From 21d3bb04673fd3d6d346d9426c08857fafecc151 Mon Sep 17 00:00:00 2001 From: Michael Thomson Date: Sat, 5 Oct 2024 13:20:02 -0400 Subject: [PATCH] seafile Signed-off-by: Michael Thomson --- .../kustomizations/kustomization-seafile.yaml | 18 +++++++ bootstrap/namespaces/namespace-seafile.yaml | 4 ++ seafile/dns-endpoint.yaml | 15 ++++++ seafile/mariadb-deployment.yaml | 35 +++++++++++++ seafile/mariadb-persistentvolumeclaim.yaml | 11 ++++ seafile/mariadb-root-password.yaml | 21 ++++++++ seafile/mariadb-service.yaml | 12 +++++ seafile/memchached-deployment.yaml | 21 ++++++++ seafile/memchached-service.yaml | 12 +++++ seafile/seafile-admin-password.yaml | 21 ++++++++ seafile/seafile-deployment.yaml | 50 +++++++++++++++++++ seafile/seafile-ingress.yaml | 24 +++++++++ seafile/seafile-persistentvolumeclaim.yaml | 12 +++++ seafile/seafile-service.yaml | 13 +++++ 14 files changed, 269 insertions(+) create mode 100644 bootstrap/kustomizations/kustomization-seafile.yaml create mode 100644 bootstrap/namespaces/namespace-seafile.yaml create mode 100644 seafile/dns-endpoint.yaml create mode 100644 seafile/mariadb-deployment.yaml create mode 100644 seafile/mariadb-persistentvolumeclaim.yaml create mode 100644 seafile/mariadb-root-password.yaml create mode 100644 seafile/mariadb-service.yaml create mode 100644 seafile/memchached-deployment.yaml create mode 100644 seafile/memchached-service.yaml create mode 100644 seafile/seafile-admin-password.yaml create mode 100644 seafile/seafile-deployment.yaml create mode 100644 seafile/seafile-ingress.yaml create mode 100644 seafile/seafile-persistentvolumeclaim.yaml create mode 100644 seafile/seafile-service.yaml diff --git a/bootstrap/kustomizations/kustomization-seafile.yaml b/bootstrap/kustomizations/kustomization-seafile.yaml new file mode 100644 index 0000000..7618555 --- /dev/null +++ b/bootstrap/kustomizations/kustomization-seafile.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: seafile + namespace: flux-system +spec: + interval: 15m + path: ./seafile + prune: true # remove any elements later removed from the above path + timeout: 2m # if not set, this defaults to interval duration, which is 1h + sourceRef: + kind: GitRepository + name: flux-system + healthChecks: + - apiVersion: apps/v1 + kind: Deployment + name: seafile + namespace: seafile diff --git a/bootstrap/namespaces/namespace-seafile.yaml b/bootstrap/namespaces/namespace-seafile.yaml new file mode 100644 index 0000000..b683b3d --- /dev/null +++ b/bootstrap/namespaces/namespace-seafile.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: seafile diff --git a/seafile/dns-endpoint.yaml b/seafile/dns-endpoint.yaml new file mode 100644 index 0000000..67dd093 --- /dev/null +++ b/seafile/dns-endpoint.yaml @@ -0,0 +1,15 @@ +apiVersion: externaldns.k8s.io/v1alpha1 +kind: DNSEndpoint +metadata: + name: seafile.michaelthomson.dev + namespace: media +spec: + endpoints: + - dnsName: seafile.michaelthomson.dev + recordTTL: 180 + recordType: CNAME + targets: + - michaelthomson.ddns.net + providerSpecific: + - name: external-dns.alpha.kubernetes.io/cloudflare-proxied + value: "true" diff --git a/seafile/mariadb-deployment.yaml b/seafile/mariadb-deployment.yaml new file mode 100644 index 0000000..d5b3c9b --- /dev/null +++ b/seafile/mariadb-deployment.yaml @@ -0,0 +1,35 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mariadb + namespace: seafile +spec: + selector: + matchLabels: + app: mariadb + replicas: 1 + template: + metadata: + labels: + app: mariadb + spec: + containers: + - name: mariadb + image: mariadb:10.11 + env: + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mariadb-root-password + key: MARIADB_ROOT_PASSWORD + - name: MARIADB_AUTO_UPGRADE + value: "true" + ports: + - containerPort: 3306 + volumeMounts: + - name: mariadb-data + mountPath: /var/lib/mysql + volumes: + - name: mariadb-data + persistentVolumeClaim: + claimName: mariadb-data diff --git a/seafile/mariadb-persistentvolumeclaim.yaml b/seafile/mariadb-persistentvolumeclaim.yaml new file mode 100644 index 0000000..f510aca --- /dev/null +++ b/seafile/mariadb-persistentvolumeclaim.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mariadb-data + namespace: seafile +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/seafile/mariadb-root-password.yaml b/seafile/mariadb-root-password.yaml new file mode 100644 index 0000000..9d18dca --- /dev/null +++ b/seafile/mariadb-root-password.yaml @@ -0,0 +1,21 @@ +{ + "kind": "SealedSecret", + "apiVersion": "bitnami.com/v1alpha1", + "metadata": { + "name": "mariadb-root-password", + "namespace": "seafile", + "creationTimestamp": null + }, + "spec": { + "template": { + "metadata": { + "name": "mariadb-root-password", + "namespace": "seafile", + "creationTimestamp": null + } + }, + "encryptedData": { + "MARIADB_ROOT_PASSWORD": "AgAV8kUGWkaCLj4ramUSiA6PenSUu11fH4cB00H9p+dD4NCaR4n6IV6nFGyKm38L/dB76jKjRQnyKL7AG8UcOFrjLypN3WoD20y0XCs3XWE+2rlDSinsYAyC6aYLS4sNY3hgErF9ZxTt4GICtjhQSV6eRpeHnqyTlcpKxQm1OMnig6Zmo3YmGEOazPWMFeFrSWPwQNO436OvNaxoDmAaf28TlTK8uRBn1+s24vzGUN31wK45AIJgOTJVW4BTStO6AhL36Row0BnVqw+B3osLuOo6rMvNXphJH7KxqyLM3xKNi5ZHZZ8LH0EaGL0qTZwx2FqYSHSEpQU6DFi14p4hu9ksCl44VQUfxTJ+i2XAZJ/XuH4Ay38zdbNpVGgHR62Nm0sA5X+/2UrKTMCFZi4Fm4GZOW50WayioYFcna983qSINhl+VFwyihPHkE+GqxLfSrsW2iBzkOGANI/5O5bRbLmVQGh+AdbcO+xl0PxVRwuWT49TJ/P/foGtUPpMIejoifgV0v89TzviTszMTmcfb19u7EAoha1MebFqdE8261fqz1KIB3b7wrnyfVQ5fo+YcpUFmSp2sUfgK4JhUoYBs3Hu5xVSRtF1Tbjj5yNPiGH+5tkaDOKZL9TxIoeyyrcw3qkrni1S+U4nxU9AAyuNWi9NFC6reNkG6nv3pK5XlqqMhBxlt/FIVglZ4rA13nKQdKXy5hfZKqyvJmXBZrYBTqNPK2uuY5hlJShroaDqjf0o8F6RQFCqZEAscPMKujV9DLHS" + } + } +} diff --git a/seafile/mariadb-service.yaml b/seafile/mariadb-service.yaml new file mode 100644 index 0000000..fb20548 --- /dev/null +++ b/seafile/mariadb-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: mariadb + namespace: seafile +spec: + selector: + app: mariadb + ports: + - protocol: TCP + port: 3306 + targetPort: 3306 diff --git a/seafile/memchached-deployment.yaml b/seafile/memchached-deployment.yaml new file mode 100644 index 0000000..75d5768 --- /dev/null +++ b/seafile/memchached-deployment.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: memcached + namespace: seafile +spec: + replicas: 1 + selector: + matchLabels: + app: memcached + template: + metadata: + labels: + app: memcached + spec: + containers: + - name: memcached + image: memcached:1.6.18 + args: ["-m", "256"] + ports: + - containerPort: 11211 diff --git a/seafile/memchached-service.yaml b/seafile/memchached-service.yaml new file mode 100644 index 0000000..f85a0cb --- /dev/null +++ b/seafile/memchached-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: memcached + namespace: seafile +spec: + selector: + app: memcached + ports: + - protocol: TCP + port: 11211 + targetPort: 11211 diff --git a/seafile/seafile-admin-password.yaml b/seafile/seafile-admin-password.yaml new file mode 100644 index 0000000..52c5f79 --- /dev/null +++ b/seafile/seafile-admin-password.yaml @@ -0,0 +1,21 @@ +{ + "kind": "SealedSecret", + "apiVersion": "bitnami.com/v1alpha1", + "metadata": { + "name": "seafile-admin-password", + "namespace": "seafile", + "creationTimestamp": null + }, + "spec": { + "template": { + "metadata": { + "name": "seafile-admin-password", + "namespace": "seafile", + "creationTimestamp": null + } + }, + "encryptedData": { + "SEAFILE_ADMIN_PASSWORD": "AgC/vtj3zhMmOTHmOUEoxqYiGg8fXFTY8YYqj7cK8NDs2kIAENof52EiXRexBJCWT3yvIRV922W2y3OO0k+F7Cq6Q0mfmTQSMmxZWZjEi00cjWwg/JTx7xWNzU+SJUbGc6p0VubvIpngDM9j8Ygj75zA7XsidAd3S8Q6LMrhkryG+Z3HzOsrUbf2u9qWvaEyjHfg73njcS2GIPmPxtYxzXlGLg70/rYBGh3cp7raEWYjYNZlbId7e5D5k9Vm/jTo3XeEzIVHZOX/2+WSfU+ezf+ech7Uo5MFnbEMJa5PlMBRB1mFPRNyb60Ib/PSuiDO0Vqs4YHKXnk25g8zFPY2dNlqfnR6U26nW82Qlv0En7mGRukyemTkB1x1OUL9tXRGiym42GbfaiXgIM7CJNl9j3oM0wkY9wcPcY2GwcStmKBiPN2EKiLJvhmORvaGG4gL5pqFIOqvzpfORXXxegXDOMBmeGgzYX7L6Bk0aHI81ib3JRJGa8aeKyf1V+5lrJ2Jg6WzMmmcmoj2snhoh4XNHx7vvrrB3DvHkPW6AxpVlw5eK3K1OYH9b08jj7DmakcWdxhvIwgqCTJMdOBkTAc3UQmsbIdlVXxOahcWGfDHSeMx0MO/JHFea09+ANkEI3aLvgPX7zdjLv40s2EcGvbSIk6NONtG0CncqqpjbZg1AG59WyfunEfwd8l0MKKLQ76kV+xoLU+aNCawfMElffkc" + } + } +} diff --git a/seafile/seafile-deployment.yaml b/seafile/seafile-deployment.yaml new file mode 100644 index 0000000..80fa1c1 --- /dev/null +++ b/seafile/seafile-deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: seafile + namespace: seafile +spec: + replicas: 1 + selector: + matchLabels: + app: seafile + template: + metadata: + labels: + app: seafile + spec: + containers: + - name: seafile + image: docker.seadrive.org/seafileltd/seafile-pro-mc:11.0-latest + env: + - name: DB_HOST + value: "mariadb" + - name: DB_ROOT_PASSWD + valueFrom: + secretKeyRef: + name: mariadb-root-password + key: MARIADB_ROOT_PASSWORD + - name: TIME_ZONE + value: "America/Toronto" + - name: SEAFILE_ADMIN_EMAIL + value: "seafile@michaelthomson.dev" #admin email + - name: SEAFILE_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: seafile-admin-password + key: SEAFILE_ADMIN_PASSWORD + - name: SEAFILE_SERVER_LETSENCRYPT + value: "false" + - name: SEAFILE_SERVER_HOSTNAME + value: "seafile.michaelthomson.dev" #hostname + ports: + - containerPort: 80 + name: http + volumeMounts: + - name: seafile-data + mountPath: /shared + volumes: + - name: seafile-data + persistentVolumeClaim: + claimName: seafile-data + restartPolicy: Always diff --git a/seafile/seafile-ingress.yaml b/seafile/seafile-ingress.yaml new file mode 100644 index 0000000..6c6213c --- /dev/null +++ b/seafile/seafile-ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: seafile + namespace: seafile + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" +spec: + rules: + - host: seafile.michaelthomson.dev + http: + paths: + - pathType: ImplementationSpecific + path: / + backend: + service: + name: seafile + port: + name: http + tls: + - hosts: + - seafile.michaelthomson.dev + secretName: letsencrypt-wildcard-cert-michaelthomson.dev diff --git a/seafile/seafile-persistentvolumeclaim.yaml b/seafile/seafile-persistentvolumeclaim.yaml new file mode 100644 index 0000000..15cacfd --- /dev/null +++ b/seafile/seafile-persistentvolumeclaim.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: seafile-data + namespace: seafile +spec: + accessModes: + - ReadWriteOnce + storageClassName: nfs-client + resources: + requests: + storage: 14Ti diff --git a/seafile/seafile-service.yaml b/seafile/seafile-service.yaml new file mode 100644 index 0000000..01515e2 --- /dev/null +++ b/seafile/seafile-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: seafile + namespace: seafile +spec: + selector: + app: seafile + ports: + - protocol: TCP + port: 80 + targetPort: http + name: http