infrastructure/apps
1
0
Fork 0
Code Issues Pull requests 5 Projects Releases Packages Wiki Activity Actions

chore: decomission CouchDB for obsidian
Some checks failed
Renovate / renovate (push) Has been cancelled
Details

Browse source
This commit is contained in:
Peter 2024-03-26 19:34:39 +01:00
parent 0abae87212
commit ebf8c0fd3b
Signed by: prskr
GPG key ID: F56BED6903BC5E37
10 changed files with 10 additions and 229 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
cert-manager/resources/letsencrypt-production.yaml
View file

@ -17,4 +17,13 @@ spec:
email: peter.kurfer@gmail.com email: peter.kurfer@gmail.com
apiTokenSecretRef: apiTokenSecretRef:
name: acme-dns-cloudflare name: acme-dns-cloudflare
key: api-token key: api-token
- dns01:
cloudflare:
email: peter.kurfer@gmail.com
apiTokenSecretRef:
name: acme-dns-cloudflare
key: api-token
selector:
matchLabels:
cert-manager.io/useDnsSolver: "true"

3
obsidian/config/Caddyfile
View file

@ -1,3 +0,0 @@
:8080 {
respond "Hello, world"
}

39
obsidian/config/admin-secret.enc.yaml
View file

@ -1,39 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: obsidian-couchdb
type: Opaque
stringData:
adminUsername: ENC[AES256_GCM,data:YPev8S8=,iv:rmKKp0n5JCCRsW8MV0DHcAdRCjh7LB690r1i8t2l5ac=,tag:8AOCgrJk4yYvI1lPFfYx6g==,type:str]
adminPassword: ENC[AES256_GCM,data:HtwmAsRmZCzIepwtDiLc6/s+1SwFXeKkMSw7uHHG3Mk=,iv:YdPguuTDKg9kuARDwfFcFrPyJGd0jQjO/I8AOygm7VY=,tag:CvzFhEed0mvxwDheIQE/NA==,type:str]
cookieAuthSecret: ENC[AES256_GCM,data:xnOSCxMyquMi+akVUBCAECjIqcSa1gzYCA8lVIyeLbnLHAykzsZl5g==,iv:Roe4MwI9lNd78Y36X7qZ1VTRxO7Ztl2SfmHeRzX7i60=,tag:DEJ2xzv0OOrcHarlxlk3gQ==,type:str]
erlangCookie: ENC[AES256_GCM,data:KilAsXBz8TJO1hu6IE/Mquz7QUl9qJzPzF1CIy925tf89KUN83QhVA==,iv:I+W5Gqg4DbT5F+lGVhXaUSs9rPGjYMoYD0T9v9AHlOk=,tag:/n1hRrzU1DTqhZJhvq7Qwg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4UGlxRGxQc3AzNW42Tlpt
ZFVMR1JWWk1OVWNjNXBScFRldWFqSHVXZXpZClp2cm82ZytnRk5qblZsb3RDU2xw
aWtOa0paeVo2ZTZzQy9weVNNNFQ2b3cKLS0tIEdmWGxxTC9qZVBLelJCV3dncURB
QjhUT2YvaS83bkpsUjFtTURNZE9hME0KKtGiUiGoulnswTi3mAq8zdq1MOmrqSbP
E1Bbdb3amH9mDD+MaXSTxXGcD0X10m6ge+E0c3BMfoF0ssZpQ2hQNw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIWHZTUDhON0wvZVlZTk1D
SGY0dHJjaEdkcklwUjh0Yjk4dVdUWGVYRVFZCkh0bDU4THQ2N0RjMGg2aGRDbklG
ZjFUWEFabFJrSDJUZHR4bjAyNjZRb2cKLS0tIGNIT2ZHQ2R1ZEVJbWY4ZVh4QTl3
NlFuMS91OHozaW8rcHNqZVhSOCtWaDgKpsTPthtNzoyLcWbiWFFNLI/oNTIYf64t
+t5dkS8DRb/+iSRIMfP5rIY3Vo8qWiMy8KJW+GgPOo8wLEpkRyjAvA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-12T16:48:23Z"
mac: ENC[AES256_GCM,data:iUzppA+NV3LcZgo5HQLRt5HXONSbQ1PKMfd02ULho7lLpz6HyvCzdBdyUrF0+vUe/WO2BdbY3tGwmt7MEgG7aBIvCscfFKoX5enetOQxKacHBtD8mFBaLF9NIujiSWLQ6j/C9mALcKTJhQgV7eG47jMNiCERe1KJ3P0Z3wl6lhg=,iv:wrE77/hBAtvVmVzaO37pXEdJwRP9YU+CQxt8R/gIvXA=,tag:QSjf2QmJXUFmh7YPoBiJdQ==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

