diff --git a/ente/.gitattributes b/ente/.gitattributes new file mode 100644 index 0000000..677a2c6 --- /dev/null +++ b/ente/.gitattributes @@ -0,0 +1 @@ +credentials.yaml filter=age diff=age merge=age -text diff --git a/ente/config/credentials.yaml b/ente/config/credentials.yaml new file mode 100644 index 0000000..85c21c8 Binary files /dev/null and b/ente/config/credentials.yaml differ diff --git a/ente/config/museum.yaml b/ente/config/museum.yaml new file mode 100644 index 0000000..ea223b2 --- /dev/null +++ b/ente/config/museum.yaml @@ -0,0 +1,77 @@ +log-file: "/var/log/ente/museum.log" + +# HTTP connection parameters +http: + # If true, bind to 443 and use TLS. + # By default, this is false, and museum will bind to 8080 without TLS. + # use-tls: true + +# Specify the base endpoints for various apps +apps: + # Default is https://albums.ente.io + # + # If you're running a self hosted instance and wish to serve public links, + # set this to the URL where your albums web app is running. + public-albums: https://albums.ente.icb4dc0.de + + +# Various low-level configuration options +internal: + # If false (the default), then museum will notify the external world of + # various events. E.g, email users about their storage being full, send + # alerts to Discord, etc. + # + # It can be set to true when running a "read only" instance like a backup + # restoration test, where we want to be able to access data but otherwise + # minimize external side effects. + silent: false + # If provided, this external healthcheck url is periodically pinged. + health-check-url: + # Hardcoded verification codes, useful for logging in when developing. + # + # Uncomment this and set these to your email ID or domain so that you don't + # need to peek into the server logs for obtaining the OTP when trying to log + # into an instance you're developing on. + # hardcoded-ott: + # emails: + # - "example@example.org,123456" + # # When running in a local environment, hardcode the verification code to + # # 123456 for email addresses ending with @example.org + # local-domain-suffix: "@example.org" + # local-domain-value: 123456 + # List of user IDs that can use the admin API endpoints. + admins: + - 1580559962386438 + +# Replication config +# +# If enabled, replicate each file to 2 other data centers after it gets +# successfully uploaded to the primary hot storage. +replication: + enabled: false + # The Cloudflare worker to use to download files from the primary hot + # bucket. Must be specified if replication is enabled. + worker-url: + # Number of go routines to spawn for replication + # This is not related to the worker-url above. + # Optional, default value is indicated here. + worker-count: 6 + # Where to store temporary objects during replication v3 + # Optional, default value is indicated here. + tmp-storage: tmp/replication + +# Configuration for various background / cron jobs. +jobs: + cron: + # Instances run various cleanup, sending emails and other cron jobs. Use + # this flag to disable all these cron jobs. + skip: false + remove-unreported-objects: + # Number of go routines to spawn for object cleanup + # Optional, default value is indicated here. + worker-count: 1 + clear-orphan-objects: + # By default, this job is disabled. + enabled: false + # If provided, only objects that begin with this prefix are pruned. + prefix: "" \ No newline at end of file diff --git a/ente/kustomization.yaml b/ente/kustomization.yaml new file mode 100644 index 0000000..0f42268 --- /dev/null +++ b/ente/kustomization.yaml @@ -0,0 +1,37 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: ente +namePrefix: ente- + +images: + - name: museum + newName: ghcr.io/ente-io/server + newTag: 26e17d8464736acc747c1b35c65af194172a245c + - name: web + newName: code.icb4dc0.de/infrastructure/images/ente/web + newTag: latest + +labels: +- includeSelectors: true + pairs: + app.kubernetes.io/instance: ente + app.kubernetes.io/managed-by: kustomize + +resources: +- resources/namespace.yaml +- resources/museum/deployment.yaml +- resources/museum/service.yaml +- resources/web/deployment.yaml +- resources/web/service.yaml +- resources/http_routes.yaml + +configMapGenerator: + - name: museum-config + files: + - config/museum.yaml + +secretGenerator: + - name: museum-credentials + files: + - config/credentials.yaml \ No newline at end of file diff --git a/ente/resources/http_routes.yaml b/ente/resources/http_routes.yaml new file mode 100644 index 0000000..d37de2d --- /dev/null +++ b/ente/resources/http_routes.yaml @@ -0,0 +1,68 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: http +spec: + parentRefs: + - name: contour + sectionName: http + namespace: projectcontour + hostnames: + - ente.icb4dc0.de + - api.ente.icb4dc0.de + - albums.ente.icb4dc0.de + rules: + - filters: + - type: RequestRedirect + requestRedirect: + scheme: https + statusCode: 301 +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: https-web +spec: + parentRefs: + - name: contour + sectionName: https + namespace: projectcontour + hostnames: + - ente.icb4dc0.de + rules: + - backendRefs: + - name: ente-web + port: 3000 +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: https-api +spec: + parentRefs: + - name: contour + sectionName: ente-endpoints + namespace: projectcontour + hostnames: + - api.ente.icb4dc0.de + rules: + - backendRefs: + - name: ente-museum + port: 8080 +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: https-albums +spec: + parentRefs: + - name: contour + sectionName: ente-endpoints + namespace: projectcontour + hostnames: + - albums.ente.icb4dc0.de + rules: + - backendRefs: + - name: ente-web + port: 3000 \ No newline at end of file diff --git a/ente/resources/museum/deployment.yaml b/ente/resources/museum/deployment.yaml new file mode 100644 index 0000000..1b4e9a6 --- /dev/null +++ b/ente/resources/museum/deployment.yaml @@ -0,0 +1,90 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: museum +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: museum + app.kubernetes.io/part-of: ente + template: + metadata: + labels: + app.kubernetes.io/name: museum + app.kubernetes.io/part-of: ente + spec: + containers: + - name: museum + image: museum + env: + - name: ENTE_CREDENTIALS_FILE + value: /credentials.yaml + - name: ENTE_DB_HOST + valueFrom: + secretKeyRef: + name: default-cluster-pguser-ente + key: host + - name: ENTE_DB_NAME + valueFrom: + secretKeyRef: + name: default-cluster-pguser-ente + key: dbname + - name: ENTE_DB_USER + valueFrom: + secretKeyRef: + name: default-cluster-pguser-ente + key: user + - name: ENTE_DB_PASSWORD + valueFrom: + secretKeyRef: + name: default-cluster-pguser-ente + key: password + - name: ENTE_DB_SSLMODE + value: require + resources: + requests: + memory: "64Mi" + cpu: "50m" + limits: + memory: "128Mi" + cpu: "250m" + ports: + - name: api + containerPort: 8080 + - name: metrics + containerPort: 2112 + readinessProbe: + httpGet: + path: /ping + port: 8080 + livenessProbe: + httpGet: + path: /ping + port: 8080 + volumeMounts: + - name: logs + mountPath: /var/log/ente + - name: config + mountPath: /museum.yaml + subPath: museum.yaml + - name: credentials + mountPath: /credentials.yaml + subPath: credentials.yaml + volumes: + - name: logs + emptyDir: {} + - name: config + configMap: + name: museum-config + items: + - key: museum.yaml + path: museum.yaml + - name: credentials + secret: + secretName: museum-credentials + items: + - key: credentials.yaml + path: credentials.yaml + nodeSelector: + kubernetes.io/arch: arm64 \ No newline at end of file diff --git a/ente/resources/museum/service.yaml b/ente/resources/museum/service.yaml new file mode 100644 index 0000000..c523c68 --- /dev/null +++ b/ente/resources/museum/service.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: museum +spec: + selector: + app.kubernetes.io/name: museum + ports: + - protocol: TCP + port: 8080 + targetPort: 8080 \ No newline at end of file diff --git a/ente/resources/namespace.yaml b/ente/resources/namespace.yaml new file mode 100644 index 0000000..86fbbb6 --- /dev/null +++ b/ente/resources/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: ente + labels: + prometheus: default \ No newline at end of file diff --git a/ente/resources/web/deployment.yaml b/ente/resources/web/deployment.yaml new file mode 100644 index 0000000..b6075c9 --- /dev/null +++ b/ente/resources/web/deployment.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: web +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: web + app.kubernetes.io/part-of: ente + template: + metadata: + labels: + app.kubernetes.io/name: web + app.kubernetes.io/part-of: ente + spec: + containers: + - name: web + image: web + imagePullPolicy: Always + env: + - name: ENDPOINT + value: https://api.ente.icb4dc0.de + - name: ALBUMS_ENDPOINT + value: https://albums.ente.icb4dc0.de + resources: + requests: + memory: "64Mi" + cpu: "25m" + limits: + memory: "128Mi" + cpu: "50m" + ports: + - name: web + containerPort: 80 + nodeSelector: + kubernetes.io/arch: arm64 \ No newline at end of file diff --git a/ente/resources/web/service.yaml b/ente/resources/web/service.yaml new file mode 100644 index 0000000..618874b --- /dev/null +++ b/ente/resources/web/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: web +spec: + selector: + app.kubernetes.io/name: web + app.kubernetes.io/part-of: ente + ports: + - port: 3000 + targetPort: 80