From 424d395058d21e03302be9113a4cfef0520e9229 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?c=C4=83t=C4=83lin?= Date: Fri, 5 Jan 2024 18:35:20 +0100 Subject: [PATCH] feat(k8s/services/miniflux): add basefiles --- k8s/argo-apps/dcsi.yaml | 2 +- k8s/argo-apps/miniflux.yaml | 18 +++++ k8s/argo-apps/sealed-secrets.yaml | 6 +- k8s/services/miniflux/deployment.yaml | 81 +++++++++++++++++++ k8s/services/miniflux/ingress.yaml | 17 ++++ .../miniflux/poddisruptionbudget.yaml | 10 +++ k8s/services/miniflux/sealedsecrets.yaml | 19 +++++ k8s/services/miniflux/service.yaml | 17 ++++ 8 files changed, 166 insertions(+), 4 deletions(-) create mode 100644 k8s/argo-apps/miniflux.yaml create mode 100644 k8s/services/miniflux/deployment.yaml create mode 100644 k8s/services/miniflux/ingress.yaml create mode 100644 k8s/services/miniflux/poddisruptionbudget.yaml create mode 100644 k8s/services/miniflux/sealedsecrets.yaml create mode 100644 k8s/services/miniflux/service.yaml diff --git a/k8s/argo-apps/dcsi.yaml b/k8s/argo-apps/dcsi.yaml index ada9e5b..10060ee 100644 --- a/k8s/argo-apps/dcsi.yaml +++ b/k8s/argo-apps/dcsi.yaml @@ -11,7 +11,7 @@ spec: source: chart: democratic-csi repoURL: https://democratic-csi.github.io/charts/ - targetRevision: 0.14.4 + targetRevision: 0.14.* helm: releaseName: zfs-nfs valuesObject: diff --git a/k8s/argo-apps/miniflux.yaml b/k8s/argo-apps/miniflux.yaml new file mode 100644 index 0000000..cd65265 --- /dev/null +++ b/k8s/argo-apps/miniflux.yaml @@ -0,0 +1,18 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: miniflux + namespace: argocd +spec: + destination: + name: '' + namespace: 'apps-roboces' + server: 'https://kubernetes.default.svc' + source: + path: k8s/services/miniflux + repoURL: 'https://git.roboces.dev/catalin/fukuops.git' + targetRevision: main + sources: [] + project: roboces + syncPolicy: + automated: {} \ No newline at end of file diff --git a/k8s/argo-apps/sealed-secrets.yaml b/k8s/argo-apps/sealed-secrets.yaml index 1b6a87c..2529dc7 100644 --- a/k8s/argo-apps/sealed-secrets.yaml +++ b/k8s/argo-apps/sealed-secrets.yaml @@ -11,12 +11,12 @@ spec: source: chart: sealed-secrets repoURL: https://bitnami-labs.github.io/sealed-secrets - targetRevision: 2.14.1 + targetRevision: 2.14.