feat(fider): basic setup
This commit is contained in:
parent
c0bff9b139
commit
55d8d53aa4
11 changed files with 897 additions and 704 deletions
|
@ -17,9 +17,16 @@ resource "hcloud_load_balancer_target" "k8s_lb_target" {
|
|||
use_private_ip = true
|
||||
}
|
||||
|
||||
resource "hcloud_managed_certificate" "icb4dc0de_wildcard" {
|
||||
name = "icb4dc0.de-wildcard"
|
||||
domain_names = ["*.icb4dc0.de", "icb4dc0.de"]
|
||||
resource "hcloud_managed_certificate" "icb4dc0de_20230417_001" {
|
||||
name = "icb4dc0de_20230417_001"
|
||||
domain_names = [
|
||||
"icb4dc0.de",
|
||||
"*.icb4dc0.de",
|
||||
"*.inetmock.icb4dc0.de",
|
||||
"*.buildr.icb4dc0.de",
|
||||
"*.prskr.icb4dc0.de",
|
||||
"*.fider.icb4dc0.de",
|
||||
]
|
||||
labels = {
|
||||
}
|
||||
}
|
||||
|
@ -50,7 +57,7 @@ resource "hcloud_load_balancer_service" "k8s_lb_svc_https" {
|
|||
http {
|
||||
redirect_http = true
|
||||
certificates = [
|
||||
hcloud_managed_certificate.icb4dc0de_wildcard.id
|
||||
hcloud_managed_certificate.icb4dc0de_20230417_001.id
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -8,3 +8,4 @@
|
|||
- role: minio
|
||||
- role: gitea
|
||||
- role: drone
|
||||
- role: fider
|
||||
|
|
File diff suppressed because it is too large
Load diff
21
k8s/roles/fider/files/config/base.env
Normal file
21
k8s/roles/fider/files/config/base.env
Normal file
|
@ -0,0 +1,21 @@
|
|||
HOST_DOMAIN=fider.icb4dc0.de
|
||||
LOG_SQL="false"
|
||||
LOG_STRUCTURED="true"
|
||||
LOG_LEVEL="DEBUG"
|
||||
|
||||
# Metrics
|
||||
METRICS_ENABLED=true
|
||||
METRICS_PORT=4000
|
||||
|
||||
HOST_MODE=multi
|
||||
|
||||
# SMTP setup
|
||||
EMAIL_SMTP_HOST=smtp.gmail.com
|
||||
EMAIL_SMTP_PORT="587"
|
||||
EMAIL_SMTP_ENABLE_STARTTLS='true'
|
||||
|
||||
# Blog storage
|
||||
BLOB_STORAGE=s3
|
||||
BLOB_STORAGE_S3_REGION=us-east-1
|
||||
BLOB_STORAGE_S3_ENDPOINT_URL=http://minio.minio.svc.cluster.local:9000
|
||||
BLOB_STORAGE_S3_BUCKET=fider
|
18
k8s/roles/fider/files/kustomization.yaml
Normal file
18
k8s/roles/fider/files/kustomization.yaml
Normal file
|
@ -0,0 +1,18 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
namespace: fider
|
||||
|
||||
commonLabels:
|
||||
app.kubernetes.io/instance: icb4dc0de-feedback
|
||||
app.kubernetes.io/managed-by: kustomize
|
||||
|
||||
resources:
|
||||
- "resources/deployment.yaml"
|
||||
- "resources/service.yaml"
|
||||
- "resources/ingress.yaml"
|
||||
|
||||
secretGenerator:
|
||||
- name: fider-base-config
|
||||
envs:
|
||||
- "config/base.env"
|
34
k8s/roles/fider/files/resources/deployment.yaml
Normal file
34
k8s/roles/fider/files/resources/deployment.yaml
Normal file
|
@ -0,0 +1,34 @@
|
|||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: fider
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: fider
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: fider
|
||||
spec:
|
||||
containers:
|
||||
- name: fider
|
||||
image: docker.io/getfider/fider:stable
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
protocol: TCP
|
||||
name: web
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: fider-base-config
|
||||
- secretRef:
|
||||
name: fider-secret-config
|
||||
resources:
|
||||
limits:
|
||||
cpu: 200m
|
||||
memory: 200Mi
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 50Mi
|
47
k8s/roles/fider/files/resources/ingress.yaml
Normal file
47
k8s/roles/fider/files/resources/ingress.yaml
Normal file
|
@ -0,0 +1,47 @@
