refactor: move to new repo

2023-11-14 22:12:33 +01:00 · 2023-11-14 22:12:33 +01:00 · 62501c93a0
commit 62501c93a0
103 changed files with 19334 additions and 0 deletions
--- a/nocodb/.gitignore
+++ b/nocodb/.gitignore
@ -0,0 +1 @@
+charts/
--- a/nocodb/config/base.env
+++ b/nocodb/config/base.env
@ -0,0 +1,9 @@
+NC_PUBLIC_URL=https://noco.icb4dc0.de
+NC_TOOL_DIR=/usr/app/data/
+DB_QUERY_LIMIT_DEFAULT=25
+DB_QUERY_LIMIT_MAX=1000
+DB_QUERY_LIMIT_MIN=1
+NC_JWT_EXPIRES_IN=1h
+NC_DISABLE_TELE=true
+NC_ADMIN_EMAIL=peter.kurfer@gmail.com
+NC_REDIS_URL=redis://nocodb-keydb:6379/0
--- a/nocodb/config/values.keydb.yaml
+++ b/nocodb/config/values.keydb.yaml
@ -0,0 +1,33 @@
+imageRepository: code.icb4dc0.de/prskr/infrastructure/keydb
+imageTag: v6.3.3
+
+nodes: 3
+podDisruptionBudget:
+  enabled: true
+
+persistentVolume:
+  enabled: false
+
+resources:
+  requests:
+    cpu: 50m
+    memory: 100Mi
+  limits:
+    cpu: 250m
+    memory: 256Mi
+
+exporter:
+  enabled: true
+  imageTag: v1.51.0
+  resources:
+    requests:
+      cpu: 50m
+      memory: 50Mi
+    limits:
+      cpu: 150m
+      memory: 100Mi
+
+serviceMonitor:
+  enabled: true
+  labels:
+    prometheus: default
--- a/nocodb/kustomization.yaml
+++ b/nocodb/kustomization.yaml
@ -0,0 +1,36 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: nocodb
+
+images:
+- name: nocodb
+  newName: docker.io/nocodb/nocodb
+  newTag: "0.202.5"
+
+commonLabels:
+  app.kubernetes.io/instance: icb4dc0de
+  app.kubernetes.io/managed-by: kustomize
+
+resources:
+  - "resources/namespace.yaml"
+  - "resources/pvc.yaml"
+  - "resources/deployment.yaml"
+  - "resources/service.yaml"
+  - "resources/ingress.yaml"
+
+generators:
+  - ./secret-generator.yaml
+
+secretGenerator:
+  - name: nocodb-base-config
+    envs:
+      - "config/base.env"
+
+helmCharts:
+  - name: keydb
+    repo: https://enapter.github.io/charts/
+    releaseName: nocodb-keydb
+    namespace: nocodb
+    version: "0.48.0"
+    valuesFile: config/values.keydb.yaml
--- a/nocodb/resources/config.enc.yaml
+++ b/nocodb/resources/config.enc.yaml
@ -0,0 +1,40 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: nocodb-secret-config
+type: Opaque
+stringData:
+    #ENC[AES256_GCM,data:Hs6V,iv:5x3mHRFQ64to+CJGDDx+JNW1IEnHJ/ybe6JeecPJNeE=,tag:PBkuJceINQDF0YdjqmtcjA==,type:comment]
+    NC_DB_JSON: ENC[AES256_GCM,data:z2Ersb4CH2aQKdO8f4lxWfxUnNvYA5ese5hMsAnDT5uuaSGCUIIOEYhbREbbu/3rZhIrOMm10S3DZAlDDmc+Z1a4UeRHTsO5WEA9eyMG4mq5+6FV2FELORn+23jhpLgn9rP17IP5fSPlmWp6RdGsdsvXCFbHrz5YEofIlxJYQDL8ix/toTkVjKynNheqzU2bSyTQTfC7ZzDmGaCw43OtB4lo4S1flrNDyZubsqIAM3E8igOCTLbXf7ak9AMwTIs2jo/HAj5ErWXcdgBUZkNOPOYGbdKAIBdMS49EUsX4k5CAKZEmU14VGdWYwwpthAQ2osOELuZleXdlAdkhqFGgBG5zwKpDqV5EZ9HkbQtgL81gDnVR+nVXgU/Lnor2qS32szWl3xNskk0wyB/9OdbvJwV4L9yuLW0rwWI07aBWRACfXAvtDL/kUi7YPzC2ZueFw6628Bfjif3gUbm++plNpkDPKJw+MJRXvDqjCnB+ewaZ7O1nqQh7BjO0ZjkrOsJqm1HaCr8FpXVc5i8PrkYCIPrVA8zcdbu7AO/ngLpmN7AfcXOwjXKdFKdtwVgkK3mJBh976vGFRPTc0+4ENt3OnDVRIb+A0AdGuqWWNp9ctkjDGv4Ne2sH7dwCnnK0r0yORyfkr5ZQRUT8YCd42hUnEUlP54TDBMH9ZOpZX/nYKbv9BfFPRPP44hbYElkLtwAM02DkJX9EEW2yILGVE/roMrDlham+VNNSB7/Hrm7aUEWYwOBk9XghxOC1vhrxaG9LPZHhsKBakX/Jz1I3lWpcDf4ILa4clfej4M5gYwzMYY9P38G+MAzjnmyrjrgSvPVw8dZw9d6X4X+CRNKPXWm2UYLQHFHODkx1F4yH3aXQUy7nkCosX9SK03/kuBFo5FcARSudsYDJ9Y8SSTVtn3rTJeZF2hFww5tstZ3Ca0jTz75kaWYwvj4DpCd3AKw7/b9pw6DNCpPg07ipFI+fPjLVY+wXy1S+e8HmB6041BiMmc3dDyd4r0vuCH8a8b3Gna6/E4SyQWEv2dhEBAcKb5Eekdf8u9aSMjT7z9fVfrG7V5FQXZ+U46OgbNIUYKzQkJzO5WfRwVhbtUWlqV+YGIaBdq4V6lt0eNq5gdWSgY4pXLBOFtELbJN4wkwqeNh30vJAqmyT+SzfZxxEhire/kRAUFArql2m1aaWUEUw1rwMED8NIRryrQsBSirUFtHPSJM8NtU5/9bvZmS73prn3PTYJfKSVxD8b4c9/5O8WMWL9DxcLNRt863DT1p/RzA=,iv:dLiu9WddIz9iO3cOT7jny4PpdxiN7R/YccF/aaEy6Rc=,tag:w71GGULEaSzy0vrh4gOLvQ==,type:str]
+    #ENC[AES256_GCM,data:MQnRuJg=,iv:E82k3W8MaSx0BM7hXCkY1tN+H7D5S1kDPKmvP3Gi4/4=,tag:H4502GVmN8WvwPsiek5VpA==,type:comment]
+    NC_AUTH_JWT_SECRET: ENC[AES256_GCM,data:Js/NIpruZBw9hqvEP8cC0poEh5jf99mPd7fpDEJYsfNf5bGNN1hdXgypl8Y=,iv:aYw84L2YA4NBkICn/kP8eo345O4hEE87MwodzmlAGZk=,tag:5wyFoE9zpV9bp1ltheVHIQ==,type:str]
+    NC_ADMIN_PASSWORD: ENC[AES256_GCM,data:sKchDix8Q5VtC56G6cjT1rbO4h0/wzy+bFm9TUbhtvA=,iv:eR7nEDGn18t8hPMZK2xV26EvmrGmiWGuGFF1vgR0giA=,tag:KHLXghuZ8FE2oQ5HOkQbiQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUkJmeVlidTVPTXhJanJT
+            WmFwMXB5d0hRVFFkTnJmK2JGbmVYNWYza1JjCjNCK0xnTFViN0o3Y1FKellnelR4
+            dk9qM1A4NHgvYWZpNW1wRVFHZnVrbk0KLS0tICttWE13RVF6Y3N5RFpMenpsQmp0
+            aElkeEVMN0hnS25QamEyZGNHRkY1Q2cKxi/tu37yGgnUh5pbO3gb+aWp0P4SJZQj
+            8uW0zavu2ppT4gk/3v3u8ty8sD5rCSaBih0XM2f8+i6LdFHIzcQE6Q==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCb2pGSHlvKzFQdFNoQ2V6
+            ditvYXFNVllETXJIbk9ETHEraWN4Mjk5bkJRCnVyT0YySU5CTk1DUUlCazhOeWYz
+            WVpMVVIrc3BqTU41d0tkaHNTa2NoQ1EKLS0tIGRwVEJQejBDL0kwYnIyaVJVOEla
+            UmFSZEd1ekI1alFVOG1qUVNBcHFUQlUKW7idC59jIRv2NgxxwDIMAYRe9tvBI6or
+            rjkpmb3b1ONLX470pY4FtmejOw02rm7YoeFTLPSePQgeK/+7tE3P+Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-11-08T20:15:51Z"
+    mac: ENC[AES256_GCM,data:Hvm/nLFI9TV9r8QxLzGM/dWRTX96TFcSUlEo1Q5nWfXym3pAI8LXqtxOri8IF9aZYdo87G9u3K+IPoGHL+1rYchYRF5O9T/Dez5lm9rMBc0z3dvq3gU0HKVjNaK9bso0b7Z90VSilbb7S0ZgI8gd2Xc//jgKnRrlMTeNVVgICQ0=,iv:icFu9+L4zlFLY62J7z+/1xwkTilUh2a1ZhrkCkbWyPI=,tag:L5QgfT9w2S2N+EIugXABuQ==,type:str]
+    pgp: []
+    unencrypted_regex: ^(apiVersion|metadata|kind|type)$
+    version: 3.8.1
--- a/nocodb/resources/deployment.yaml
+++ b/nocodb/resources/deployment.yaml
@ -0,0 +1,83 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nocodb
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: nocodb
+  replicas: 1
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: nocodb
+    spec:
+      containers:
+      - name: nocodb
+        image: nocodb
+        envFrom:
+          - secretRef:
+              name: nocodb-base-config
+          - secretRef:
+              name: nocodb-secret-config
+        ports:
+        - containerPort: 8080
+          protocol: TCP
+          name: web
