github-personal/Biohazard
1
0
Fork 0
mirror of https://github.com/outbackdingo/Biohazard.git synced 2026-01-27 10:18:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(libreddit): migrate to redlib

Browse Source 
due to JSON HTTP2 changes found only in Redlib
This commit is contained in:
JJGadgets
2024-11-02 11:38:08 +08:00
parent 9a20aaca35
commit 4f6e508441
10 changed files with 160 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kube/clusters/biohazard/flux/kustomization.yaml
View File

@@ -98,7 +98,7 @@ resources:
- ../../../deploy/apps/miniflux/
- ../../../deploy/apps/elk/
- ../../../deploy/apps/firefly/
- ../../../deploy/apps/libreddit/
- ../../../deploy/apps/redlib/
#- ../../../deploy/apps/livestream/
#- ../../../deploy/apps/livestream/oven
- ../../../deploy/apps/soft-serve/

75
kube/deploy/apps/libreddit/app/hr.yaml
View File

@@ -1,75 +0,0 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: &app libreddit
namespace: *app
spec:
chart:
spec:
chart: app-template
version: 1.5.1
sourceRef:
name: bjw-s
kind: HelmRepository
namespace: flux-system
values:
global:
fullnameOverride: *app
automountServiceAccountToken: false
controller:
type: deployment
replicas: 1
image:
repository: ghcr.io/auricom/libreddit
tag: 0.30.1@sha256:58108c7aaf963cd7903c0e35f6af041f9ed77fdf8bd7019f79b9a989846ee97a
podLabels:
ingress.home.arpa/nginx-internal: "allow"
env:
TZ: "${CONFIG_TZ}"
LIBREDDIT_SFW_ONLY: "off"
LIBREDDIT_BANNER: "JJGadgets"
LIBREDDIT_ROBOTS_DISABLE_INDEXING: "on"
LIBREDDIT_DEFAULT_THEME: "dracula"
LIBREDDIT_DEFAULT_FRONT_PAGE: "default"
LIBREDDIT_DEFAULT_LAYOUT: "card"
LIBREDDIT_DEFAULT_WIDE: "on"
LIBREDDIT_DEFAULT_POST_SORT: "hot"
LIBREDDIT_DEFAULT_COMMENT_SORT: "confidence"
LIBREDDIT_DEFAULT_SHOW_NSFW: "on"
LIBREDDIT_DEFAULT_BLUR_NSFW: "on"
LIBREDDIT_DEFAULT_AUTOPLAY_VIDEOS: "off"
LIBREDDIT_DEFAULT_DISABLE_VISIT_REDDIT_CONFIRMATION: "false"
service:
main:
ports:
http:
port: 8080
ingress:
main:
enabled: true
primary: true
ingressClassName: "nginx-internal"
hosts:
- host: &host "${APP_DNS_LIBREDDIT}"
paths:
- path: /
pathType: Prefix
tls:
- hosts:
- *host
dnsConfig:
options:
- name: ndots
value: "1"
podSecurityContext:
runAsUser: &uid ${APP_UID_LIBREDDIT}
runAsGroup: *uid
fsGroup: *uid
fsGroupChangePolicy: Always
resources:
requests:
cpu: 10m
memory: 128Mi
limits:
memory: 300Mi

30
kube/deploy/apps/libreddit/app/netpol.yaml
View File

@@ -1,30 +0,0 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cilium.io/ciliumnetworkpolicy_v2.json
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: &app libreddit
namespace: *app
spec:
endpointSelector: {}
ingress:
# same namespace
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: *app
# ingress controller
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: ingress
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
toPorts:
- ports:
- port: "8080"
egress:
# same namespace
- toEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: *app
- toEntities:
- world

10
kube/deploy/apps/libreddit/ks.yaml
View File

@@ -1,10 +0,0 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: libreddit-app
namespace: flux-system
spec:
path: ./kube/deploy/apps/libreddit/app
dependsOn:
- name: 1-core-ingress-nginx-app

