prskr/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat(fider): basic setup

Browse source
This commit is contained in:
Peter 2023-04-17 15:35:15 +02:00
parent c0bff9b139
commit 55d8d53aa4
Signed by: prskr
GPG key ID: C1DB5D2E8DB512F9
11 changed files with 897 additions and 704 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
infrastructure/lb.tf
View file

@ -17,9 +17,16 @@ resource "hcloud_load_balancer_target" "k8s_lb_target" {
use_private_ip = true
}
resource "hcloud_managed_certificate" "icb4dc0de_wildcard" {
name = "icb4dc0.de-wildcard"
domain_names = ["*.icb4dc0.de", "icb4dc0.de"]
resource "hcloud_managed_certificate" "icb4dc0de_20230417_001" {
name = "icb4dc0de_20230417_001"
domain_names = [
"icb4dc0.de",
"*.icb4dc0.de",
"*.inetmock.icb4dc0.de",
"*.buildr.icb4dc0.de",
"*.prskr.icb4dc0.de",
"*.fider.icb4dc0.de",
]
labels = {
}
}
@ -50,7 +57,7 @@ resource "hcloud_load_balancer_service" "k8s_lb_svc_https" {
http {
redirect_http = true
certificates = [
hcloud_managed_certificate.icb4dc0de_wildcard.id
hcloud_managed_certificate.icb4dc0de_20230417_001.id
]
}
}

1
k8s/configure_cluster.yaml
View file

@ -8,3 +8,4 @@
- role: minio
- role: gitea
- role: drone
- role: fider

1395
k8s/inventory/group_vars/all.yml
View file

File diff suppressed because it is too large Load diff

21
k8s/roles/fider/files/config/base.env Normal file
View file

@ -0,0 +1,21 @@
HOST_DOMAIN=fider.icb4dc0.de
LOG_SQL="false"
LOG_STRUCTURED="true"
LOG_LEVEL="DEBUG"
# Metrics
METRICS_ENABLED=true
METRICS_PORT=4000
HOST_MODE=multi
# SMTP setup
EMAIL_SMTP_HOST=smtp.gmail.com
EMAIL_SMTP_PORT="587"
EMAIL_SMTP_ENABLE_STARTTLS='true'
# Blog storage
BLOB_STORAGE=s3
BLOB_STORAGE_S3_REGION=us-east-1
BLOB_STORAGE_S3_ENDPOINT_URL=http://minio.minio.svc.cluster.local:9000
BLOB_STORAGE_S3_BUCKET=fider

18
k8s/roles/fider/files/kustomization.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: fider
commonLabels:
app.kubernetes.io/instance: icb4dc0de-feedback
app.kubernetes.io/managed-by: kustomize
resources:
- "resources/deployment.yaml"
- "resources/service.yaml"
- "resources/ingress.yaml"
secretGenerator:
- name: fider-base-config
envs:
- "config/base.env"

34
k8s/roles/fider/files/resources/deployment.yaml Normal file
View file

@ -0,0 +1,34 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: fider
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: fider
template:
metadata:
labels:
app.kubernetes.io/name: fider
spec:
containers:
- name: fider
image: docker.io/getfider/fider:stable
ports:
- containerPort: 3000
protocol: TCP
name: web
envFrom:
- secretRef:
name: fider-base-config
- secretRef:
name: fider-secret-config
resources:
limits:
cpu: 200m
memory: 200Mi
requests:
cpu: 50m
memory: 50Mi

47
k8s/roles/fider/files/resources/ingress.yaml Normal file
View file

@ -0,0 +1,47 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: fider
spec:
rules:
- host: fider.icb4dc0.de
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: fider
port:
number: 3000
- host: login.fider.icb4dc0.de
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: fider
port:
number: 3000
- host: community.buildr.icb4dc0.de
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: fider
port:
number: 3000
- host: community.inetmock.icb4dc0.de
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: fider
port:
number: 3000

12
k8s/roles/fider/files/resources/service.yaml Normal file
View file

@ -0,0 +1,12 @@
---
apiVersion: v1
kind: Service
metadata:
name: fider
spec:
selector:
app.kubernetes.io/name: fider
ports:
- protocol: TCP
port: 3000
targetPort: 3000

45
k8s/roles/fider/tasks/main.yml Normal file
View file

@ -0,0 +1,45 @@
---
- name: Create fider namespace
kubernetes.core.k8s:
name: fider
api_version: v1
kind: Namespace
state: present
definition:
metadata:
labels:
prometheus: default
- name: Create Fider secrets
kubernetes.core.k8s:
state: present
definition:
apiVersion: v1
kind: Secret
metadata:
name: fider-secret-config
namespace: fider
data:
# Connection string to the PostgreSQL database
DATABASE_URL: "{{ 'postgres://%s:%s@postgres-15-postgresql.postgres.svc.cluster.local:5432/fider?sslmode=disable' | format(fider.db.user, fider.db.password) | b64encode }}"
# SMTP credentials
EMAIL_NOREPLY: "{{ fider.smtp.user | b64encode }}"
EMAIL_SMTP_USERNAME: "{{ fider.smtp.user | b64encode }}"
EMAIL_SMTP_PASSWORD: "{{ fider.smtp.password | b64encode }}"
# JWT secret key
JWT_SECRET: "{{ fider.jwt.secret | b64encode }}"
# OAuth
OAUTH_GITHUB_CLIENTID: "{{ fider.github.clientId | b64encode }}"
OAUTH_GITHUB_SECRET: "{{ fider.github.clientSecret | b64encode }}"
# Blob storage
BLOB_STORAGE_S3_ACCESS_KEY_ID: "{{ minio.rootUser | b64encode }}"
BLOB_STORAGE_S3_SECRET_ACCESS_KEY: "{{ minio.rootPassword | b64encode }}"
- name: Create kubernetes resources for lookup output
k8s:
definition: "{{ lookup('kubernetes.core.kustomize', dir=([role_path, 'files'] | path_join)) }}"

11
k8s/roles/gitea/tasks/main.yml
View file

@ -1,15 +1,4 @@
---
- name: Create gitea namespace
kubernetes.core.k8s:
name: gitea
api_version: v1
kind: Namespace
state: absent
definition:
metadata:
labels:
prometheus: default
- name: Create forgejo namespace
kubernetes.core.k8s:
name: forgejo

2
k8s/roles/k3s/master/files/traefik.yaml
View file

@ -11,6 +11,8 @@ spec:
ports:
web:
nodePort: 32080
forwardedHeaders:
insecure: true
websecure:
expose: false
service: