdlybMX1q7ZWWdXEHb/o+RDN2D2c9GJeZDgk/znT1A8IwfAUue1BpF2VamtFxoX2aI2w0xjGeJ7ffUOS3VzuBSAITsw4lb+7gCmC7FByqjxCmoiBI3L20XcFoWMmvNFKqsOPDVduNCJeYAZQHSNfC0SxGIu1tUw1T66NijsItDPH5vjH6BGvWyS3E+YMkxEHMV6ZJWkk3+S0gMRURSEo3Dr/MCby2x6MPbaKFB06u2Vyr0XWRUAXlphzndO0Ibt9P/KVldNX+ZueVxoZkxt+PiJqhWb6ZT8s0VBPmWleufbyjkZoa00KVM4/IGrSBJdLboGGmHU1p1EZGzpMEexCp/G0iEuNqkLJo8cCRxrHH6zsVunIpXnTYg+6Ob032+LDGGG2jKGKsjAlKKod/TIpL15poZZoVIv57IkLYd6bYASDQ9M4NpSJ3gyyIe+jICHBGFQ4t/mBfzlfy4fpjpFRxGNOQhr6TNBIgda9QI17OTkNDyace9Ltqu6CUIDvgOUYUH/gTBfYFtSk0NZWPJdJ+aA= + NEXT_PUBLIC_SECRET: AgB3LRSR+Y/VbTXIHpqlMUR1ec3LXdsghJ8vmMGEB+674W+x36ciekTkv8fGPj+XJXnXgPqCMrAr/Wd6ExrkW/nI2ZxDvbYLQ4POW34b5vF8IV0KD2kARUz5UGmVJOsCRSdlqqEsED72U2Cotw8voYOpEk7GfWZPTAyg6iv6pJyIa3gXEtdKV4k8XOQmMvdAui/0iAoTOeMpP6Qe2hGqCvSCtrsw+aj+ptUlQkP9pOQW6Uo/XMebwwZVSkgFOr6pEPhr70qMbi31ERR1at/vNYArQy8PXmUxJGsRF5KgjD+Nq6rrZPXJFjEk6qx+MAcysJ6rCJeYiCmZMZHabZ9CrhFTVdwtSO2su6B19hXS7fACzIrFNr5Z23NAn6+SoDodXo+Bqa+1ldHFzZl9ve0eoHEB8sG1qVvA5wWMtPm4D2mxd0UTlK0/EqY1jP+EvWNC05v/uD4toIEX3HEZCqdPqghmWxwq8qCm3ZpYvmxQwZxWHZdpxIen262vMZ6s5yZVC/n/v2EVmswqllUBvBCHq6WBBZqF5tgYBsuwy4qf976HMGvXXVx/WcE92eA3iT1olUnFJ7I4Isdp28tFl8jv5JLHJJozzWI91iwPUAwT5xFXi/2Jtk9Oe7QNjsEpYqnxxbogbMS6UZL4TJ1QNsyY29iue+E9q2Eck9Btb8xDtpSH2FNKNo/3FNcbe6hNXdwEbqoGIcNPZNNGDMOFVq6EeTmyxxR3CZYahHt65BXO0K/Smv8n4NSwI0e5T7Hn4S5o8JM= + NEXTAUTH_SECRET: AgChzv5iFZC4pFksnh7blvLWRn/2VsCqjOqkRnFQFTApAKf6CyfUgkFy5yBgbwqtS4oak6jtadtVZQuiWXrY2bIRvROwL4AEqGvteUhURSL7Hy/3oRd6BoBiT/zoiTkBmZRBG1LsI6KjCWXvjKAQGsoJ6sPQOGVGZ2eb57ne51op7xrhAyWbCuuy5tw237Qb/DnTgqeIQ4SmgTytLd5jO6nZ1yhzpmUW6ynu8TLy3ar3vIecc7IQkS7mmnXJgGilUrNUkdNjFdxkALBPah4a0qgwaRrZVh0MLa4Kvud5iYEC6Y5YFxZ2/6pH/OA0+aEw4gWdENyxDRVmxkwHpN22Ya1svvEI1V3RD7RQFA4psLClly3bJDpE96NIS0gSbpGzo2xszf3iKX5U5WjnGEODg9udQ+/RZvluU1NjwkPP5wFpAZU1YC5w2OUtZH/tQQ0Lumn1YsgXeH/oEtXfMgSTWD0Yoxwv7r+bFPb03OUllTG8AFVrP0Uigz9sl/td1u9zvrPFQMNPITSUOFrMbnVA0riKVGqFkkfxSp93lRpKHx7sA7LWyrZfYdcEGsaxMdBWGUcuv4OCtCHQhuyuxkJc7/Dygg3roxPyaehU/j5fY962qnRtv2Okmpf1Lm9VvuB83+ZhnJJNFgWVh6rPUgA+v0rVKOpzSYHpP878EMf3wz08wghhFmhlBSimAftMa8B9zSBkzlqfm6ByrtUNsKSuPE3k1H4YjusxRKFu4DXgo0eiZWmVQWb+YzhS4/zp5aJU3lA= + OPENAI_API_KEY: AgDISqGkHBSMNAmZa5uXoE2DAPy0FbxoZB1ngYRVGbQWN6LxW/3u+O+qtggo1qd+yaPTXJTi5DST22CNLZfk+pdYtMsTb3lQrEM0BkiACDsppOah9pz675xdZrAZG1+BlwGDfyRyKmww6t12D01MEl5g5dgXSA5ZHzPkhR4BySWzbVTN5oF3Yj/7twDkE8ignpdD0lIzPEqoOjdgeQ7g1cUAOTjbj9Q46S75kIaXhzIRnForZi3wbnhFn8pzcuNMERYfxms4u2x5cfUHyRTjblsS7KRIN2ymtsVauCdpmbe6bf3q7WCZ1XE7HcHdDpDK5N0kZRSHVMQUTp3kGripMiBb5aAfYOQBm+6Rjd0OE49dwEfgOV/zecOPZeTp70xwS3RhjioJlVRzHUIYZ9PRjt0gLqEULAQzF8E0FoQcwcjCxtEqTwLHNcVJ3xUBrt/Oq4yTgKspuu+Mb45UUlxyfZUaXrMZp73OE5qFVeUUjGRze6iQ2Hd5znOWH7BUqN+esEzqIyzhhREBSdyKmGdV33eYLcFrnaQkClilf5xeIbKjfA3QLl/3gtdteU3IiYd0PPNXPQr7aYK1buDsLExDo1M9tZM19eypLphStnOtXxtdHFua0jit6Cr7tVFRSF1gJYmtrLpcK5q5bnAt1KCZ2DBQCMgSQhOd1v9t0DQB7dbqgm5+44OJRZDOyhgE03qG57tdsTgr6ufL3Q+wfbo60VVl6JnR+MqgDbTrXvwzWyt5junDDL/FI/MLE9HAH7y5UDCyoHALEAhecE6FF+H34g5NHxQKxHTb6Id5uBdGcSTPDmJO+hwHwTvvSQUQPknGQzFURRw9cLTk+IeTjCfrQE1mIYnk9M5aa0CHWSALB8eXovWUiY1o7A3WYZkIFIz4+bcIws1ihd0M/vGr/cnczDZR5WeIqg== + template: + metadata: + creationTimestamp: null + name: hoarder-secrets + namespace: hoarder diff --git a/hoarder/ingress.yaml b/hoarder/ingress.yaml new file mode 100644 index 0000000..870c10c --- /dev/null +++ b/hoarder/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: hoarder-web-ingress + namespace: hoarder + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" +spec: + rules: + - host: "hoarder.michaelthomson.dev" + http: + paths: + - path: "/" + pathType: Prefix + backend: + service: + name: "web" + port: + number: 3000 + tls: + - hosts: + - hoarder.michaelthomson.dev + secretName: letsencrypt-wildcard-cert-michaelthomson.dev diff --git a/hoarder/meilisearch-deployment.yaml b/hoarder/meilisearch-deployment.yaml new file mode 100644 index 0000000..f75baa0 --- /dev/null +++ b/hoarder/meilisearch-deployment.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: meilisearch + namespace: hoarder +spec: + replicas: 1 + selector: + matchLabels: + app: meilisearch + template: + metadata: + labels: + app: meilisearch + spec: + containers: + - name: meilisearch + image: getmeili/meilisearch:v1.11.1 + env: + - name: MEILI_NO_ANALYTICS + value: "true" + volumeMounts: + - mountPath: /meili_data + name: meilisearch + envFrom: + - secretRef: + name: hoarder-secrets + volumes: + - name: meilisearch + persistentVolumeClaim: + claimName: meilisearch-pvc diff --git a/hoarder/meilisearch-pvc.yaml b/hoarder/meilisearch-pvc.yaml new file mode 100644 index 0000000..46f396f --- /dev/null +++ b/hoarder/meilisearch-pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: meilisearch-pvc + namespace: hoarder +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/hoarder/meilisearch-service.yaml b/hoarder/meilisearch-service.yaml new file mode 100644 index 0000000..017eb1f --- /dev/null +++ b/hoarder/meilisearch-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: meilisearch + namespace: hoarder +spec: + selector: + app: meilisearch + ports: + - protocol: TCP + port: 7700 + targetPort: 7700 diff --git a/hoarder/web-deployment.yaml b/hoarder/web-deployment.yaml new file mode 100644 index 0000000..5061c2f --- /dev/null +++ b/hoarder/web-deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: web + namespace: hoarder +spec: + replicas: 1 + selector: + matchLabels: + app: hoarder-web + template: + metadata: + labels: + app: hoarder-web + spec: + containers: + - name: web + image: ghcr.io/hoarder-app/hoarder:release + imagePullPolicy: Always + ports: + - containerPort: 3000 + env: + - name: MEILI_ADDR + value: http://meilisearch:7700 + - name: BROWSER_WEB_URL + value: http://chrome:9222 + - name: DATA_DIR + value: /data + volumeMounts: + - mountPath: /data + name: data + envFrom: + - secretRef: + name: hoarder-secrets + volumes: + - name: data + persistentVolumeClaim: + claimName: data-pvc diff --git a/hoarder/web-service.yaml b/hoarder/web-service.yaml new file mode 100644 index 0000000..dbaba89 --- /dev/null +++ b/hoarder/web-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: web + namespace: hoarder +spec: + selector: + app: hoarder-web + ports: + - protocol: TCP + port: 3000 + targetPort: 3000 + type: ClusterIP