feat(ente): initial deployment
All checks were successful
Renovate / renovate (push) Successful in 1m0s
All checks were successful
Renovate / renovate (push) Successful in 1m0s
This commit is contained in:
parent
7f1008bf0d
commit
8f6749b3af
10 changed files with 340 additions and 0 deletions
1
ente/.gitattributes
vendored
Normal file
1
ente/.gitattributes
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
credentials.yaml filter=age diff=age merge=age -text
|
BIN
ente/config/credentials.yaml
Normal file
BIN
ente/config/credentials.yaml
Normal file
Binary file not shown.
77
ente/config/museum.yaml
Normal file
77
ente/config/museum.yaml
Normal file
|
@ -0,0 +1,77 @@
|
||||||
|
log-file: "/var/log/ente/museum.log"
|
||||||
|
|
||||||
|
# HTTP connection parameters
|
||||||
|
http:
|
||||||
|
# If true, bind to 443 and use TLS.
|
||||||
|
# By default, this is false, and museum will bind to 8080 without TLS.
|
||||||
|
# use-tls: true
|
||||||
|
|
||||||
|
# Specify the base endpoints for various apps
|
||||||
|
apps:
|
||||||
|
# Default is https://albums.ente.io
|
||||||
|
#
|
||||||
|
# If you're running a self hosted instance and wish to serve public links,
|
||||||
|
# set this to the URL where your albums web app is running.
|
||||||
|
public-albums: https://albums.ente.icb4dc0.de
|
||||||
|
|
||||||
|
|
||||||
|
# Various low-level configuration options
|
||||||
|
internal:
|
||||||
|
# If false (the default), then museum will notify the external world of
|
||||||
|
# various events. E.g, email users about their storage being full, send
|
||||||
|
# alerts to Discord, etc.
|
||||||
|
#
|
||||||
|
# It can be set to true when running a "read only" instance like a backup
|
||||||
|
# restoration test, where we want to be able to access data but otherwise
|
||||||
|
# minimize external side effects.
|
||||||
|
silent: false
|
||||||
|
# If provided, this external healthcheck url is periodically pinged.
|
||||||
|
health-check-url:
|
||||||
|
# Hardcoded verification codes, useful for logging in when developing.
|
||||||
|
#
|
||||||
|
# Uncomment this and set these to your email ID or domain so that you don't
|
||||||
|
# need to peek into the server logs for obtaining the OTP when trying to log
|
||||||
|
# into an instance you're developing on.
|
||||||
|
# hardcoded-ott:
|
||||||
|
# emails:
|
||||||
|
# - "example@example.org,123456"
|
||||||
|
# # When running in a local environment, hardcode the verification code to
|
||||||
|
# # 123456 for email addresses ending with @example.org
|
||||||
|
# local-domain-suffix: "@example.org"
|
||||||
|
# local-domain-value: 123456
|
||||||
|
# List of user IDs that can use the admin API endpoints.
|
||||||
|
admins:
|
||||||
|
- 1580559962386438
|
||||||
|
|
||||||
|
# Replication config
|
||||||
|
#
|
||||||
|
# If enabled, replicate each file to 2 other data centers after it gets
|
||||||
|
# successfully uploaded to the primary hot storage.
|
||||||
|
replication:
|
||||||
|
enabled: false
|
||||||
|
# The Cloudflare worker to use to download files from the primary hot
|
||||||
|
# bucket. Must be specified if replication is enabled.
|
||||||
|
worker-url:
|
||||||
|
# Number of go routines to spawn for replication
|
||||||
|
# This is not related to the worker-url above.
|
||||||
|
# Optional, default value is indicated here.
|
||||||
|
worker-count: 6
|
||||||
|
# Where to store temporary objects during replication v3
|
||||||
|
# Optional, default value is indicated here.
|
||||||
|
tmp-storage: tmp/replication
|
||||||
|
|
||||||
|
# Configuration for various background / cron jobs.
|
||||||
|
jobs:
|
||||||
|
cron:
|
||||||
|
# Instances run various cleanup, sending emails and other cron jobs. Use
|
||||||
|
# this flag to disable all these cron jobs.
|
||||||
|
skip: false
|
||||||
|
remove-unreported-objects:
|
||||||
|
# Number of go routines to spawn for object cleanup
|
||||||
|
# Optional, default value is indicated here.
|
||||||
|
worker-count: 1
|
||||||
|
clear-orphan-objects:
|
||||||
|
# By default, this job is disabled.
|
||||||
|
enabled: false
|
||||||
|
# If provided, only objects that begin with this prefix are pruned.
|
||||||
|
prefix: ""
|
37
ente/kustomization.yaml
Normal file
37
ente/kustomization.yaml
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: ente
|
||||||
|
namePrefix: ente-
|
||||||
|
|
||||||
|
images:
|
||||||
|
- name: museum
|
||||||
|
newName: ghcr.io/ente-io/server
|
||||||
|
newTag: 26e17d8464736acc747c1b35c65af194172a245c
|
||||||
|
- name: web
|
||||||
|
newName: code.icb4dc0.de/infrastructure/images/ente/web
|
||||||
|
newTag: latest
|
||||||
|
|
||||||
|
labels:
|
||||||
|
- includeSelectors: true
|
||||||
|
pairs:
|
||||||
|
app.kubernetes.io/instance: ente
|
||||||
|
app.kubernetes.io/managed-by: kustomize
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- resources/namespace.yaml
|
||||||
|
- resources/museum/deployment.yaml
|
||||||
|
- resources/museum/service.yaml
|
||||||
|
- resources/web/deployment.yaml
|
||||||
|
- resources/web/service.yaml
|
||||||
|
- resources/http_routes.yaml
|
||||||
|
|
||||||
|
configMapGenerator:
|
||||||
|
- name: museum-config
|
||||||
|
files:
|
||||||
|
- config/museum.yaml
|
||||||
|
|
||||||
|
secretGenerator:
|
||||||
|
- name: museum-credentials
|
||||||
|
files:
|
||||||
|
- config/credentials.yaml
|
68
ente/resources/http_routes.yaml
Normal file
68
ente/resources/http_routes.yaml
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: http
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: http
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- ente.icb4dc0.de
|
||||||
|
- api.ente.icb4dc0.de
|
||||||
|
- albums.ente.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- filters:
|
||||||
|
- type: RequestRedirect
|
||||||
|
requestRedirect:
|
||||||
|
scheme: https
|
||||||
|
statusCode: 301
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: https-web
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: https
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- ente.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- backendRefs:
|
||||||
|
- name: ente-web
|
||||||
|
port: 3000
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: https-api
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: ente-endpoints
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- api.ente.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- backendRefs:
|
||||||
|
- name: ente-museum
|
||||||
|
port: 8080
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: https-albums
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: ente-endpoints
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- albums.ente.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- backendRefs:
|
||||||
|
- name: ente-web
|
||||||
|
port: 3000
|
90
ente/resources/museum/deployment.yaml
Normal file
90
ente/resources/museum/deployment.yaml
Normal file
|
@ -0,0 +1,90 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: museum
|
||||||
|
spec:
|
||||||
|
replicas: 2
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: museum
|
||||||
|
app.kubernetes.io/part-of: ente
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: museum
|
||||||
|
app.kubernetes.io/part-of: ente
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: museum
|
||||||
|
image: museum
|
||||||
|
env:
|
||||||
|
- name: ENTE_CREDENTIALS_FILE
|
||||||
|
value: /credentials.yaml
|
||||||
|
- name: ENTE_DB_HOST
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: default-cluster-pguser-ente
|
||||||
|
key: host
|
||||||
|
- name: ENTE_DB_NAME
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: default-cluster-pguser-ente
|
||||||
|
key: dbname
|
||||||
|
- name: ENTE_DB_USER
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: default-cluster-pguser-ente
|
||||||
|
key: user
|
||||||
|
- name: ENTE_DB_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: default-cluster-pguser-ente
|
||||||
|
key: password
|
||||||
|
- name: ENTE_DB_SSLMODE
|
||||||
|
value: require
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
memory: "64Mi"
|
||||||
|
cpu: "50m"
|
||||||
|
limits:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "250m"
|
||||||
|
ports:
|
||||||
|
- name: api
|
||||||
|
containerPort: 8080
|
||||||
|
- name: metrics
|
||||||
|
containerPort: 2112
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /ping
|
||||||
|
port: 8080
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /ping
|
||||||
|
port: 8080
|
||||||
|
volumeMounts:
|
||||||
|
- name: logs
|
||||||
|
mountPath: /var/log/ente
|
||||||
|
- name: config
|
||||||
|
mountPath: /museum.yaml
|
||||||
|
subPath: museum.yaml
|
||||||
|
- name: credentials
|
||||||
|
mountPath: /credentials.yaml
|
||||||
|
subPath: credentials.yaml
|
||||||
|
volumes:
|
||||||
|
- name: logs
|
||||||
|
emptyDir: {}
|
||||||
|
- name: config
|
||||||
|
configMap:
|
||||||
|
name: museum-config
|
||||||
|
items:
|
||||||
|
- key: museum.yaml
|
||||||
|
path: museum.yaml
|
||||||
|
- name: credentials
|
||||||
|
secret:
|
||||||
|
secretName: museum-credentials
|
||||||
|
items:
|
||||||
|
- key: credentials.yaml
|
||||||
|
path: credentials.yaml
|
||||||
|
nodeSelector:
|
||||||
|
kubernetes.io/arch: arm64
|
12
ente/resources/museum/service.yaml
Normal file
12
ente/resources/museum/service.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: museum
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app.kubernetes.io/name: museum
|
||||||
|
ports:
|
||||||
|
- protocol: TCP
|
||||||
|
port: 8080
|
||||||
|
targetPort: 8080
|
7
ente/resources/namespace.yaml
Normal file
7
ente/resources/namespace.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: ente
|
||||||
|
labels:
|
||||||
|
prometheus: default
|
37
ente/resources/web/deployment.yaml
Normal file
37
ente/resources/web/deployment.yaml
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: web
|
||||||
|
spec:
|
||||||
|
replicas: 2
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: web
|
||||||
|
app.kubernetes.io/part-of: ente
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: web
|
||||||
|
app.kubernetes.io/part-of: ente
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: web
|
||||||
|
image: web
|
||||||
|
imagePullPolicy: Always
|
||||||
|
env:
|
||||||
|
- name: ENDPOINT
|
||||||
|
value: https://api.ente.icb4dc0.de
|
||||||
|
- name: ALBUMS_ENDPOINT
|
||||||
|
value: https://albums.ente.icb4dc0.de
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
memory: "64Mi"
|
||||||
|
cpu: "25m"
|
||||||
|
limits:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "50m"
|
||||||
|
ports:
|
||||||
|
- name: web
|
||||||
|
containerPort: 80
|
||||||
|
nodeSelector:
|
||||||
|
kubernetes.io/arch: arm64
|
11
ente/resources/web/service.yaml
Normal file
11
ente/resources/web/service.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: web
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app.kubernetes.io/name: web
|
||||||
|
app.kubernetes.io/part-of: ente
|
||||||
|
ports:
|
||||||
|
- port: 3000
|
||||||
|
targetPort: 80
|
Loading…
Reference in a new issue