feat(obsidian): deploy CouchDB for Obsidian sync
Some checks failed
Renovate / renovate (push) Has been cancelled
Some checks failed
Renovate / renovate (push) Has been cancelled
This commit is contained in:
parent
3fdbfe8d7e
commit
bcc0b7c2bc
10 changed files with 229 additions and 0 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -2,3 +2,4 @@
|
||||||
.vaultpw
|
.vaultpw
|
||||||
.vscode/
|
.vscode/
|
||||||
.ssh/
|
.ssh/
|
||||||
|
*/charts/
|
3
obsidian/config/Caddyfile
Normal file
3
obsidian/config/Caddyfile
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
:8080 {
|
||||||
|
respond "Hello, world"
|
||||||
|
}
|
39
obsidian/config/admin-secret.enc.yaml
Normal file
39
obsidian/config/admin-secret.enc.yaml
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: obsidian-couchdb
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
adminUsername: ENC[AES256_GCM,data:YPev8S8=,iv:rmKKp0n5JCCRsW8MV0DHcAdRCjh7LB690r1i8t2l5ac=,tag:8AOCgrJk4yYvI1lPFfYx6g==,type:str]
|
||||||
|
adminPassword: ENC[AES256_GCM,data:HtwmAsRmZCzIepwtDiLc6/s+1SwFXeKkMSw7uHHG3Mk=,iv:YdPguuTDKg9kuARDwfFcFrPyJGd0jQjO/I8AOygm7VY=,tag:CvzFhEed0mvxwDheIQE/NA==,type:str]
|
||||||
|
cookieAuthSecret: ENC[AES256_GCM,data:xnOSCxMyquMi+akVUBCAECjIqcSa1gzYCA8lVIyeLbnLHAykzsZl5g==,iv:Roe4MwI9lNd78Y36X7qZ1VTRxO7Ztl2SfmHeRzX7i60=,tag:DEJ2xzv0OOrcHarlxlk3gQ==,type:str]
|
||||||
|
erlangCookie: ENC[AES256_GCM,data:KilAsXBz8TJO1hu6IE/Mquz7QUl9qJzPzF1CIy925tf89KUN83QhVA==,iv:I+W5Gqg4DbT5F+lGVhXaUSs9rPGjYMoYD0T9v9AHlOk=,tag:/n1hRrzU1DTqhZJhvq7Qwg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4UGlxRGxQc3AzNW42Tlpt
|
||||||
|
ZFVMR1JWWk1OVWNjNXBScFRldWFqSHVXZXpZClp2cm82ZytnRk5qblZsb3RDU2xw
|
||||||
|
aWtOa0paeVo2ZTZzQy9weVNNNFQ2b3cKLS0tIEdmWGxxTC9qZVBLelJCV3dncURB
|
||||||
|
QjhUT2YvaS83bkpsUjFtTURNZE9hME0KKtGiUiGoulnswTi3mAq8zdq1MOmrqSbP
|
||||||
|
E1Bbdb3amH9mDD+MaXSTxXGcD0X10m6ge+E0c3BMfoF0ssZpQ2hQNw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIWHZTUDhON0wvZVlZTk1D
|
||||||
|
SGY0dHJjaEdkcklwUjh0Yjk4dVdUWGVYRVFZCkh0bDU4THQ2N0RjMGg2aGRDbklG
|
||||||
|
ZjFUWEFabFJrSDJUZHR4bjAyNjZRb2cKLS0tIGNIT2ZHQ2R1ZEVJbWY4ZVh4QTl3
|
||||||
|
NlFuMS91OHozaW8rcHNqZVhSOCtWaDgKpsTPthtNzoyLcWbiWFFNLI/oNTIYf64t
|
||||||
|
+t5dkS8DRb/+iSRIMfP5rIY3Vo8qWiMy8KJW+GgPOo8wLEpkRyjAvA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-03-12T16:48:23Z"
|
||||||
|
mac: ENC[AES256_GCM,data:iUzppA+NV3LcZgo5HQLRt5HXONSbQ1PKMfd02ULho7lLpz6HyvCzdBdyUrF0+vUe/WO2BdbY3tGwmt7MEgG7aBIvCscfFKoX5enetOQxKacHBtD8mFBaLF9NIujiSWLQ6j/C9mALcKTJhQgV7eG47jMNiCERe1KJ3P0Z3wl6lhg=,iv:wrE77/hBAtvVmVzaO37pXEdJwRP9YU+CQxt8R/gIvXA=,tag:QSjf2QmJXUFmh7YPoBiJdQ==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
|
||||||
|
version: 3.8.1
|
23
obsidian/config/values.yaml
Normal file
23
obsidian/config/values.yaml
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
clusterSize: 3
|
||||||
|
|
||||||
|
createAdminSecret: false
|
||||||
|
|
||||||
|
couchdbConfig:
|
||||||
|
couchdb:
|
||||||
|
uuid: 04D9BED5-7280-4E43-9C86-1C3EEC1944FB
|
||||||
|
chttpd:
|
||||||
|
require_valid_user: "true"
|
||||||
|
enable_cors: "true"
|
||||||
|
chttpd_auth:
|
||||||
|
allow_persistent_cookies: "true"
|
||||||
|
cors:
|
||||||
|
credentials: 'true'
|
||||||
|
origins: 'app://obsidian.md'
|
||||||
|
methods: 'GET,PUT,POST,HEAD,DELETE'
|
||||||
|
|
||||||
|
persistentVolume:
|
||||||
|
enabled: true
|
||||||
|
size: 10Gi
|
||||||
|
storageClass: hcloud-volumes
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
38
obsidian/kustomization.yaml
Normal file
38
obsidian/kustomization.yaml
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
|
||||||
|
namespace: obsidian
|
||||||
|
|
||||||
|
images:
|
||||||
|
- name: caddy
|
||||||
|
newName: caddy
|
||||||
|
newTag: 2.7.6-alpine
|
||||||
|
|
||||||
|
labels:
|
||||||
|
- includeSelectors: true
|
||||||
|
pairs:
|
||||||
|
app.kubernetes.io/instance: obsidian
|
||||||
|
app.kubernetes.io/managed-by: kustomize
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- resources/namespace.yaml
|
||||||
|
- resources/http_routes.yaml
|
||||||
|
- resources/caddy_deployment.yaml
