diff --git a/bootstrap/kustomizations/kustomization-soft-serve.yaml b/bootstrap/kustomizations/kustomization-soft-serve.yaml new file mode 100644 index 0000000..c0110ff --- /dev/null +++ b/bootstrap/kustomizations/kustomization-soft-serve.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: soft-serve + namespace: flux-system +spec: + interval: 15m + path: ./soft-serve + prune: true # remove any elements later removed from the above path + timeout: 2m # if not set, this defaults to interval duration, which is 1h + sourceRef: + kind: GitRepository + name: flux-system + healthChecks: + - apiVersion: apps/v1 + kind: Deployment + name: soft-serve + namespace: soft-serve diff --git a/bootstrap/namespaces/namespace-soft-serve.yaml b/bootstrap/namespaces/namespace-soft-serve.yaml new file mode 100644 index 0000000..bd1e618 --- /dev/null +++ b/bootstrap/namespaces/namespace-soft-serve.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: soft-serve diff --git a/soft-serve/soft-serve-deployment.yaml b/soft-serve/soft-serve-deployment.yaml new file mode 100644 index 0000000..d2eb595 --- /dev/null +++ b/soft-serve/soft-serve-deployment.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: soft-serve + namespace: soft-serve +spec: + replicas: 1 + selector: + matchLabels: + app: soft-serve + strategy: + type: Recreate + template: + metadata: + labels: + app: soft-serve + spec: + containers: + - env: + - name: SOFT_SERVE_INITIAL_ADMIN_KEYS + valueFrom: + secretKeyRef: + name: soft-serve-secret + key: admin_key + image: charmcli/soft-serve:latest + name: soft-serve + ports: + - containerPort: 23231 + protocol: TCP + - containerPort: 23232 + protocol: TCP + - containerPort: 23233 + protocol: TCP + - containerPort: 9418 + protocol: TCP + volumeMounts: + - mountPath: /soft-serve + name: soft-serve-claim0 + restartPolicy: Always + volumes: + - name: soft-serve-claim0 + persistentVolumeClaim: + claimName: soft-serve-claim0 diff --git a/soft-serve/soft-serve-ingress.yaml b/soft-serve/soft-serve-ingress.yaml new file mode 100644 index 0000000..b88462e --- /dev/null +++ b/soft-serve/soft-serve-ingress.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: soft-serve + namespace: soft-serve + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd + traefik.ingress.kubernetes.io/router.tls: "true" +spec: + rules: + - host: git.michaelthomson.dev + http: + paths: + - pathType: ImplementationSpecific + path: / + backend: + service: + name: git + port: + name: http + tls: + - hosts: + - git.michaelthomson.dev + secretName: letsencrypt-wildcard-cert-michaelthomson.dev diff --git a/soft-serve/soft-serve-pvc.yaml b/soft-serve/soft-serve-pvc.yaml new file mode 100644 index 0000000..355cb58 --- /dev/null +++ b/soft-serve/soft-serve-pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: soft-serve-pvc + namespace: soft-serve +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/soft-serve/soft-serve-secret.yaml b/soft-serve/soft-serve-secret.yaml new file mode 100644 index 0000000..e5194f3 --- /dev/null +++ b/soft-serve/soft-serve-secret.yaml @@ -0,0 +1,21 @@ +{ + "kind": "SealedSecret", + "apiVersion": "bitnami.com/v1alpha1", + "metadata": { + "name": "soft-serve-secret", + "namespace": "soft-serve", + "creationTimestamp": null + }, + "spec": { + "template": { + "metadata": { + "name": "soft-serve-secret", + "namespace": "soft-serve", + "creationTimestamp": null + } + }, + "encryptedData": { + "admin_key": "AgBj+Y8TO+7lifu2Cy+Act4J5wZqEMFfjNhP0IygmwSdDTOfXbFYlHVGzOwixJyMku5LnMcDmkU/iJbnLCBiVVcFWqNYucHKn5vKQBXhP99Ea1zlPCeGCIIPcZycHDBRIrHEjPKz0kGxmr4JGbEAn4yspt9kgZMNOMniI2D2Ds6dHFAmqbjjW0fTySm9TWvQiOnVfUsjfTqqMO4clh2UTQoZ4RH3nnQE6pgdrhdlxaSsv1P4BQ/QXKLWES/Plw1A4tnmDNPMrSU1CNHYnBy5XmLoHZyH35l/32e8MDYYr/xulSe0hR0jax7rjoGpZuuYfs0Kf1ZX7LSUcSEs0rcIKq9T3IFBx9tnPocNNE2rhgrMfe1DhBb5gKLFL3MFVZZIkaI2kPEyOx2ht7x5b35qUHCyPm4aWKGsaEnTd2OUmEaqdh5MtecNUWzjOwvrMD+lUD4dJwvEQGut+WfUTAWn8FmLS3zWgXWYI0veNcuL3FEG75/hv9UlUwUJDstCJWc0fqdzEYfV6E+MivSToyOq18g5tw0pnuov9v2yPTGsfhoG+73lw/1U0h97x+o2VOoGtwe6cluvIcQIBPAGKqxq1MemrI6euHtsRuU+cBYJ42yg+zWaBnLS2mzb1XeUU7t9Gy49poFR8nYNBYETwPn4c3qTS0T9b4sR5Fa1sQu9eMwDHsLrIPW9JM90TFEHhSj3dyQEJhMovWB9fVIcOL2HAb3FZ2wS3ikieNvX3oNi8K38KnYGyOkSHPxLBtfBp7Oqyu0k/p7LI2JeHmrBwXxZ3CicUA8PgxW+f72pElp0NC+WJDDQTpM6Cs+4qjhhAyKv9/fhcVGJBX4IK2fW2rxSzgbfDlVmXMdpMuTYX5pHvVGFJrWQsam3sjzh9eeWDZR1r9faY9BypGvxw8fzk8vrL1Sm/iGDglUdu7FgR4YO4IrHv3BOTaxrHFS7CeqxUHBK7k0fbb2p91b5HyPtOsRwHW7aa5kH63FNmEy5F+odjj2SwZ4gq1qi4+PbffILtEZ5dFgMeLjFObmudlymwth2TIar8/tjvabMIh7BMyKvmY9elEDG7NX6aFkYsPkOp31Scc7+nwo4jtKiDwGHsoJyf1UPjt+31VLR7FgRSL3wc+ZwV0g6Ho/l0uLzSWlywX/iTxMAwjAz3yzKNMLjg+9nvRQDYhSExQWbcMgPx9OHbbpnpKyLgUYwtNL+OXBNFpJXnFvrmYcCWceJIZF0cc105ZTe7OsQd3LgbQoKX/0F9ByLZFCZQtFl49qsZgOBZGzoBPkPtUx22CJOHaWuyU1BBw+5YwXSW0lwR5tPHlx0n1BFhcHkXFdXItbdM+0xmJ/vB/Xdzjx2lDS99dkMPxZMAsIwFAXF7CKWSDDJrRrsyD09TqJowv8d/ASMH4zLwRJt+4lX063+f2+lYLGHK5jaiFWRibLq9LHNKLoLYuDbHiBbDwsOJUvwKR6UzTiS/zwFGT1Ru8xNXpQckvwCy0Pt1eW6I4QNavUxwRZJ95vJbchu92fOZ72iJ5gBbXzVB0FavRABflQsROtT29XoYynFIf7I/oLyNMwRSafyijWiiG7+Iy3MblEPa2xMqmmJu+jyo774u6YV8xINIDOB6m0d8rSKF9t3zwIo00PeyajOsWULiu8sR2ETkGb3ALFr3j1Uy+8OYPVO" + } + } +} diff --git a/soft-serve/soft-serve-service.yaml b/soft-serve/soft-serve-service.yaml new file mode 100644 index 0000000..ae6cd43 --- /dev/null +++ b/soft-serve/soft-serve-service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: soft-serve + namespace: soft-serve +spec: + ports: + - name: "23231" + port: 23231 + targetPort: 23231 + - name: "23232" + port: 23232 + targetPort: 23232 + - name: "23233" + port: 23233 + targetPort: 23233 + - name: "9418" + port: 9418 + targetPort: 9418 + selector: + app: soft-serve