* helm: releaseName: sealed-secrets valuesObject: fullnameOverride: sealed-secrets-controller project: management sources: [] - - + syncPolicy: + automated: { } diff --git a/k8s/services/miniflux/deployment.yaml b/k8s/services/miniflux/deployment.yaml new file mode 100644 index 0000000..ae7d4bf --- /dev/null +++ b/k8s/services/miniflux/deployment.yaml @@ -0,0 +1,81 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: miniflux-deployment + namespace: apps-roboces + labels: + app.kubernetes.io/name: miniflux + app.kubernetes.io/managed-by: argo + app.kubernetes.io/version: 2.0.50 + annotations: + kube-score/ignore: pod-networkpolicy,deployment-has-host-podantiaffinity +spec: + selector: + matchLabels: + app.kubernetes.io/name: miniflux + replicas: 3 + strategy: + rollingUpdate: + maxSurge: 50% + maxUnavailable: 50% + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/name: miniflux + spec: + containers: + - name: miniflux + image: miniflux/miniflux:2.0.50 + imagePullPolicy: Always + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 10000 + runAsGroup: 10000 + capabilities: + drop: + - all + resources: + requests: + cpu: 300m + memory: 300Mi + ephemeral-storage: 2Gi + limits: + cpu: 400m + memory: 500Mi + ephemeral-storage: 4Gi + livenessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 3 + periodSeconds: 10 + readinessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 15 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 3 + periodSeconds: 10 + envFrom: + - secretRef: + name: miniflux + env: + - name: RUN_MIGRATIONS + value: "1" + - name: CREATE_ADMIN + value: "1" + - name: OAUTH2_PROVIDER + value: "oidc" + - name: OAUTH2_REDIRECT_URL + value: "https://feeds.roboces.dev/oauth2/oidc/callback" + - name: OAUTH2_OIDC_DISCOVERY_ENDPOINT + value: "https://auth.fukurokuju.dev/application/o/miniflux/" + - name: OAUTH2_USER_CREATION + value: "1" + restartPolicy: Always diff --git a/k8s/services/miniflux/ingress.yaml b/k8s/services/miniflux/ingress.yaml new file mode 100644 index 0000000..f1e9687 --- /dev/null +++ b/k8s/services/miniflux/ingress.yaml @@ -0,0 +1,17 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: miniflux-ingress + namespace: apps-roboces +spec: + rules: + - host: feeds.roboces.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: miniflux-service + port: + number: 8080 diff --git a/k8s/services/miniflux/poddisruptionbudget.yaml b/k8s/services/miniflux/poddisruptionbudget.yaml new file mode 100644 index 0000000..0792ad1 --- /dev/null +++ b/k8s/services/miniflux/poddisruptionbudget.yaml @@ -0,0 +1,10 @@ +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: miniflux-pdb + namespace: apps-roboces +spec: + selector: + matchLabels: + app.kubernetes.io/name: miniflux + maxUnavailable: 1 diff --git a/k8s/services/miniflux/sealedsecrets.yaml b/k8s/services/miniflux/sealedsecrets.yaml new file mode 100644 index 0000000..6329aec --- /dev/null +++ b/k8s/services/miniflux/sealedsecrets.yaml @@ -0,0 +1,19 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: miniflux + namespace: apps-roboces +spec: + encryptedData: + ADMIN_PASSWORD: AgCDa9wDtOtrc6jY7T7NLM4zwo5UJTZHPenu5QcxNd3XQWoTBZmm76Btwyn1eGgz9d3IOYYbKb9x8sHIIm0z2Fz17YO7sZsZ1snVLRlKk+Udbdr8vDD/geF4lqeMCR44ie6Y1Kgm8p8MJ63DslHkcgJFpw9Dd09BCLZZn84D/wNdIx9Ya0yDDgi2N4y3F3fNmx1Eh8N4n3C3Y/SKD2LVAzyyzDu0LqbCY5u+etKP96NAXl57nxoJPIaa2iqvIcvLur7KDUT3UmCeWAl0CppIXV/AEW8yHd/cSt/ukWpKIsq5aRmS+gsR3WpnVQrv/miVHdzY4nz/iEtl44W3t2lQvf2TUQmRzi8ubuPtu/JE6rASXZKRAR9LQClL/GX0iU5Y0iHX1z+Fe7M4CPCHSAHkPsy1rZuPa5NB56ywAbQIhiUoKNkYSQBQ5q4LBmaOmPDOW/Mwro2QQV9m1klXs/9xBTi8Zjcpdi+d38meflN3pw5sfcPsAWz3M5c+i+r2uDqZymSqmwUPaHrXAcuQCEeXTw07IJtBPFY3uHQfHo/STCparyKNmYo9Kzm4UAIu+j9GetSk6AoTEAoqd9Xpg2h/DrRL7izwfJQXvQKjqwX3wixlhzaFTD8xn7/+24pVzjjAPsOR43CMn9o8C05FkNNY2b8uL9dZysu4Donop17o4QkgirfNLksoWeEeGaG/NMrOkQ+O7rdG06pC1cEqMI6G2w== + ADMIN_USERNAME: AgAjz/v2LyfQbrY20FaIpP5jpr1Gu+4KdbvffuVsTiUTqSghOTKViteqAkw0J7OytyXfShIvrD3hiaKQnZG7eQnnwgCtOB1LYT8apARtzvCeoL4Ysr94mUYh/JRtRtSf1K0zI5hEzWBs8c8EcyDaw0ch+7TTZw68ih52OJVpN8AIpkpvi10M97cnp3IzguNEJV0ex6O8s5f2G10s7elUnIZzkdtvYL+1aEeu7HknCITIUhvQkF11iGarV5FAr2vY7gpBwzjcnbW3Sz0Bv9Pst1cNfKyHitUoeql3fL+Jf0rKMIQDnNrCRcWk1gMYzZrMpcD4PAP8o7CygLw8CTNVeod9dv0gfJVOmiQVxRbC7y7ZDm672e61M+kc3mnHtASAI1XRI2IBKCTg/jmjhFF4hUu3p2pjYS/azkJDu3wEqteAtDBG6sd44v8DsJrDDASLN4fGdhaQ3UZNK6hGTgjyVzI3qugfu+v3DPv3zVIXfRRqMMiDCTOc+8dX55eWm/SarBfV8cUZ80RlFV8XMGU49fxPzCmRus0ZZX/pyr/Gxq67ZVQupyswQh1I+PXFo00bF9/BahdffYGIORo3Qd9Ng3JnewaIu0VsJHWtWSEGVgO9s/iX3V7ZT84wjalFznK0IJNQCb+J9dvfub2zFh9ShvJ9lPq+mGlYk0SXC707EQK6aESPbCErBCd+yZFF2WMem8ofWIon9w== + DATABASE_URL: AgAxGhBom5Z6+NxnIoTHaP05BDXJaVC2k1kUUe7/jmj0d15hsRR2so5NSqHpfZEYkOKQ484hu0Om+USrDyFr73BqcgHMGa1/WqiwuxMtw9/rh26zEONl0aRNrQponOngYigMBq0+zVBUGm8i5i6A03D3auyX0ww1kZO9yKqJmKnk2+GV5x6BnnDAfkVdn0v88kkdhuVUiXz5UH98PA+lJU7FtwR06uUYkKCPtc0JChM5jzajKqqqOhcgUW3d7I7ATqVeGWk3wn04uHFjRtxvYhlF6EF6wU4VVmEjwOQJ5aWLPEZuc2UpOhTjb6FtK/CNphVjUzCGSIF9WdZT6TacBVf2q88Zc1Gan2Mm3bE1OtBGek0qK94X1X+OgtwYYBPlZTTGMDBSF6qkb0QnYmTOuNKRC50IBxuGwFwh6T+V14ttEHUhipOknDbxdRzVpo1vvKqDORNcgZaenyK4fCpjU5xyYKMOR65YmubPLm7jL/0hwZvkBJjLfszjeqbKD+ptrZEmgvrALyHLxYEjXfVMblEKltME5vIj6DoM2IEHM1P8kTnDtfoN+YtOTPO9xtnHh1VSxV5QH9v82HeFVVZ0jT4oudAL0uL6bA2OnJMgFue7yrSYepJZhUdldndYQP0k6ur9aeuAwp6ptteif/fDFzsQ++qF8FwuZVJ7T/tw4IyyBL4dnieTaCISoHUEi1P3BMB16hDVsqnwXsmc2L1bo6aCLQ5ySVidfIbRdHz76VUJVsZqvfTIO+mXTTwvJexOEBxnNWMtwF+oQYIW4US8Two+JvM= + OAUTH2_CLIENT_ID: AgB7Ksnv37BXR7GVKSgUbRGGc2+A1mbVWHxo9M3g83DEcPW3eWpJOvEtRTuPtRVFX8zZZPN9D37wCJbRT2rkfwBvP60TXvXmvV0jySSs/Sp6e1AAT/MS21BxmU4YL7OkQdIdfriv9QdXvX0wNM1ePjiVOhnJ1B3Oial+dtAp4Kw0KO81uQi/ils6ctQiZ365J0hh65z7YWtTUhzAbLLxUA8Rd19XBmotRPBMFhSXG2J4OvmSY1SoupeJkGt4Jo3pYs3e6g/Wggo113NUifNJb8tzSmGPM3fB8rckfiG+5A57h3/waAiKrRY71kutH4a+ATi0+5gQxVhZo+SkeeQD4Ws67ejH+/hNWAVst5Ld1xV2W5YRkVBXz/8dyDtm9fSaMTq+eoYOaQbGOMSjlI8dF4YZcd4Lkweecx8nl3ZVSChms+pUIVPztBNOSeophb04NA2U+sZ/HZHRXXQGm4WmSZRs3XDXZPNKBqPIbPasxE2+3vKkgdbWG9MP1s1vGI8Rc4kWsekt1nxMOTP6xE+A6/xcDz2Usjf+K2RZKWklvqSWwF3n9X0r5Do8+XXbII8QEjjY2XG1WIlsyKFTKzrGhcrkRtdQAz3hvCQ3735R414QSWvbD7rmvhF9+WPuamxjQu0F02N2TGK9t8LPuwGlSWfALkFhuetlHkrLKakcaULf/6V7MQjY1Ucdtr5lwzYbpJoluxnCJ8pTYULhVe3lyF7Dc9OeW9DdFTbBceFUEBTtD6aXxqaIiMLk + OAUTH2_CLIENT_SECRET: AgAjqVgKsaEJtlfAStw7Yq2Ohde3fP/RXqTUYiAVXxHBVHL/dp9k+20RhgMlAOjZ0seFwJymube7AKAba9/HNmLxGGbtcLR+Z0akAZ+gXaVsfUxfJAdUNVYhg2nRoAtZe0zN+JqwzUuIqbYDw9iDR6KyuEQg07JyEfxYHkoCOm1oyOGSvjwNkEPxp84AJQnXTRd5FoHo5FrepHsOv74lZ5PXC2eJblCmZ8EBT2b3AuQAmwQQd+Tz35IDZFNACXgAyBB8vHL/VmOawr+3Sf3EiaHXLuQA5+xnOko3JxKJyem/aZxrRafCUgnxQfKJ1N3+uebHj2v5RcHFh8d6P74IXC+dahq0WyIIdfLYsBv1qfR/vNT8JHE9d9G6X5FQkzJpEAcKqh+3lGYivFfyVZJzWEIaEeP30geRYksD/z0g1DGhj8XCfqjhnS9eiRZxB9hroPYyb/LtLB0vdgqDEA96adCN7qn6u9LlcsjC/fetSKuMi56RtPrAMzkpm56wlPNbA/E9DDnlNnK5lEwuXnxH7duB+i8DcDs5ResNGC3Z6kCs55tFRZQA1rTmtSGIdFBAcQSbQW5IbOk9I6HeVEX423MsglBwaVIVRFCswK0qTNIXj5u68/7drldEkmb84nhyXTOY+mRc9thTZiJASIO6HpsV+hTboHu9I+7yhSMxIyvYtjzBiL24elPg6L3L/3zlZqaxp8Nl9gkuU3rdtQnQYd0eTgripAvI8MONkC6mLUBqUoTFvg6XWGmDdsmnwO9zZ/I5vuszKpYFBAP1ErgJpk1djipmvciJMUrtxeLRKAT2PniwTx0mvQd2rrszya/ABz5wmDqcS6qeY1W2+laWpDRgrdAKukBIX4UoU2Xy0fm4Gg== + template: + metadata: + creationTimestamp: null + name: miniflux + namespace: apps-roboces + diff --git a/k8s/services/miniflux/service.yaml b/k8s/services/miniflux/service.yaml new file mode 100644 index 0000000..171295b --- /dev/null +++ b/k8s/services/miniflux/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: miniflux-service + namespace: apps-roboces + labels: + app.kubernetes.io/name: miniflux + app.kubernetes.io/managed-by: argo + app.kubernetes.io/version: 2.0.50 +spec: + selector: + app.kubernetes.io/name: miniflux + type: LoadBalancer + ports: + - name: miniflux-service + protocol: TCP + port: 8080