|
|||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: fider
|
||||
spec:
|
||||
rules:
|
||||
- host: fider.icb4dc0.de
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: /
|
||||
backend:
|
||||
service:
|
||||
name: fider
|
||||
port:
|
||||
number: 3000
|
||||
- host: login.fider.icb4dc0.de
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: /
|
||||
backend:
|
||||
service:
|
||||
name: fider
|
||||
port:
|
||||
number: 3000
|
||||
- host: community.buildr.icb4dc0.de
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: /
|
||||
backend:
|
||||
service:
|
||||
name: fider
|
||||
port:
|
||||
number: 3000
|
||||
- host: community.inetmock.icb4dc0.de
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: /
|
||||
backend:
|
||||
service:
|
||||
name: fider
|
||||
port:
|
||||
number: 3000
|
12
k8s/roles/fider/files/resources/service.yaml
Normal file
12
k8s/roles/fider/files/resources/service.yaml
Normal file
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: fider
|
||||
spec:
|
||||
selector:
|
||||
app.kubernetes.io/name: fider
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 3000
|
||||
targetPort: 3000
|
45
k8s/roles/fider/tasks/main.yml
Normal file
45
k8s/roles/fider/tasks/main.yml
Normal file
|
@ -0,0 +1,45 @@
|
|||
---
|
||||
- name: Create fider namespace
|
||||
kubernetes.core.k8s:
|
||||
name: fider
|
||||
api_version: v1
|
||||
kind: Namespace
|
||||
state: present
|
||||
definition:
|
||||
metadata:
|
||||
labels:
|
||||
prometheus: default
|
||||
|
||||
|
||||
- name: Create Fider secrets
|
||||
kubernetes.core.k8s:
|
||||
state: present
|
||||
definition:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: fider-secret-config
|
||||
namespace: fider
|
||||
data:
|
||||
# Connection string to the PostgreSQL database
|
||||
DATABASE_URL: "{{ 'postgres://%s:%s@postgres-15-postgresql.postgres.svc.cluster.local:5432/fider?sslmode=disable' | format(fider.db.user, fider.db.password) | b64encode }}"
|
||||
|
||||
# SMTP credentials
|
||||
EMAIL_NOREPLY: "{{ fider.smtp.user | b64encode }}"
|
||||
EMAIL_SMTP_USERNAME: "{{ fider.smtp.user | b64encode }}"
|
||||
EMAIL_SMTP_PASSWORD: "{{ fider.smtp.password | b64encode }}"
|
||||
|
||||
# JWT secret key
|
||||
JWT_SECRET: "{{ fider.jwt.secret | b64encode }}"
|
||||
|
||||
# OAuth
|
||||
OAUTH_GITHUB_CLIENTID: "{{ fider.github.clientId | b64encode }}"
|
||||
OAUTH_GITHUB_SECRET: "{{ fider.github.clientSecret | b64encode }}"
|
||||
|
||||
# Blob storage
|
||||
BLOB_STORAGE_S3_ACCESS_KEY_ID: "{{ minio.rootUser | b64encode }}"
|
||||
BLOB_STORAGE_S3_SECRET_ACCESS_KEY: "{{ minio.rootPassword | b64encode }}"
|
||||
|
||||
- name: Create kubernetes resources for lookup output
|
||||
k8s:
|
||||
definition: "{{ lookup('kubernetes.core.kustomize', dir=([role_path, 'files'] | path_join)) }}"
|
|
@ -1,15 +1,4 @@
|
|||
---
|
||||
- name: Create gitea namespace
|
||||
kubernetes.core.k8s:
|
||||
name: gitea
|
||||
api_version: v1
|
||||
kind: Namespace
|
||||
state: absent
|
||||
definition:
|
||||
metadata:
|
||||
labels:
|
||||
prometheus: default
|
||||
|
||||
- name: Create forgejo namespace
|
||||
kubernetes.core.k8s:
|
||||
name: forgejo
|
||||
|
|
|
@ -11,6 +11,8 @@ spec:
|
|||
ports:
|
||||
web:
|
||||
nodePort: 32080
|
||||
forwardedHeaders:
|
||||
insecure: true
|
||||
websecure:
|
||||
expose: false
|
||||
service:
|
||||
|
|
Loading…
Add table
Reference in a new issue