This commit is contained in:
parent
80721ce1da
commit
0754148bb1
8 changed files with 208 additions and 0 deletions
21
fider/config/base.env
Normal file
21
fider/config/base.env
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
HOST_DOMAIN=fider.icb4dc0.de
|
||||||
|
LOG_SQL="false"
|
||||||
|
LOG_STRUCTURED="true"
|
||||||
|
LOG_LEVEL="DEBUG"
|
||||||
|
|
||||||
|
# Metrics
|
||||||
|
METRICS_ENABLED=true
|
||||||
|
METRICS_PORT=4000
|
||||||
|
|
||||||
|
HOST_MODE=multi
|
||||||
|
|
||||||
|
# SMTP setup
|
||||||
|
EMAIL_SMTP_HOST=smtp.gmail.com
|
||||||
|
EMAIL_SMTP_PORT="587"
|
||||||
|
EMAIL_SMTP_ENABLE_STARTTLS='true'
|
||||||
|
|
||||||
|
# Blog storage
|
||||||
|
BLOB_STORAGE=s3
|
||||||
|
BLOB_STORAGE_S3_REGION=us-east-1
|
||||||
|
BLOB_STORAGE_S3_ENDPOINT_URL=https://2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com
|
||||||
|
BLOB_STORAGE_S3_BUCKET=fider
|
48
fider/config/fider-secrets.enc.yaml
Normal file
48
fider/config/fider-secrets.enc.yaml
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: fider-secret-config
|
||||||
|
stringData:
|
||||||
|
#ENC[AES256_GCM,data:vwh0HqyenM9A/otfsYrVAIYoivvbQ/IZkrohaeuMSRLDFpnr5TDD0CY93N84,iv:Y4RTLSQCKG9YIsyALJXVnSU9KRVPViFiNah7cpPj7ws=,tag:V5+AGSJ3RlBh18oVI6QoFA==,type:comment]
|
||||||
|
DATABASE_URL: ENC[AES256_GCM,data:I1FYx2MxmCVRv5f7TdyjFLElzbA2kPuwYHTtFeECkfBChNiVNgVJnKKTdTvfHgz9tazME8e8FzVrbQ+XkTaTnT0vPtDISTuzPbq4EK+wDQbmz+M0BW7Me1wz2061NVd+uXpFWaj6jg2PcY41TYptT6s=,iv:J2isIwnf4wkObZSSIBWyjiFNHDwOw+jT0/kGOtAbV9M=,tag:HiK1ZA3pv4uohTKWvVrmHg==,type:str]
|
||||||
|
#ENC[AES256_GCM,data:QXY/wGzJDrdgfEwE/Zq98dQ=,iv:3ZC3JGlZeBslZN5a5ndYoNA4BwdZ8Kb49tNrJXh3c74=,tag:i8dp8nj7ZUO4H25mCJFJZg==,type:comment]
|
||||||
|
EMAIL_NOREPLY: ENC[AES256_GCM,data:1lBgr0jlpfqapy/Be5y8y/9iSQ==,iv:duh4+wgwMgprUPr5jNtLvm1RG4gLB8zRUW4KH+aQIGo=,tag:b0D3PGDsEvjj6modicar6g==,type:str]
|
||||||
|
EMAIL_SMTP_PASSWORD: ENC[AES256_GCM,data:ldpok+OwavUpP487Gh52I858MRuTITiVdQ==,iv:RBcKpTo/F6Wqc715U89VCdojEemwHEjETTPZP6z3lj8=,tag:3eye+x5YqS0Y6oP75lE2BQ==,type:str]
|
||||||
|
EMAIL_SMTP_USERNAME: ENC[AES256_GCM,data:+ft+YqLBBgqo0AGl5c1dQyl4Uw==,iv:t8pt2lj2sht3nMyfzCQoRe1hYapydvQt0ylDUxBLieo=,tag:lxMQ8bIjNZz6y+jgBedMyQ==,type:str]
|
||||||
|
#ENC[AES256_GCM,data:tKFIJYaKj470Wukj+0kh,iv:iVl3U363ioCdvOGBxAq+on9PLHqPeZO9Zs26kP9z1RQ=,tag:4KDR6lCtgwZVuJ3Uc+LuIw==,type:comment]
|
||||||
|
JWT_SECRET: ENC[AES256_GCM,data:8xfY6sn3yVVd6UwqmDj5VR9kjf91GJKkAxxNwVPI7mfeoPkH+xdCVon88SHQ1Lh7XRDeWK/Fjt6LCpWqlntwBA==,iv:p2pL9B3QdKPb9Ifup9zMZlKYGJM0s+L7+P0buI6855g=,tag:gQWBoV77HsH9TAk6CUxKJQ==,type:str]
|
||||||
|
#ENC[AES256_GCM,data:tRPJxSMKKV36Tm28Om1xg6RFvKckNLFClw==,iv:qhAuF4zUrwgPyIG/2U28fz3FWbiOCDBtzhO7jux47Bg=,tag:BfOepgY9Z6/BfOwfNar5YA==,type:comment]
|
||||||
|
OAUTH_GITHUB_CLIENTID: ENC[AES256_GCM,data:EGvHYukKGoeqJtFkTDnJoXGGzvg=,iv:CrPC/TUd+A9jYt17R2MLe4h+OArcZPXMbUbn/e+1S4o=,tag:ptEDPa2FmFfHaf0IV+hIIQ==,type:str]
|
||||||
|
OAUTH_GITHUB_SECRET: ENC[AES256_GCM,data:EX4MeNyiJfOOM5tpIiVsWzN4PwxGKaiuEp/x2yLB6DKERUqnXBjPHQ==,iv:zIzv5x43gurxC0OPZAJ15kMuK/0YA8UWULns49W8tWE=,tag:yq/IT69Dk7BtJ5k+8HNu6A==,type:str]
|
||||||
|
#ENC[AES256_GCM,data:yepnpyfmV9t5CRucNg==,iv:186ZrE/ynkFhDjcmbdY+0eM//BWDMkQKQkUUj2OX0gw=,tag:3zjeG1sveTCCARG30vrtQQ==,type:comment]
|
||||||
|
BLOB_STORAGE_S3_ACCESS_KEY_ID: ENC[AES256_GCM,data:h6C2TxHcBJH5a2+OGckctvKUnXLbe8gbH3OpQ1s8znw=,iv:VtB1MAb4lqUcPbSQzf/o1bPFEqtd9FYhdrItLIv9GQk=,tag:MbuJfTZPJSSzT/89IDXCig==,type:str]
|
||||||
|
BLOB_STORAGE_S3_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:nFbcxS5IJz2YOJZx15hRYGrfGdcN7FI7Z2k1C5uLRHXllqvbRw09ZFn0ed2ORH8mDSl/0NHzjtD4cTdZ8L/fOg==,iv:4Vgb9qBQD8kgr4iBVEsaQTY+i58MUu+Bu80XjZAY78Q=,tag:VSp88f5T+WV2ngvW6mHbYA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1MHkwN1AyY0twMzlYT29D
|
||||||
|
bXBPTE4vV3lCZFROTG5FS2ZteHVWbjE3clVBCmFWV3FVYTMvejBINzZ1Sk5lcEFF
|
||||||
|
NTMvSWJlQ2Nad1oxNkVJdFlHbkdja2MKLS0tIDFicWs5QUlPeVpieitqRVNhSXEy
|
||||||
|
L3JKV0YzOUcvLys3TWd0Q3pOcFBsczQKxyY1BbhiAcFnEwMO3uEEssGX4vM9pjwo
|
||||||
|
0hvqWULdsl6NpVd91lOpKgp9XwROSKwdYp5U0XX4oRF1mAI137a8WA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0SHY0STF0TGJia2dqRk5k
|
||||||
|
QVpUeEsvUUpaUjBzOGtNV2dlQzBSNzVZNkRJCkxNc3RBUmgwVDBId3pqY2R6eWNa
|
||||||
|
WjZ6ZXV6RjFaWnp4ZXUveHBsMG1DR28KLS0tIEVOeGFPTUszbmYxU1hYZENZUWdl
|
||||||
|
bTk2dytOMmE0UkZYNUdOWHZuelJBK2sKCT4UeF/m0mMqs6jbT1KMLfx6YTQTwkbK
|
||||||
|
7WcJKPlg2Jqmqi2G1tqKcjMui0g19vKPRDWGdtIOyYB83ThAVG0znA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-02-21T20:00:49Z"
|
||||||
|
mac: ENC[AES256_GCM,data:wDVyJOyMbbcQf/LIypuKIXYskE1+xlg43UY2NV3xIRZfVxN4uAJBtEEas+T6Y3jJoLJOkwjzkvncCv0cxzlJSQYmfoidaBIpNPKi6fSR1LjxELG0ErblVY/usgJ/ACvIfN+6SUC1sK/wxIbpLT+8TeUCvHEj/iuq0hslgdsomks=,iv:MdET9ouW4AVsbpLDtLpHzGQ6RTAHx3GvJg5TVaMzNug=,tag:UUDSIeK0cfd7Otn2XlsxlA==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
||||||
|
version: 3.8.1
|
24
fider/kustomization.yaml
Normal file
24
fider/kustomization.yaml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: fider
|
||||||
|
|
||||||
|
labels:
|
||||||
|
- includeSelectors: true
|
||||||
|
pairs:
|
||||||
|
app.kubernetes.io/instance: icb4dc0de-feedback
|
||||||
|
app.kubernetes.io/managed-by: kustomize
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- "resources/namespace.yaml"
|
||||||
|
- "resources/deployment.yaml"
|
||||||
|
- "resources/service.yaml"
|
||||||
|
- "resources/http_routes.yaml"
|
||||||
|
|
||||||
|
secretGenerator:
|
||||||
|
- name: fider-base-config
|
||||||
|
envs:
|
||||||
|
- "config/base.env"
|
||||||
|
|
||||||
|
generators:
|
||||||
|
- ./secret-generator.yaml
|
46
fider/resources/deployment.yaml
Normal file
46
fider/resources/deployment.yaml
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: fider
|
||||||
|
spec:
|
||||||
|
replicas: 2