5
kube/deploy/apps/libreddit/ns.yaml
View File

@@ -1,5 +0,0 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: libreddit

23
kube/deploy/apps/redlib/app/es.yaml Normal file
View File

@@ -0,0 +1,23 @@
---
# yaml-language-server: $schema=https://crds.jank.ing/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: &name redlib-secrets
namespace: redlib
spec:
refreshInterval: 1m
secretStoreRef:
kind: ClusterSecretStore
name: 1p
dataFrom:
- extract:
key: "redlib - ${CLUSTER_NAME}"
target:
creationPolicy: Owner
deletionPolicy: Retain
name: *name
# template:
# type: Opaque
# data:
# age.agekey: '{{ .agekey }}'

112
kube/deploy/apps/redlib/app/hr.yaml Normal file
View File

@@ -0,0 +1,112 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/common-3.4.0/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: &app redlib
namespace: *app
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 3.4.0
sourceRef:
name: bjw-s
kind: HelmRepository
namespace: flux-system
values:
controllers:
redlib:
type: deployment
replicas: 1
strategy: RollingUpdate
pod:
labels:
ingress.home.arpa/nginx-internal: allow
egress.home.arpa/internet: allow
containers:
main:
image: &img
repository: quay.io/redlib/redlib
tag: latest@sha256:42db7afd24d3e55ceccb38f6e91ecfd44d78f381a04848bb4de67dae1836a3e4 # for JSON HTTP2 fix
env: &env
TZ: "${CONFIG_TZ}"
REDLIB_SFW_ONLY: "off"
REDLIB_BANNER: "JJGadgets"
REDLIB_ROBOTS_DISABLE_INDEXING: "on"
REDLIB_DEFAULT_THEME: "dracula"
REDLIB_DEFAULT_FRONT_PAGE: "default"
REDLIB_DEFAULT_LAYOUT: "card"
REDLIB_DEFAULT_WIDE: "on"
REDLIB_DEFAULT_POST_SORT: "hot"
REDLIB_DEFAULT_COMMENT_SORT: "confidence"
REDLIB_DEFAULT_SHOW_NSFW: "on"
REDLIB_DEFAULT_BLUR_NSFW: "on"
REDLIB_DEFAULT_AUTOPLAY_VIDEOS: "off"
REDLIB_DEFAULT_DISABLE_VISIT_REDDIT_CONFIRMATION: "false"
REDLIB_ENABLE_RSS: "on"
REDLIB_FULL_URL: "https://${APP_DNS_REDLIB}"
REDLIB_SUBSCRIPTIONS:
valueFrom:
secretKeyRef:
name: redlib-secrets
key: subscriptions
securityContext: &sc
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
resources:
requests:
cpu: "10m"
limits:
cpu: "1"
memory: "256Mi"
probes:
liveness:
enabled: true
readiness:
enabled: true
service:
redlib:
controller: redlib
ports:
http:
port: 8080
protocol: HTTP
appProtocol: http
ingress:
main:
className: nginx-internal
hosts:
- host: &host "${APP_DNS_REDLIB:=redlib}"
paths: &paths
- path: /
pathType: Prefix
service:
identifier: redlib
port: http
tls:
- hosts: [*host]
defaultPodOptions:
automountServiceAccountToken: false
enableServiceLinks: false
dnsConfig:
options:
- name: ndots
value: "1"
securityContext:
runAsNonRoot: true
runAsUser: &uid ${APP_UID_REDLIB:=1000}
runAsGroup: *uid
fsGroup: *uid
fsGroupChangePolicy: Always
seccompProfile: { type: "RuntimeDefault" }
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: fuckoff.home.arpa/redlib
operator: DoesNotExist

14
kube/deploy/apps/redlib/ks.yaml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: redlib-app
namespace: flux-system
labels: &l
app.kubernetes.io/name: "redlib"
spec:
commonMetadata:
labels: *l
path: ./kube/deploy/apps/redlib/app
targetNamespace: "redlib"
dependsOn: []

0
kube/deploy/apps/libreddit/kustomization.yaml → kube/deploy/apps/redlib/kustomization.yaml
View File

10
kube/deploy/apps/redlib/ns.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: redlib
labels:
kustomize.toolkit.fluxcd.io/prune: disabled
pod-security.kubernetes.io/enforce: &ps restricted
pod-security.kubernetes.io/audit: *ps
pod-security.kubernetes.io/warn: *ps