diff --git a/k8s/configure_cluster.yaml b/k8s/configure_cluster.yaml index 26a82fe..ef0b17f 100644 --- a/k8s/configure_cluster.yaml +++ b/k8s/configure_cluster.yaml @@ -2,9 +2,9 @@ hosts: localhost roles: - role: cifs-csi - - role: skooner - role: coder - - role: codimd + - role: hedgedoc + - role: nocodb - role: prometheus - role: postgres - role: hcloud diff --git a/k8s/inventory/group_vars/all.yml b/k8s/inventory/group_vars/all.yml index 22c0559..0198f50 100644 --- a/k8s/inventory/group_vars/all.yml +++ b/k8s/inventory/group_vars/all.yml @@ -1,116 +1,126 @@ $ANSIBLE_VAULT;1.1;AES256 -33643030613065616536613463646664623664336531303162336336373132313866653536323266 -3932613739313265306639366461363037303365363634330a343835313130653537663464346366 -66333136313038393466313331666265666264666233336137663135303861646465616339366438 -3362326363383738640a623630626138323335353666383561656234653234666261363437656265 -37393737653038626639323565666630393466313034653664383632366432613035333537326339 -30623137333331393466396666373539636561313736376536643034393638333139626338636433 -37666163396135353936623530316235313762666634636164626130623865663063393336653061 -31336631313234373833333533636262313364666532356635656333393531366132613635333962 -39653437356431306164353561336561326532336635373035616564336537316432326537376134 -36343630326230396463396262666463643632373565656230303335343637663931656431376238 -66366265666565633166343038396237393934393838303535613163636333663338623937303838 -39636531356536646535343233323961633564333838303239353831653931396536393138356335 -36336334666632393636316462623865343936383631363563373532356538366238323932633361 -34306564366364376134363238346264373563313239396531346365373166383039393333373534 -63336632333632616339313765373433306163363730333838653436663237663331363034633837 -34613130336430663439313262393464366463333132343238623862363231623735633936623263 -63643065303666343431653733666636336464386136323034646462646534303634636132326466 -61373334333831323337366631653763393763323832353761363465346563353661313238333334 -65323636613764313037313066623734316430663835623638623235366532313966383064643165 -62363530666430623637656233613931623439353734326266613538376531646434616535333836 -31353937346637386333366261366631383639616136396639316239303731623465383863313333 -35383737646163383064373836363862333538343463303932366435323536386638636236333732 -66396439656561373662626632306632333161316662376463653266643239393930613165376539 -62653133386562313435333330393938326239313633363235633638646163346362626663393065 -37363535346432313833356262353364633234393330626433613730643363356165393034643465 -65666466653139333536333232613138666239313766343765663165646165366634643839363934 -37653633393832323431303134623731636461346132656638303537616335333065343065616231 -37643032393662353436666563626337366566386265303335653035323561373730656163656436 -32336437316234613230366265663932343061333233636165353264336364663261386638646331 -63373030376263373739623531623963626338336262336237323939303332303032303631383063 -38336231376231326563306338393466343534333565343266333366666533326233326563366639 -33323439353463383966333261306266356237346333663237396531393863366335663335663561 -64323962663338646635613336333933313532396534353039333439323163353137356561373463 -34663461626238303961306562313139386633313039636136333434386539303632383966313431 -61396263626239343536313430633932353430636463313961666666316532613938353438656364 -65393934346161333334386531306134343736656165633733383131383261666135313931363138 -35393834653538666663356132653238373133303636303038373462633238316562396430373133 -65303362393364313662373731313937336233396430643831353763393932373534366666306535 -33336538363739656537653861316263373838643830383736316235313037656236336562306431 -32373466313030656230333566616437306538643333306465316232383937613834643934613037 -61643664396465613635356231353061336531396232613338376134396138643434363338633161 -64316264633863393366626238386531313930323233363033313333326166633163633837616262 -37366336636361663638333063646630656266656139376335653563626133343937306233346638 -35353332323032333562653536333763613636373762636464366439363734613063323532626632 -37393839396231363037646164356532653039303830636336663562393332363131623134643961 -34303736323064313230346261356162303366383537383730653832646137656136323831353563 -65396432663236323538663535373338383030356465643032373064363866613661316434356463 -35346161373661616635663530386266653966396338316134643937343034383431623938383462 -31386461303966333432303536656536376632393832393563393331346338613166373761353936 -64316662636161616137636364353935613931336435383766306462366536636265643535393530 -39616263353638373533303237383063663335356431316131333038346662353264383437373133 -34666536303163613335643532646530666330366635386465666336666235306431663763303839 -64343437353436336336373737386138663134313737316538376133616633623935623335333830 -34626138656436626333376165656437613935623734303932333962393736643939363835313861 -63306137313533343439653631356161633636356431663631363239376639323631383966306338 -61643232353430383863353231326532316265623637343665343964366463316236383065373962 -38396462343734303636393336343463303639383961653337376364386661653164333333333934 -36306464396266373662386264373031626561643439376361383434376538326162633362383361 -61323735323438356430323833396665613261613161663435386131626565336134333963633065 -36636266353865353337363838356435376131383133393237343539326263623131666432363662 -30633532303937356465613434646166356138633864353665616632313031623731393062633531 -64383866653331313666636563353866633932303135383761316435383366346363653131326662 -37636165643966376536646332626438646361373331376565353161646232613439623466663062 -32353137353562383439343766306136376131343232383762666137393464366436643165363032 -63306132633365393937633935633832386662656639636339333262626663653736613863366236 -61666465376664333439343862306634316462363663323830656333656361313234363432396264 -62663536626463616239643637643131346365376537373732626432353135363735616461383763 -35303364313434396561356536303831356637383662366465613866353639303030333433353636 -64303762616339393031303735623433393664396361653962373430646237323230643463366237 -62393838336538363066663037333132616464303765343365306134306463623864346238613030 -38306163326337613366626263623738346435616238643162393333643231306633316163343731 -30663064313037323237303339613263663335303763373565633364326561343736353137643466 -35613539623338623839366536666461616562623632313338323539333962353662313762613835 -61383337653565396430663133613934623236373938333739323364616333356365383339393165 -30643664336337323539346139316234306633303531653331323739613162616231333863653632 -35303938643035613630363961396430326536626434656532323466326133326336616430633834 -64393438306433653133333535353864626335343362653834633732343236333864356466333032 -36346362646236313436613233336438333237666433336431326236323264363235343537363234 -34343136616536356663386563613363386566393365343234326466386636373661363363613165 -33356430373232643539393835653662393365636332636166616139653161313465356633623763 -39316433383233363363616365643339333565356166613763346362366337613334653163303366 -62306139396565313863376139373434383530343338306533633265313538323330303835363061 -37626333346235383830393865643838363332636366333633313865323566646232653137656435 -35373739656339323732613634333765373737383937653239353366633163353465636131313237 -65363561383133323539633630386337363462343663313335313933393936666636376337613331 -34646163613933646666316666663562663939663434646638366630366363303737333131383661 -62626439663037353061326264363833336634373565376534616235356563383766646630623437 -39343335636366343161656663343238633963326163626332356330303037353238356136316134 -37386230626464633330396539633965353633393865653335373136666435626533343134363634 -30343935323965643836323166333437653630663834393861306339613333396630393731663266 -37636433653434386161316530333630306336633262613231643762623661393164313934303637 -33663436623165386537343835313661356564383466356633396537313664333361303938656633 -30643966373961663464366634363831373961393835326433366261323939643331316464623864 -62653566326663393534313964643536623361343064666462373338326561653562643265643130 -36366339663763353734613831636166303638363439363031613964343566653661326565333737 -34363963333464376331366236663762363830363439366433653734353964663963353539663333 -61636464383936326666616235633135356332393134363330303561343030633366643736636665 -31373566316131303463383737636264336536373464316535623430346664633033346335666334 -34343964623661653864396635303262656162326262363863343061323339376265613762656130 -35376664626231623338363562383939626539336433623633666134383531633436343832383565 -37663832366265396331613330623165373332646339616535346364646630623636313264356138 -31303434323938613239353933636137653333306238383237333839353261373431616232613064 -37353538653333303938363762336464343030343037626232633765353934616664663039323735 -36633034346562623866376666333031333233636636363235613362366562346636656532336262 -38373637616139633862323632316362346337356463376166626433303132333432323766343138 -64333537653861333233643064306435653663633864346165396666623163343062316262646266 -61653761376332376337636634303737303035346662373966323336623631316266346563323233 -30313638636138383632636562313763303934356263613037623439366566333862343732383430 -32363336653837643131326430656333656333306566666135383232346632323234663963333438 -36343264623861666166626536366630316233346439663531303939316330633762303965313831 -62313633316631356461643735366232396431626364643761333237386539353161333961656133 -32373034653566393431306263323665383032396437386337353534323434663237653132666561 -38353836376335353662346530376366623562663130633737663865343665303432316636336437 -61623338313064313364653930323537623835326431623964316461653534373230386234313239 -643366363332346361353436633736353037 +66643230333866626266396537353465623533643664366461343436333038356230316630666466 +3238636230333063336636346461633235346531383235640a356461343338333632363732373464 +35323834366537373139393465393762356565303364623937383662303034326139363833636333 +6461613035356430380a313238653738626164313537613566346163616332623063646139356332 +36643863346364313237383839636665643862616531613332616232623135643837376134663362 +32353636646235393631636534306437656532343639333338383166306563326561336633613634 +63346330356433643362356165613831643637633533636563333238386562656639353665656465 +39613861383262613232313038663566383963363435343139656532383730376331366434313939 +34373438303730383437353863306336666333396132336330353163346539636138643065386537 +64363937393164323661666465613535643965373666663737343330373263336536343930363361 +37393335326637366362356431316534666561333832666637323661323431303230626231653863 +66393365613238353061396537303764653036313863613931373833316435643530356361316630 +61376338353265393838376132633564616530323134613235366465643531393938663339383465 +61653736373037643965306264316433336334333033333736643732326133303266376665643832 +36663463613634383730323233313734343234656463626433323362396435373237653263343063 +35343135646437633537373631303431626161396337303964353662633135646464313463616664 +36373764633535653966343664616236303432393262623762663638346137386437636236646438 +34316336316165663938306363386663636239313236313365376133376164353230656464663865 +39356436616533376531353233393761346236623361633937376231353631393265626338306138 +34303964343434323830326130383239326535626462643064643138373438383333386436626364 +31656265353932643039333264386532653935323563386366326661336430343162366136616663 +38383535303431636637373431363462613931303938623863336131656431393966653834356563 +64376264363436636335643566636330393635643064646565396135646161393938383534373237 +65393762333438393765396238316336373830646635373763663533356330656236343334663862 +30326362383861623131393634306432643138646563383139393936396165343664643063393736 +64623664343662386166383266366531653265616638386538616362373936613963666131363635 +64376638666136386665653265653736373165666331346433643063383865363865383139343637 +30326336393636343139663830666238643938663666326137393861663837643861613131323066 +31306164646331343232356365643466393631643536393465376131616430663936366532633034 +38646234323934333239353866623966343963656535653734663962316333353661363734333063 +36376235626636663762376237363334633931616366383033623031336431643666623832616439 +32313539646233633334316539343863316564393730616565653064653836313666303735333535 +38613337303737646438616464643338633361373465636362323862363935373635343833363563 +65393665373838303630343434666565336435373938373936383035396636366232393564393236 +36353437343734643534613130376361306130383166373932303962633538343362653739333432 +33663130646666623433343734343132386665356234383232656561326164633634663063626363 +39313762386130363565363739663864303566663865383730653935626538636632643031613331 +37653736313662653762613536646663373566663365316362303439393533373063313237663033 +31336435363163613538313830393433656434316131373038306538393363386463626430356536 +38666335623031643661643034356164393065396331666333303938646134623636626639623366 +36626164343366343537393762383266353464616139303637323462316363306537646232363732 +37636664323165323461363861623361393233666434636364383435653530616439306630653137 +65353238326631623561333765336361386337336235323764346435646237373733633437316535 +64356234363436383337363730616436633164643937373566343035633266383465343734353039 +34393062663662383736396337626535333139366663636539643362316564313464616234383332 +63353432396133366663616465636238366466356439643838623061633564386336343737366437 +32656139346362666565663135663838333035333964383236323030643236396439313664363233 +33663161363038633563653730396264323938346630626563623238363739613863633338643432 +36316536656263636661353230316539646662376563376338383161363031663364383364646538 +32626263393965333330386536623231656535613837633939613035656662306164643365326339 +39643534336235383566386637363464363663323035336336386261313432613862613261343531 +62343537653636353835336537356536613730643238313563393837633361393161623439376435 +34393037343864336434366130396539656331306238633961363965343430396536653631626161 +33363061373630316335353466316230626562646636326130383538653432663064393964393363 +64613833316130346261316232376335333534323939373430376134643765646261643463616664 +66616531613034353138343033373165616137643466663266303062646430636538386665643336 +33633564383964353761323736383230393539336161643836643734303431353864333163323566 +63383831663537313431376635333762313734383761326136333362666234663861393038373661 +34616432316365333866323234356666656563616430663365346665633561663063643761313636 +30303639343037326139393933356363633439333033373937306137643832373839633437386666 +35343331623539343434666138633763653464356564333436353062306664663130633834326636 +36396232393838316636376162346565366533653864373335663361613033663265326139343962 +63613462373962613161656263313763353435366638333563663536326630363962613964306261 +66383630316465323131336134653237396635313237646536353132336636343339316365633061 +30363532613033623532326430326163343362373036336233643337366439636138363662633766 +30646537306330306566626337636631623261323532396137363739343664326438626461326435 +35663035316236616133633038386437646133383063323834623264363133366631356236353863 +32336633316237336535616638356135633134356437633031316134313761346161323665613537 +63613162616537616338653634373862636264353063326163613333633137633238346135646134 +65353831396236346464326462343337373137663631333963353738636462643761653533376466 +38346164383634393232383563663735663363663661373461303733333265663362396664363763 +66373565386436653262376533316233393039346166326265323763373164366265323437616564 +35323362396431663134623265373134376537346235333766346330353434376339353535663832 +33386534343236636436663637343633333562383531333630386164323635633735653137633662 +65626231303666313436626336366539373038323161663232336361633462396432616531373162 +62633630376134326534336331643561373136383764323036313938613661616366396631353063 +30316636353061303761353838313636636636303166376630623837373663613930316131326231 +36653838626238626661356130353132386664366364323965326432613939623065376363656466 +38386263656265333035653836666265613134316332343363396634303338623761393430366662 +36633233396234663766393331656630383530363134353966636462336163306266646533666130 +31333933396633643032616230613136313933663535323838663737313964306233383764376661 +35376336336236346130333266613833313830363133396165353237313337633264353238306437 +64336566653037653732396266393462656134626663356139393661346231626664386630363665 +64383963656266396162333236373831373535623462356662336139623936613335336630373632 +30373435363463383264313036623263653862653936386131313062366436336234393230303233 +37376333653633383137356563346136306433623066336533386238663066666661656365363632 +33343936376631636565363862613766303163326339366235353265383132646163356435336164 +39633266306565663739356562643966343730336363366234613834613361313133616130396237 +31626164346462616634306366303062653165666561326336373362646162376232316337616439 +66333161363463373561316338633531396266316364323834656134633632393964383132323933 +65383732383563613866306565386662653232336533333534666439313235383865363338643930 +36333135623934343635646333616635353633346534646337356235643831343762343463306364 +35353562666466376538353862343965376564633935313934366265313331353062363136383438 +62363639613337343564636132333530376335366663343364663162376465656331663038376562 +63616137393332303062646533643166336130333666613864326537313763356233613161626661 +63353765333332333064306564663738666430353733663035343966656364613663663532376465 +64663537323339353238656437383761656564333739306236663037396264343730313037353235 +39393235376565373335633737363939366533356533353165653562613231623362646336326232 +38633861303830643939336337616532343962326232663833333133356266336431366662346265 +31666265616463396363323462373330623539643732656539326533353231393236356336346462 +64636536303939323435633930353538373464363431313664616234353230623132313035613634 +37363437363131626339626164373162323961303862363734646533313935383137633336303166 +39326430306466356466613061613835353831376531303263613137636164653331396335386234 +32626464393032333135633733626137333130353839623066366439323539343534336263303665 +61353233316263623062336232306663343435386365666235613764366266373136623337363433 +36356337383764353432386435616634343634333931653135303466663133643633306431306165 +66633937356137393638626237643334343562373836623464313537316362333336643566643962 +36653233623861383133333261366331663564656466363134343031616539656436346566646266 +31393463316566313836636333356265623134393464623633373163363162373037363738646165 +33656439303137373063363832613134326536313936646162386438336631666630366463383333 +30383236316364313631643736376538356335346438626461383432386234643032336563333164 +31363065383339663961366132663262303661613064636432313636346262626565636639633764 +38313037376465626339663535613832313164656366363835383438626233343762363161336532 +38616433306664613736393565323263393739663531326164623332313365313662326263326234 +30666464656333616231616531623166633361386265356235366435636231653462613835386637 +62636133326536303935346532633932363761323337636232313364666331636239373264613565 +62386665343831376437346130633262366562316234343933356239303164613937623138333065 +61626462393535366239626163646437393333643061376236626436636437303064306632393134 +65643539303334366665653730393463306263353936386536643764623339323338666265363735 +64633235646562636130623636356434626439663630636661303164326464663866636531316462 +34636461313731393035386239393731643337393933373865643639623664663464623963376664 +65393031643037393166636535633234626136313462636135326231353765343138336464323432 +63396464383332333962363132666539323964643763353135356231303865303033323161396632 +37373838343366363762633036346338626539663865616536373934386435373137633336626235 +39393834643638303236613930373666393936346162313262366632306431636131 diff --git a/k8s/roles/coder/tasks/main.yml b/k8s/roles/coder/tasks/main.yml index 0e0a130..b0527aa 100644 --- a/k8s/roles/coder/tasks/main.yml +++ b/k8s/roles/coder/tasks/main.yml @@ -34,6 +34,6 @@ name: coder chart_ref: coderv2/coder release_namespace: coder - chart_version: 2.2.1 + chart_version: 2.3.1 update_repo_cache: true release_values: "{{ lookup('template', 'values.coder.yml.j2') | from_yaml }}" \ No newline at end of file diff --git a/k8s/roles/codimd/tasks/main.yml b/k8s/roles/codimd/tasks/main.yml deleted file mode 100644 index 694fa50..0000000 --- a/k8s/roles/codimd/tasks/main.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -- name: Create CodiMD namespace - kubernetes.core.k8s: - name: codimd - api_version: v1 - kind: Namespace - state: present - definition: - metadata: - labels: - prometheus: default - -- name: Add CodiMD chart repo - kubernetes.core.helm_repository: - name: codimd - repo_url: https://helm.codimd.dev/ - -- name: Deploy CodiMD chart - kubernetes.core.helm: - name: codimd - chart_ref: codimd/codimd - release_namespace: codimd - chart_version: 0.1.10 - update_repo_cache: true - release_values: "{{ lookup('template', 'values.codimd.yml.j2') | from_yaml }}" - -- name: Create CodiMD ingress - kubernetes.core.k8s: - state: present - definition: - apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: codimd - namespace: codimd - spec: - rules: - - host: kb.icb4dc0.de - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: codimd - port: - number: 80 - \ No newline at end of file diff --git a/k8s/roles/codimd/templates/values.codimd.yml.j2 b/k8s/roles/codimd/templates/values.codimd.yml.j2 deleted file mode 100644 index 10b738e..0000000 --- a/k8s/roles/codimd/templates/values.codimd.yml.j2 +++ /dev/null @@ -1,62 +0,0 @@ -image: - registry: code.icb4dc0.de - repository: prskr/hackmd - tag: 1c8ecccb - -codimd: - connection: - domain: kb.icb4dc0.de - protocolUseSSL: true - database: - type: postgres - host: postgres-15-postgresql.postgres.svc.cluster.local - port: 5432 - username: "{{ codimd.db.user }}" - password: "{{ codimd.db.password }}" - databaseName: "codimd" - imageUpload: - storeType: minio - minio: - endpoint: minio.minio.svc.cluster.local - accessKey: "{{ minio.rootUser }}" - secretKey: "{{ minio.rootPassword }}" - secure: false - port: 9000 - imageStorePersistentVolume: - enabled: false - security: - sessionSecret: "{{ codimd.session.secret }}" - allowPDFExport: true - notePermission: - allowAnonymousEdit: false - allowAnonymousView: true - authentication: - local: - enabled: false - oauth2: - enabled: true - providerName: Forgejo - clientId: "{{ codimd.auth.clientId }}" - secret: "{{ codimd.auth.clientSecret }}" - authorizationUrl: https://code.icb4dc0.de/login/oauth/authorize - tokenUrl: https://code.icb4dc0.de/login/oauth/access_token - userProfileUrl: https://code.icb4dc0.de/login/oauth/userinfo - scope: openid profile email - attributes: - username: preferred_username - displayName: name - email: email - nodeSelector: - kubernetes.io/arch: amd64 - - -postgresql: - enabled: false - -service: - type: ClusterIP - -ingress: - enabled: false - hosts: - - kb.icb4dc0.de \ No newline at end of file diff --git a/k8s/roles/hedgedoc/files/config/base.env b/k8s/roles/hedgedoc/files/config/base.env new file mode 100644 index 0000000..d9245e1 --- /dev/null +++ b/k8s/roles/hedgedoc/files/config/base.env @@ -0,0 +1,36 @@ +CMD_DOMAIN=md.icb4dc0.de +CMD_URL_ADDPORT=false +CMD_PROTOCOL_USESSL=true +CMD_USECDN=false +CMD_SESSION_LIFE=1209600000 +CMD_HSTS_ENABLE=true +CMD_HSTS_MAX_AGE=31536000 +CMD_HSTS_INCLUDE_SUBDOMAINS=false +CMD_HSTS_PRELOAD=true +CMD_CSP_ENABLE=true +CMD_ALLOW_GRAVATAR=true +CMD_RESPONSE_MAX_LAG=70 +CMD_ALLOW_FREEURL=false +CMD_FORBIDDEN_NOTE_IDS=robots.txt,favicon.ico,api +CMD_DEFAULT_PERMISSION=editable +CMD_ALLOW_ANONYMOUS_EDITS=false +CMD_ALLOW_ANONYMOUS_VIEWS=true +CMD_ALLOW_PDF_EXPORT=true +CMD_DEFAULT_USE_HARD_BREAK=true +CMD_LINKIFY_HEADER_STYLE=keep-case +CMD_AUTO_VERSION_CHECK=true +CMD_ALLOW_EMAIL_REGISTER=true +CMD_EMAIL=false +CMD_OAUTH2_BASEURL=https://code.icb4dc0.de +CMD_OAUTH2_USER_PROFILE_URL=https://code.icb4dc0.de/login/oauth/userinfo +CMD_OAUTH2_AUTHORIZATION_URL=https://code.icb4dc0.de/login/oauth/authorize +CMD_OAUTH2_TOKEN_URL=https://code.icb4dc0.de/login/oauth/access_token +CMD_OAUTH2_PROVIDERNAME=Forgejo +CMD_OAUTH2_SCOPE=openid profile email +CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name +CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email +CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username +CMD_IMAGE_UPLOAD_TYPE=minio +CMD_MINIO_ENDPOINT=minio.minio.svc.cluster.local +CMD_MINIO_PORT=9000 +CMD_MINIO_SECURE=true \ No newline at end of file diff --git a/k8s/roles/skooner/files/kustomization.yaml b/k8s/roles/hedgedoc/files/kustomization.yaml similarity index 58% rename from k8s/roles/skooner/files/kustomization.yaml rename to k8s/roles/hedgedoc/files/kustomization.yaml index 552ad3a..d1babe8 100644 --- a/k8s/roles/skooner/files/kustomization.yaml +++ b/k8s/roles/hedgedoc/files/kustomization.yaml @@ -1,7 +1,12 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: kube-system +namespace: hedgedoc + +images: +- name: hedgedoc + newName: quay.io/hedgedoc/hedgedoc + newTag: "1.9.9" commonLabels: app.kubernetes.io/instance: icb4dc0de @@ -11,6 +16,8 @@ resources: - "resources/deployment.yaml" - "resources/service.yaml" - "resources/ingress.yaml" - - "resources/rbac/service_account.yaml" - - "resources/rbac/sa_token_secret.yaml" - - "resources/rbac/cluster_role_binding.yaml" \ No newline at end of file + +secretGenerator: + - name: hedgedoc-base-config + envs: + - "config/base.env" diff --git a/k8s/roles/hedgedoc/files/resources/deployment.yaml b/k8s/roles/hedgedoc/files/resources/deployment.yaml new file mode 100644 index 0000000..518c53b --- /dev/null +++ b/k8s/roles/hedgedoc/files/resources/deployment.yaml @@ -0,0 +1,43 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: hedgedoc +spec: + selector: + matchLabels: + app.kubernetes.io/name: hedgedoc + template: + metadata: + labels: + app.kubernetes.io/name: hedgedoc + spec: + containers: + - name: hedgedoc + image: hedgedoc + envFrom: + - secretRef: + name: hedgedoc-base-config + - secretRef: + name: hedgedoc-secret-config + ports: + - containerPort: 3000 + protocol: TCP + name: web + resources: + requests: + memory: "168Mi" + cpu: "50m" + limits: + memory: "256Mi" + cpu: "500m" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + runAsNonRoot: true \ No newline at end of file diff --git a/k8s/roles/skooner/files/resources/ingress.yaml b/k8s/roles/hedgedoc/files/resources/ingress.yaml similarity index 52% rename from k8s/roles/skooner/files/resources/ingress.yaml rename to k8s/roles/hedgedoc/files/resources/ingress.yaml index 6665093..d60d33c 100644 --- a/k8s/roles/skooner/files/resources/ingress.yaml +++ b/k8s/roles/hedgedoc/files/resources/ingress.yaml @@ -2,16 +2,16 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: skooner + name: hedgedoc spec: rules: - - host: skooner.icb4dc0.de + - host: md.icb4dc0.de http: paths: - - path: / + - pathType: Prefix + path: / backend: service: - name: skooner + name: hedgedoc port: - number: 8000 - pathType: Prefix \ No newline at end of file + number: 3000 \ No newline at end of file diff --git a/k8s/roles/hedgedoc/files/resources/service.yaml b/k8s/roles/hedgedoc/files/resources/service.yaml new file mode 100644 index 0000000..cf7020d --- /dev/null +++ b/k8s/roles/hedgedoc/files/resources/service.