diff --git a/fider/config/base.env b/fider/config/base.env new file mode 100644 index 0000000..70c4000 --- /dev/null +++ b/fider/config/base.env @@ -0,0 +1,21 @@ +HOST_DOMAIN=fider.icb4dc0.de +LOG_SQL="false" +LOG_STRUCTURED="true" +LOG_LEVEL="DEBUG" + +# Metrics +METRICS_ENABLED=true +METRICS_PORT=4000 + +HOST_MODE=multi + +# SMTP setup +EMAIL_SMTP_HOST=smtp.gmail.com +EMAIL_SMTP_PORT="587" +EMAIL_SMTP_ENABLE_STARTTLS='true' + +# Blog storage +BLOB_STORAGE=s3 +BLOB_STORAGE_S3_REGION=us-east-1 +BLOB_STORAGE_S3_ENDPOINT_URL=https://2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com +BLOB_STORAGE_S3_BUCKET=fider diff --git a/fider/config/fider-secrets.enc.yaml b/fider/config/fider-secrets.enc.yaml new file mode 100644 index 0000000..4c80928 --- /dev/null +++ b/fider/config/fider-secrets.enc.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: Secret +metadata: + name: fider-secret-config +stringData: + #ENC[AES256_GCM,data:vwh0HqyenM9A/otfsYrVAIYoivvbQ/IZkrohaeuMSRLDFpnr5TDD0CY93N84,iv:Y4RTLSQCKG9YIsyALJXVnSU9KRVPViFiNah7cpPj7ws=,tag:V5+AGSJ3RlBh18oVI6QoFA==,type:comment] + DATABASE_URL: ENC[AES256_GCM,data:I1FYx2MxmCVRv5f7TdyjFLElzbA2kPuwYHTtFeECkfBChNiVNgVJnKKTdTvfHgz9tazME8e8FzVrbQ+XkTaTnT0vPtDISTuzPbq4EK+wDQbmz+M0BW7Me1wz2061NVd+uXpFWaj6jg2PcY41TYptT6s=,iv:J2isIwnf4wkObZSSIBWyjiFNHDwOw+jT0/kGOtAbV9M=,tag:HiK1ZA3pv4uohTKWvVrmHg==,type:str] + #ENC[AES256_GCM,data:QXY/wGzJDrdgfEwE/Zq98dQ=,iv:3ZC3JGlZeBslZN5a5ndYoNA4BwdZ8Kb49tNrJXh3c74=,tag:i8dp8nj7ZUO4H25mCJFJZg==,type:comment] + EMAIL_NOREPLY: ENC[AES256_GCM,data:1lBgr0jlpfqapy/Be5y8y/9iSQ==,iv:duh4+wgwMgprUPr5jNtLvm1RG4gLB8zRUW4KH+aQIGo=,tag:b0D3PGDsEvjj6modicar6g==,type:str] + EMAIL_SMTP_PASSWORD: ENC[AES256_GCM,data:ldpok+OwavUpP487Gh52I858MRuTITiVdQ==,iv:RBcKpTo/F6Wqc715U89VCdojEemwHEjETTPZP6z3lj8=,tag:3eye+x5YqS0Y6oP75lE2BQ==,type:str] + EMAIL_SMTP_USERNAME: ENC[AES256_GCM,data:+ft+YqLBBgqo0AGl5c1dQyl4Uw==,iv:t8pt2lj2sht3nMyfzCQoRe1hYapydvQt0ylDUxBLieo=,tag:lxMQ8bIjNZz6y+jgBedMyQ==,type:str] + #ENC[AES256_GCM,data:tKFIJYaKj470Wukj+0kh,iv:iVl3U363ioCdvOGBxAq+on9PLHqPeZO9Zs26kP9z1RQ=,tag:4KDR6lCtgwZVuJ3Uc+LuIw==,type:comment] + JWT_SECRET: ENC[AES256_GCM,data:8xfY6sn3yVVd6UwqmDj5VR9kjf91GJKkAxxNwVPI7mfeoPkH+xdCVon88SHQ1Lh7XRDeWK/Fjt6LCpWqlntwBA==,iv:p2pL9B3QdKPb9Ifup9zMZlKYGJM0s+L7+P0buI6855g=,tag:gQWBoV77HsH9TAk6CUxKJQ==,type:str] + #ENC[AES256_GCM,data:tRPJxSMKKV36Tm28Om1xg6RFvKckNLFClw==,iv:qhAuF4zUrwgPyIG/2U28fz3FWbiOCDBtzhO7jux47Bg=,tag:BfOepgY9Z6/BfOwfNar5YA==,type:comment] + OAUTH_GITHUB_CLIENTID: ENC[AES256_GCM,data:EGvHYukKGoeqJtFkTDnJoXGGzvg=,iv:CrPC/TUd+A9jYt17R2MLe4h+OArcZPXMbUbn/e+1S4o=,tag:ptEDPa2FmFfHaf0IV+hIIQ==,type:str] + OAUTH_GITHUB_SECRET: ENC[AES256_GCM,data:EX4MeNyiJfOOM5tpIiVsWzN4PwxGKaiuEp/x2yLB6DKERUqnXBjPHQ==,iv:zIzv5x43gurxC0OPZAJ15kMuK/0YA8UWULns49W8tWE=,tag:yq/IT69Dk7BtJ5k+8HNu6A==,type:str] + #ENC[AES256_GCM,data:yepnpyfmV9t5CRucNg==,iv:186ZrE/ynkFhDjcmbdY+0eM//BWDMkQKQkUUj2OX0gw=,tag:3zjeG1sveTCCARG30vrtQQ==,type:comment] + BLOB_STORAGE_S3_ACCESS_KEY_ID: ENC[AES256_GCM,data:h6C2TxHcBJH5a2+OGckctvKUnXLbe8gbH3OpQ1s8znw=,iv:VtB1MAb4lqUcPbSQzf/o1bPFEqtd9FYhdrItLIv9GQk=,tag:MbuJfTZPJSSzT/89IDXCig==,type:str] + BLOB_STORAGE_S3_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:nFbcxS5IJz2YOJZx15hRYGrfGdcN7FI7Z2k1C5uLRHXllqvbRw09ZFn0ed2ORH8mDSl/0NHzjtD4cTdZ8L/fOg==,iv:4Vgb9qBQD8kgr4iBVEsaQTY+i58MUu+Bu80XjZAY78Q=,tag:VSp88f5T+WV2ngvW6mHbYA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1MHkwN1AyY0twMzlYT29D + bXBPTE4vV3lCZFROTG5FS2ZteHVWbjE3clVBCmFWV3FVYTMvejBINzZ1Sk5lcEFF + NTMvSWJlQ2Nad1oxNkVJdFlHbkdja2MKLS0tIDFicWs5QUlPeVpieitqRVNhSXEy + L3JKV0YzOUcvLys3TWd0Q3pOcFBsczQKxyY1BbhiAcFnEwMO3uEEssGX4vM9pjwo + 0hvqWULdsl6NpVd91lOpKgp9XwROSKwdYp5U0XX4oRF1mAI137a8WA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0SHY0STF0TGJia2dqRk5k + QVpUeEsvUUpaUjBzOGtNV2dlQzBSNzVZNkRJCkxNc3RBUmgwVDBId3pqY2R6eWNa + WjZ6ZXV6RjFaWnp4ZXUveHBsMG1DR28KLS0tIEVOeGFPTUszbmYxU1hYZENZUWdl + bTk2dytOMmE0UkZYNUdOWHZuelJBK2sKCT4UeF/m0mMqs6jbT1KMLfx6YTQTwkbK + 7WcJKPlg2Jqmqi2G1tqKcjMui0g19vKPRDWGdtIOyYB83ThAVG0znA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-02-21T20:00:49Z" + mac: ENC[AES256_GCM,data:wDVyJOyMbbcQf/LIypuKIXYskE1+xlg43UY2NV3xIRZfVxN4uAJBtEEas+T6Y3jJoLJOkwjzkvncCv0cxzlJSQYmfoidaBIpNPKi6fSR1LjxELG0ErblVY/usgJ/ACvIfN+6SUC1sK/wxIbpLT+8TeUCvHEj/iuq0hslgdsomks=,iv:MdET9ouW4AVsbpLDtLpHzGQ6RTAHx3GvJg5TVaMzNug=,tag:UUDSIeK0cfd7Otn2XlsxlA==,type:str] + pgp: [] + unencrypted_regex: ^(apiVersion|metadata|kind|type)$ + version: 3.8.1 diff --git a/fider/kustomization.yaml b/fider/kustomization.yaml new file mode 100644 index 0000000..276a70e --- /dev/null +++ b/fider/kustomization.yaml @@ -0,0 +1,24 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: fider + +labels: +- includeSelectors: true + pairs: + app.kubernetes.io/instance: icb4dc0de-feedback + app.kubernetes.io/managed-by: kustomize + +resources: + - "resources/namespace.yaml" + - "resources/deployment.yaml" + - "resources/service.yaml" + - "resources/http_routes.yaml" + +secretGenerator: + - name: fider-base-config + envs: + - "config/base.env" + +generators: + - ./secret-generator.yaml \ No newline at end of file diff --git a/fider/resources/deployment.yaml b/fider/resources/deployment.yaml new file mode 100644 index 