|
||||||
|
- resources/service.yaml
|
||||||
|
|
||||||
|
helmCharts:
|
||||||
|
- name: couchdb
|
||||||
|
repo: https://apache.github.io/couchdb-helm/
|
||||||
|
releaseName: obsidian
|
||||||
|
namespace: obsidian
|
||||||
|
version: 4.5.0
|
||||||
|
valuesFile: config/values.yaml
|
||||||
|
skipTests: true
|
||||||
|
|
||||||
|
configMapGenerator:
|
||||||
|
- name: caddy-hack
|
||||||
|
files:
|
||||||
|
- Caddyfile=config/Caddyfile
|
||||||
|
|
||||||
|
generators:
|
||||||
|
- ./secret-generator.yaml
|
39
obsidian/resources/caddy_deployment.yaml
Normal file
39
obsidian/resources/caddy_deployment.yaml
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: caddy-hack
|
||||||
|
spec:
|
||||||
|
replicas: 2
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: caddy-hack
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: caddy-hack
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: caddy
|
||||||
|
image: caddy
|
||||||
|
command:
|
||||||
|
- caddy
|
||||||
|
args:
|
||||||
|
- run
|
||||||
|
- -c
|
||||||
|
- /etc/caddy/Caddyfile
|
||||||
|
ports:
|
||||||
|
- containerPort: 8080
|
||||||
|
protocol: TCP
|
||||||
|
name: web
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 30Mi
|
||||||
|
volumeMounts:
|
||||||
|
- name: config
|
||||||
|
mountPath: /etc/caddy
|
||||||
|
volumes:
|
||||||
|
- name: config
|
||||||
|
configMap:
|
||||||
|
name: caddy-hack
|
56
obsidian/resources/http_routes.yaml
Normal file
56
obsidian/resources/http_routes.yaml
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: obsidian-db-http
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: http
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- obsidian-db.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- filters:
|
||||||
|
- type: RequestRedirect
|
||||||
|
requestRedirect:
|
||||||
|
scheme: https
|
||||||
|
statusCode: 301
|
||||||
|
---
|
||||||
|
apiVersion: gateway.networking.k8s.io/v1
|
||||||
|
kind: HTTPRoute
|
||||||
|
metadata:
|
||||||
|
name: obsidian-db-https
|
||||||
|
spec:
|
||||||
|
parentRefs:
|
||||||
|
- name: contour
|
||||||
|
sectionName: https
|
||||||
|
namespace: projectcontour
|
||||||
|
hostnames:
|
||||||
|
- obsidian-db.icb4dc0.de
|
||||||
|
rules:
|
||||||
|
- matches:
|
||||||
|
- method: OPTIONS
|
||||||
|
headers:
|
||||||
|
- name: Origin
|
||||||
|
value: 'app://obsidian.md'
|
||||||
|
filters:
|
||||||
|
- type: ResponseHeaderModifier
|
||||||
|
responseHeaderModifier:
|
||||||
|
add:
|
||||||
|
- name: Access-Control-Allow-Origin
|
||||||
|
value: 'app://obsidian.md'
|
||||||
|
- name: Access-Control-Allow-Methods
|
||||||
|
value: 'GET,PUT,POST,HEAD,DELETE'
|
||||||
|
- name: Access-Control-Allow-Credentials
|
||||||
|
value: 'true'
|
||||||
|
- name: Access-Control-Allow-Headers
|
||||||
|
value: 'accept,authorization,content-type,origin,referer'
|
||||||
|
- name: Access-Control-Max-Age
|
||||||
|
value: '3600'
|
||||||
|
backendRefs:
|
||||||
|
- name: caddy-hack
|
||||||
|
port: 8080
|
||||||
|
- backendRefs:
|
||||||
|
- name: obsidian-svc-couchdb
|
||||||
|
port: 5984
|
7
obsidian/resources/namespace.yaml
Normal file
7
obsidian/resources/namespace.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: obsidian
|
||||||
|
labels:
|
||||||
|
prometheus: default
|
12
obsidian/resources/service.yaml
Normal file
12
obsidian/resources/service.yaml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: caddy-hack
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app.kubernetes.io/name: caddy-hack
|
||||||
|
ports:
|
||||||
|
- protocol: TCP
|
||||||
|
port: 8080
|
||||||
|
targetPort: 8080
|
11
obsidian/secret-generator.yaml
Normal file
11
obsidian/secret-generator.yaml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: viaduct.ai/v1
|
||||||
|
kind: ksops
|
||||||
|
metadata:
|
||||||
|
# Specify a name
|
||||||
|
name: obsidian-secret-generator
|
||||||
|
annotations:
|
||||||
|
config.kubernetes.io/function: |
|
||||||
|
exec:
|
||||||
|
path: ksops
|
||||||
|
files:
|
||||||
|
- config/admin-secret.enc.yaml
|
Loading…
Reference in a new issue