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: hedgedoc +spec: + selector: + app.kubernetes.io/name: hedgedoc + ports: + - protocol: TCP + port: 3000 + targetPort: 3000 \ No newline at end of file diff --git a/k8s/roles/hedgedoc/tasks/main.yml b/k8s/roles/hedgedoc/tasks/main.yml new file mode 100644 index 0000000..1bb3149 --- /dev/null +++ b/k8s/roles/hedgedoc/tasks/main.yml @@ -0,0 +1,38 @@ +--- +- name: Create HedgeDoc namespace + kubernetes.core.k8s: + name: hedgedoc + api_version: v1 + kind: Namespace + state: present + definition: + metadata: + labels: + prometheus: default + +- name: Create HedgeDoc secrets + kubernetes.core.k8s: + state: present + definition: + apiVersion: v1 + kind: Secret + metadata: + name: hedgedoc-secret-config + namespace: hedgedoc + data: + # Auth + CMD_OAUTH2_CLIENT_ID: "{{ hedgedoc.auth.clientId | b64encode }}" + CMD_OAUTH2_CLIENT_SECRET: "{{ hedgedoc.auth.clientSecret | b64encode }}" + + # DB + CMD_DB_URL: "{{ 'postgres://%s:%s@postgres-15-postgresql.postgres.svc.cluster.local:5432/hedgedoc' | format(hedgedoc.db.user, hedgedoc.db.password) | b64encode }}" + + # Image upload + CMD_MINIO_ACCESS_KEY: "{{ minio.rootUser | b64encode }}" + CMD_MINIO_SECRET_KEY: "{{ minio.rootPassword | b64encode }}" + + CMD_SESSION_SECRET: "{{ hedgedoc.session.secret | b64encode}}" + +- name: Deploy HedgeDoc kustomization + k8s: + definition: "{{ lookup('kubernetes.core.kustomize', dir=([role_path, 'files'] | path_join)) }}" diff --git a/k8s/roles/nocodb/files/config/base.env b/k8s/roles/nocodb/files/config/base.env new file mode 100644 index 0000000..fc85bab --- /dev/null +++ b/k8s/roles/nocodb/files/config/base.env @@ -0,0 +1,10 @@ +NC_PUBLIC_URL=https://noco.icb4dc0.de +NC_TOOL_DIR=/usr/app/data/ +DB_QUERY_LIMIT_DEFAULT=25 +DB_QUERY_LIMIT_MAX=1000 +DB_QUERY_LIMIT_MIN=1 +NC_JWT_EXPIRES_IN=1h +NC_DISABLE_TELE=true +NC_S3_REGION=us-east-1 +NC_S3_BUCKET_NAME=noco +NC_ADMIN_EMAIL=peter.kurfer@gmail.com \ No newline at end of file diff --git a/k8s/roles/nocodb/files/kustomization.yaml b/k8s/roles/nocodb/files/kustomization.yaml new file mode 100644 index 0000000..519eb1b --- /dev/null +++ b/k8s/roles/nocodb/files/kustomization.yaml @@ -0,0 +1,24 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: nocodb + +images: +- name: nocodb + newName: docker.io/nocodb/nocodb + newTag: "0.202.4" + +commonLabels: + app.kubernetes.io/instance: icb4dc0de + app.kubernetes.io/managed-by: kustomize + +resources: + - "resources/pvc.yaml" + - "resources/deployment.yaml" + - "resources/service.yaml" + - "resources/ingress.yaml" + +secretGenerator: + - name: nocodb-base-config + envs: + - "config/base.env" diff --git a/k8s/roles/nocodb/files/resources/deployment.yaml b/k8s/roles/nocodb/files/resources/deployment.yaml new file mode 100644 index 0000000..0f0dd30 --- /dev/null +++ b/k8s/roles/nocodb/files/resources/deployment.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nocodb +spec: + selector: + matchLabels: + app.kubernetes.io/name: nocodb + template: + metadata: + labels: + app.kubernetes.io/name: nocodb + spec: + containers: + - name: nocodb + image: nocodb + envFrom: + - secretRef: + name: nocodb-base-config + - secretRef: + name: nocodb-secret-config + ports: + - containerPort: 8080 + protocol: TCP + name: web + volumeMounts: + - mountPath: /usr/app/data + name: nocodb-metadata + - mountPath: /usr/src/app/ + name: app-volume + resources: + requests: + memory: "168Mi" + cpu: "50m" + limits: + memory: "256Mi" + cpu: "500m" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + volumes: + - name: nocodb-metadata + persistentVolumeClaim: + claimName: nocodb-metadata + - name: app-volume + emptyDir: + sizeLimit: 1500Mi + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + runAsNonRoot: true \ No newline at end of file diff --git a/k8s/roles/nocodb/files/resources/ingress.yaml b/k8s/roles/nocodb/files/resources/ingress.yaml new file mode 100644 index 0000000..4779b74 --- /dev/null +++ b/k8s/roles/nocodb/files/resources/ingress.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nocodb +spec: + rules: + - host: noco.icb4dc0.de + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: nocodb + port: + number: 8080 \ No newline at end of file diff --git a/k8s/roles/nocodb/files/resources/pvc.yaml b/k8s/roles/nocodb/files/resources/pvc.yaml new file mode 100644 index 0000000..6662d27 --- /dev/null +++ b/k8s/roles/nocodb/files/resources/pvc.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nocodb-metadata + labels: + app.kubernetes.io/name: nocodb +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: hcloud-volumes diff --git a/k8s/roles/nocodb/files/resources/service.yaml b/k8s/roles/nocodb/files/resources/service.yaml new file mode 100644 index 0000000..3b767f5 --- /dev/null +++ b/k8s/roles/nocodb/files/resources/service.