0000000..c7096a9 --- /dev/null +++ b/fider/resources/deployment.yaml @@ -0,0 +1,46 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fider +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: fider + template: + metadata: + labels: + app.kubernetes.io/name: fider + spec: + containers: + - name: fider + image: docker.io/getfider/fider:stable + ports: + - containerPort: 3000 + protocol: TCP + name: web + envFrom: + - secretRef: + name: fider-base-config + - secretRef: + name: fider-secret-config + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 50m + memory: 50Mi + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - fider + topologyKey: topology.kubernetes.io/zone \ No newline at end of file diff --git a/fider/resources/http_routes.yaml b/fider/resources/http_routes.yaml new file mode 100644 index 0000000..8920241 --- /dev/null +++ b/fider/resources/http_routes.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: fider-http +spec: + parentRefs: + - name: contour + sectionName: http + namespace: projectcontour + hostnames: + - fider.icb4dc0.de + - login.fider.icb4dc0.de + - community.buildr.icb4dc0.de + - community.inetmock.icb4dc0.de + rules: + - filters: + - type: RequestRedirect + requestRedirect: + scheme: https + statusCode: 301 +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: fider-https +spec: + parentRefs: + - name: contour + namespace: projectcontour + hostnames: + - fider.icb4dc0.de + - login.fider.icb4dc0.de + - community.buildr.icb4dc0.de + - community.inetmock.icb4dc0.de + rules: + - backendRefs: + - name: fider + port: 3000 \ No newline at end of file diff --git a/fider/resources/namespace.yaml b/fider/resources/namespace.yaml new file mode 100644 index 0000000..5a91012 --- /dev/null +++ b/fider/resources/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: fider + labels: + prometheus: default \ No newline at end of file diff --git a/fider/resources/service.yaml b/fider/resources/service.yaml new file mode 100644 index 0000000..7002a0c --- /dev/null +++ b/fider/resources/service.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: fider +spec: + selector: + app.kubernetes.io/name: fider + ports: + - protocol: TCP + port: 3000 + targetPort: 3000 \ No newline at end of file diff --git a/fider/secret-generator.yaml b/fider/secret-generator.yaml new file mode 100644 index 0000000..0aa7075 --- /dev/null +++ b/fider/secret-generator.yaml @@ -0,0 +1,11 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + # Specify a name + name: fider-secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - config/fider-secrets.enc.yaml \ No newline at end of file