23
obsidian/config/values.yaml
View file

@ -1,23 +0,0 @@
clusterSize: 3
createAdminSecret: false
couchdbConfig:
couchdb:
uuid: 04D9BED5-7280-4E43-9C86-1C3EEC1944FB
chttpd:
require_valid_user: "true"
enable_cors: "true"
chttpd_auth:
allow_persistent_cookies: "true"
cors:
credentials: 'true'
origins: 'app://obsidian.md'
methods: 'GET,PUT,POST,HEAD,DELETE'
persistentVolume:
enabled: true
size: 10Gi
storageClass: hcloud-volumes
accessModes:
- ReadWriteOnce

38
obsidian/kustomization.yaml
View file

@ -1,38 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: obsidian
images:
- name: caddy
newName: caddy
newTag: 2.7.6-alpine
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/instance: obsidian
app.kubernetes.io/managed-by: kustomize
resources:
- resources/namespace.yaml
- resources/http_routes.yaml
- resources/caddy_deployment.yaml
- resources/service.yaml
helmCharts:
- name: couchdb
repo: https://apache.github.io/couchdb-helm/
releaseName: obsidian
namespace: obsidian
version: 4.5.0
valuesFile: config/values.yaml
skipTests: true
configMapGenerator:
- name: caddy-hack
files:
- Caddyfile=config/Caddyfile
generators:
- ./secret-generator.yaml

39
obsidian/resources/caddy_deployment.yaml
View file

@ -1,39 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: caddy-hack
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: caddy-hack
template:
metadata:
labels:
app.kubernetes.io/name: caddy-hack
spec:
containers:
- name: caddy
image: caddy
command:
- caddy
args:
- run
- -c
- /etc/caddy/Caddyfile
ports:
- containerPort: 8080
protocol: TCP
name: web
resources:
limits:
cpu: 10m
memory: 30Mi
volumeMounts:
- name: config
mountPath: /etc/caddy
volumes:
- name: config
configMap:
name: caddy-hack

56
obsidian/resources/http_routes.yaml
View file

@ -1,56 +0,0 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: obsidian-db-http
spec:
parentRefs:
- name: contour
sectionName: http
namespace: projectcontour
hostnames:
- obsidian-db.icb4dc0.de
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: obsidian-db-https
spec:
parentRefs:
- name: contour
sectionName: https
namespace: projectcontour
hostnames:
- obsidian-db.icb4dc0.de
rules:
- matches:
- method: OPTIONS
headers:
- name: Origin
value: 'app://obsidian.md'
filters:
- type: ResponseHeaderModifier
responseHeaderModifier:
add:
- name: Access-Control-Allow-Origin
value: 'app://obsidian.md'
- name: Access-Control-Allow-Methods
value: 'GET,PUT,POST,HEAD,DELETE'
- name: Access-Control-Allow-Credentials
value: 'true'
- name: Access-Control-Allow-Headers
value: 'accept,authorization,content-type,origin,referer'
- name: Access-Control-Max-Age
value: '3600'
backendRefs:
- name: caddy-hack
port: 8080
- backendRefs:
- name: obsidian-svc-couchdb
port: 5984

7
obsidian/resources/namespace.yaml
View file

@ -1,7 +0,0 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: obsidian
labels:
prometheus: default

12
obsidian/resources/service.yaml
View file

@ -1,12 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: caddy-hack
spec:
selector:
app.kubernetes.io/name: caddy-hack
ports:
- protocol: TCP
port: 8080
targetPort: 8080

11
obsidian/secret-generator.yaml
View file

@ -1,11 +0,0 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
# Specify a name
name: obsidian-secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- config/admin-secret.enc.yaml