+        volumeMounts:
+          - mountPath: /usr/app/data
+            name: nocodb-metadata
+          - mountPath: /usr/src/app/
+            name: app-volume
+          - mountPath: /tmp
+            name: app-tmp
+        livenessProbe:
+          httpGet:
+            path: /api/v1/health
+            port: web
+            scheme: HTTP
+          initialDelaySeconds: 10
+          timeoutSeconds: 3
+          periodSeconds: 5
+          successThreshold: 1
+          failureThreshold: 3
+        readinessProbe:
+          httpGet:
+            path: /api/v1/health
+            port: web
+            scheme: HTTP
+          initialDelaySeconds: 5
+          timeoutSeconds: 3
+          periodSeconds: 5
+          successThreshold: 1
+          failureThreshold: 3
+        resources:
+          requests:
+            memory: "168Mi"
+            cpu: "50m"
+          limits:
+            memory: "256Mi"
+            cpu: "500m"
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - ALL
+          readOnlyRootFilesystem: true
+      volumes:
+        - name: nocodb-metadata
+          persistentVolumeClaim:
+            claimName: nocodb-metadata
+        - name: app-volume
+          emptyDir:
+            sizeLimit: 1500Mi
+        - name: app-tmp
+          emptyDir:
+            sizeLimit: 500Mi
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        runAsNonRoot: true
--- a/nocodb/resources/ingress.yaml
+++ b/nocodb/resources/ingress.yaml
@ -0,0 +1,23 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nocodb
+  annotations:
+    gethomepage.dev/description: Data workspace
+    gethomepage.dev/enabled: "true"
+    gethomepage.dev/group: Apps
+    gethomepage.dev/icon: nocodb.png
+    gethomepage.dev/name: NocoDB
+spec:
+  rules:
+    - host: noco.icb4dc0.de
+      http:
+        paths:
+          - pathType: Prefix
+            path: /
+            backend:
+              service:
+                name: nocodb
+                port:
+                  number: 8080
--- a/nocodb/resources/namespace.yaml
+++ b/nocodb/resources/namespace.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: nocodb
+  labels:
+    prometheus: default
--- a/nocodb/resources/pvc.yaml
+++ b/nocodb/resources/pvc.yaml
@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nocodb-metadata
+  labels:
+    app.kubernetes.io/name: nocodb
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: hcloud-volumes
--- a/nocodb/resources/service.yaml
+++ b/nocodb/resources/service.yaml
@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nocodb
+spec:
+  selector:
+    app.kubernetes.io/name: nocodb
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080
--- a/nocodb/secret-generator.yaml
+++ b/nocodb/secret-generator.yaml
@ -0,0 +1,11 @@
+apiVersion: viaduct.ai/v1
+kind: ksops
+metadata:
+  # Specify a name
+  name: nocodb-config-secret-generator
+  annotations:
+    config.kubernetes.io/function: |
+        exec:
+          path: ksops
+files:
+  - ./resources/config.enc.yaml