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: nocodb +spec: + selector: + app.kubernetes.io/name: nocodb + ports: + - protocol: TCP + port: 8080 + targetPort: 8080 \ No newline at end of file diff --git a/k8s/roles/nocodb/tasks/main.yml b/k8s/roles/nocodb/tasks/main.yml new file mode 100644 index 0000000..332dda9 --- /dev/null +++ b/k8s/roles/nocodb/tasks/main.yml @@ -0,0 +1,39 @@ +--- +- name: Create NocoDB namespace + kubernetes.core.k8s: + name: nocodb + api_version: v1 + kind: Namespace + state: present + definition: + metadata: + labels: + prometheus: default + +# TODO deploy KeyDB for cache + + +- name: Create NocoDB secrets + kubernetes.core.k8s: + state: present + definition: + apiVersion: v1 + kind: Secret + metadata: + name: nocodb-secret-config + namespace: nocodb + data: + # DB + NC_DB: "{{ 'pg://postgres-15-postgresql.postgres.svc.cluster.local:5432?u=%s&p=%s&d=noco' | format(nocodb.db.user, nocodb.db.password) | b64encode }}" + + # Auth + NC_AUTH_JWT_SECRET: "{{ nocodb.jwtSecret | b64encode }}" + NC_ADMIN_PASSWORD: "{{ nocodb.auth.adminPassword | b64encode }}" + + # S3 storage plugin + NC_S3_ACCESS_KEY: "{{ minio.rootUser | b64encode }}" + NC_S3_ACCESS_SECRET: "{{ minio.rootPassword | b64encode }}" + +- name: Deploy HedgeDoc kustomization + k8s: + definition: "{{ lookup('kubernetes.core.kustomize', dir=([role_path, 'files'] | path_join)) }}" diff --git a/k8s/roles/postgres-config/tasks/main.yaml b/k8s/roles/postgres-config/tasks/main.yaml index da517be..0a844c7 100644 --- a/k8s/roles/postgres-config/tasks/main.yaml +++ b/k8s/roles/postgres-config/tasks/main.yaml @@ -10,8 +10,10 @@ password: "{{ gitea.dbPassword }}" - name: "{{ grafana.db.user }}" password: "{{ grafana.db.password }}" - - name: "{{ concourse.db.user }}" - password: "{{ concourse.db.password }}" + - name: "{{ hedgedoc.db.user }}" + password: "{{ hedgedoc.db.password }}" + - name: "{{ nocodb.db.user }}" + password: "{{ nocodb.db.password }}" - name: Create databases community.postgresql.postgresql_db: @@ -23,7 +25,9 @@ loop: - name: gitea owner: gitea - - name: concourse - owner: "{{ concourse.db.user }}" - name: grafana - owner: "{{ grafana.db.user }}" \ No newline at end of file + owner: "{{ grafana.db.user }}" + - name: hedgedoc + owner: "{{ hedgedoc.db.user }}" + - name: noco + owner: "{{ nocodb.db.user }}" \ No newline at end of file diff --git a/k8s/roles/skooner/files/resources/deployment.yaml b/k8s/roles/skooner/files/resources/deployment.yaml deleted file mode 100644 index d7e15b8..0000000 --- a/k8s/roles/skooner/files/resources/deployment.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: skooner - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: skooner - template: - metadata: - labels: - app.kubernetes.io/name: skooner - spec: - containers: - - name: skooner - image: ghcr.io/skooner-k8s/skooner:stable - ports: - - containerPort: 4654 - livenessProbe: - httpGet: - scheme: HTTP - path: / - port: 4654 - initialDelaySeconds: 30 - timeoutSeconds: 30 - resources: - requests: - cpu: 50m - memory: 50Mi - limits: - cpu: 100m - memory: 150Mi - nodeSelector: - kubernetes.io/arch: amd64 \ No newline at end of file diff --git a/k8s/roles/skooner/files/resources/rbac/cluster_role_binding.yaml b/k8s/roles/skooner/files/resources/rbac/cluster_role_binding.yaml deleted file mode 100644 index 06bdfa2..0000000 --- a/k8s/roles/skooner/files/resources/rbac/cluster_role_binding.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: prskr-cluster-admin -subjects: -- kind: ServiceAccount - name: prskr - namespace: kube-system -roleRef: - kind: ClusterRole - name: cluster-admin - apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/k8s/roles/skooner/files/resources/rbac/sa_token_secret.yaml b/k8s/roles/skooner/files/resources/rbac/sa_token_secret.yaml deleted file mode 100644 index 84147f2..0000000 --- a/k8s/roles/skooner/files/resources/rbac/sa_token_secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: prskr-token - annotations: - kubernetes.io/service-account.name: prskr -type: kubernetes.io/service-account-token \ No newline at end of file diff --git a/k8s/roles/skooner/files/resources/rbac/service_account.yaml b/k8s/roles/skooner/files/resources/rbac/service_account.yaml deleted file mode 100644 index 5dc5dbc..0000000 --- a/k8s/roles/skooner/files/resources/rbac/service_account.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: prskr \ No newline at end of file diff --git a/k8s/roles/skooner/files/resources/service.yaml b/k8s/roles/skooner/files/resources/service.yaml deleted file mode 100644 index 3fc032b..0000000 --- a/k8s/roles/skooner/files/resources/service.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -kind: Service -apiVersion: v1 -metadata: - name: skooner - namespace: kube-system -spec: - ports: - - port: 8000 - targetPort: 4654 - selector: - app.kubernetes.io/name: skooner diff --git a/k8s/roles/skooner/tasks/main.yml b/k8s/roles/skooner/tasks/main.yml deleted file mode 100644 index 0ef061d..0000000 --- a/k8s/roles/skooner/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: Deploy Skooner kustomization - k8s: - definition: "{{ lookup('kubernetes.core.kustomize', dir=([role_path, 'files'] | path_join)) }}" \ No newline at end of file