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: fider
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: fider
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: fider
|
||||||
|
image: docker.io/getfider/fider:stable
|
||||||
|
ports:
|
||||||
|
- containerPort: 3000
|
||||||
|
protocol: TCP
|
||||||
|
name: web
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: fider-base-config
|
||||||
|
- secretRef:
|
||||||
|
name: fider-secret-config
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 200m
|
||||||
|
memory: 200Mi
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 50Mi
|
||||||
|
affinity:
|
||||||
|
podAntiAffinity:
|
||||||
|
preferredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
- weight: 100
|
||||||
|
podAffinityTerm:
|
||||||
|
labelSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: app.kubernetes.io/name
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- fider
|
||||||
|
topologyKey: topology.kubernetes.io/zone
|
39
fider/resources/http_routes.yaml
Normal file
39
fider/resources/http_routes.yaml
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: fider-http
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: http
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- fider.icb4dc0.de
|
||||||
|
- login.fider.icb4dc0.de
|
||||||
|
- community.buildr.icb4dc0.de
|
||||||
|
- community.inetmock.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- filters:
|
||||||
|
- type: RequestRedirect
|
||||||
|
requestRedirect:
|
||||||
|
scheme: https
|
||||||
|
statusCode: 301
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: fider-https
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- fider.icb4dc0.de
|
||||||
|
- login.fider.icb4dc0.de
|
||||||
|
- community.buildr.icb4dc0.de
|
||||||
|
- community.inetmock.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- backendRefs:
|
||||||
|
- name: fider
|
||||||
|
port: 3000
|
7
fider/resources/namespace.yaml
Normal file
7
fider/resources/namespace.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: fider
|
||||||
|
labels:
|
||||||
|
prometheus: default
|
12
fider/resources/service.yaml
Normal file
12
fider/resources/service.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: fider
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app.kubernetes.io/name: fider
|
||||||
|
ports:
|
||||||
|
- protocol: TCP
|
||||||
|
port: 3000
|
||||||
|
targetPort: 3000
|
11
fider/secret-generator.yaml
Normal file
11
fider/secret-generator.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: viaduct.ai/v1
|
||||||
|
kind: ksops
|
||||||
|
metadata:
|
||||||
|
# Specify a name
|
||||||
|
name: fider-secret-generator
|
||||||
|
annotations:
|
||||||
|
config.kubernetes.io/function: |
|
||||||
|
exec:
|
||||||
|
path: ksops
|
||||||
|
files:
|
||||||
|
- config/fider-secrets.enc.yaml
|
Loading…
Reference in a new issue