From 731a16baf3e691ce1699e82799696187d4e37231 Mon Sep 17 00:00:00 2001 From: Vegard Hagen Date: Fri, 19 Jul 2024 10:48:11 +0200 Subject: [PATCH] feat(homepage): add homepage and blog Add Vue Homepage, Hugo blog and Remark 42 for comments --- .../k8s/apps/homepage/application-set.yaml | 34 ++++++++++ .../apps/homepage/blog/hugo/deployment.yaml | 48 ++++++++++++++ .../apps/homepage/blog/hugo/http-route.yaml | 19 ++++++ .../homepage/blog/hugo/kustomization.yaml | 15 +++++ remodel/k8s/apps/homepage/blog/hugo/svc.yaml | 12 ++++ .../k8s/apps/homepage/blog/kustomization.yaml | 7 +++ remodel/k8s/apps/homepage/blog/ns.yaml | 4 ++ .../homepage/blog/remark42/deployment.yaml | 63 +++++++++++++++++++ .../homepage/blog/remark42/http-route.yaml | 19 ++++++ .../homepage/blog/remark42/kustomization.yaml | 19 ++++++ .../k8s/apps/homepage/blog/remark42/pvc.yaml | 13 ++++ .../homepage/blog/remark42/secret-github.yaml | 14 +++++ .../homepage/blog/remark42/secret-google.yaml | 14 +++++ .../blog/remark42/secret-remark42.yaml | 14 +++++ .../k8s/apps/homepage/blog/remark42/svc.yaml | 12 ++++ remodel/k8s/apps/homepage/kustomization.yaml | 10 +++ remodel/k8s/apps/homepage/project.yaml | 18 ++++++ .../apps/homepage/stonegarden/deployment.yaml | 36 +++++++++++ .../apps/homepage/stonegarden/http-route.yaml | 19 ++++++ .../homepage/stonegarden/kustomization.yaml | 8 +++ remodel/k8s/apps/homepage/stonegarden/ns.yaml | 6 ++ .../apps/homepage/stonegarden/service.yaml | 12 ++++ remodel/tofu/kubernetes/main.tf | 4 ++ 23 files changed, 420 insertions(+) create mode 100644 remodel/k8s/apps/homepage/application-set.yaml create mode 100644 remodel/k8s/apps/homepage/blog/hugo/deployment.yaml create mode 100644 remodel/k8s/apps/homepage/blog/hugo/http-route.yaml create mode 100644 remodel/k8s/apps/homepage/blog/hugo/kustomization.yaml create mode 100644 remodel/k8s/apps/homepage/blog/hugo/svc.yaml create mode 100644 remodel/k8s/apps/homepage/blog/kustomization.yaml create mode 100644 remodel/k8s/apps/homepage/blog/ns.yaml create mode 100644 remodel/k8s/apps/homepage/blog/remark42/deployment.yaml create mode 100644 remodel/k8s/apps/homepage/blog/remark42/http-route.yaml create mode 100644 remodel/k8s/apps/homepage/blog/remark42/kustomization.yaml create mode 100644 remodel/k8s/apps/homepage/blog/remark42/pvc.yaml create mode 100644 remodel/k8s/apps/homepage/blog/remark42/secret-github.yaml create mode 100644 remodel/k8s/apps/homepage/blog/remark42/secret-google.yaml create mode 100644 remodel/k8s/apps/homepage/blog/remark42/secret-remark42.yaml create mode 100644 remodel/k8s/apps/homepage/blog/remark42/svc.yaml create mode 100644 remodel/k8s/apps/homepage/kustomization.yaml create mode 100644 remodel/k8s/apps/homepage/project.yaml create mode 100644 remodel/k8s/apps/homepage/stonegarden/deployment.yaml create mode 100644 remodel/k8s/apps/homepage/stonegarden/http-route.yaml create mode 100644 remodel/k8s/apps/homepage/stonegarden/kustomization.yaml create mode 100644 remodel/k8s/apps/homepage/stonegarden/ns.yaml create mode 100644 remodel/k8s/apps/homepage/stonegarden/service.yaml diff --git a/remodel/k8s/apps/homepage/application-set.yaml b/remodel/k8s/apps/homepage/application-set.yaml new file mode 100644 index 0000000..e02d565 --- /dev/null +++ b/remodel/k8s/apps/homepage/application-set.yaml @@ -0,0 +1,34 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: homepage + namespace: argocd + labels: + dev.stonegarden: application +spec: + generators: + - git: + repoURL: https://github.com/vehagn/homelab + revision: remodel + directories: + - path: remodel/k8s/apps/homepage/* + template: + metadata: + name: '{{ path.basename }}' + labels: + dev.stonegarden: application + finalizers: + - resources-finalizer.argocd.argoproj.io + spec: + project: homepage + source: + repoURL: https://github.com/vehagn/homelab + targetRevision: remodel + path: '{{ path }}' + destination: + name: in-cluster + namespace: argocd + syncPolicy: + automated: + selfHeal: true + prune: true \ No newline at end of file diff --git a/remodel/k8s/apps/homepage/blog/hugo/deployment.yaml b/remodel/k8s/apps/homepage/blog/hugo/deployment.yaml new file mode 100644 index 0000000..5b99b49 --- /dev/null +++ b/remodel/k8s/apps/homepage/blog/hugo/deployment.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: hugo + namespace: blog + labels: + app: hugo +spec: + replicas: 2 + selector: + matchLabels: + app: hugo + template: + metadata: + namespace: blog + labels: + app: hugo + spec: + securityContext: + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 + fsGroup: 65534 + fsGroupChangePolicy: OnRootMismatch + seccompProfile: + type: RuntimeDefault + containers: + - name: hugo + image: registry.gitlab.com/vehagn/blog + imagePullPolicy: Always + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: [ "ALL" ] + envFrom: + - configMapRef: + name: hugo-env + ports: + - name: http + containerPort: 8080 + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 1000m + memory: 128Mi diff --git a/remodel/k8s/apps/homepage/blog/hugo/http-route.yaml b/remodel/k8s/apps/homepage/blog/hugo/http-route.yaml new file mode 100644 index 0000000..3eaae41 --- /dev/null +++ b/remodel/k8s/apps/homepage/blog/hugo/http-route.yaml @@ -0,0 +1,19 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: hugo-http-route + namespace: blog +spec: + parentRefs: + - name: euclid + namespace: gateway + hostnames: + - "blog.euclid.stonegarden.dev" + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: hugo + port: 80 \ No newline at end of file diff --git a/remodel/k8s/apps/homepage/blog/hugo/kustomization.yaml b/remodel/k8s/apps/homepage/blog/hugo/kustomization.yaml new file mode 100644 index 0000000..a6833fc --- /dev/null +++ b/remodel/k8s/apps/homepage/blog/hugo/kustomization.yaml @@ -0,0 +1,15 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +configMapGenerator: + - name: hugo-env + namespace: blog + literals: + - TZ=Europe/Oslo + - SERVER_LOG_LEVEL=warn + - SERVER_PORT=8080 + +resources: + - svc.yaml + - deployment.yaml + - http-route.yaml diff --git a/remodel/k8s/apps/homepage/blog/hugo/svc.yaml b/remodel/k8s/apps/homepage/blog/hugo/svc.yaml new file mode 100644 index 0000000..214f373 --- /dev/null +++ b/remodel/k8s/apps/homepage/blog/hugo/svc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: hugo + namespace: blog +spec: + selector: + app: hugo + ports: + - name: web + port: 80 + targetPort: http \ No newline at end of file diff --git a/remodel/k8s/apps/homepage/blog/kustomization.yaml b/remodel/k8s/apps/homepage/blog/kustomization.yaml new file mode 100644 index 0000000..1cce226 --- /dev/null +++ b/remodel/k8s/apps/homepage/blog/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ns.yaml + - hugo + - remark42 diff --git a/remodel/k8s/apps/homepage/blog/ns.yaml b/remodel/k8s/apps/homepage/blog/ns.yaml new file mode 100644 index 0000000..a98aecf --- /dev/null +++ b/remodel/k8s/apps/homepage/blog/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: blog \ No newline at end of file diff --git a/remodel/k8s/apps/homepage/blog/remark42/deployment.yaml b/remodel/k8s/apps/homepage/blog/remark42/deployment.yaml new file mode 100644 index 0000000..3230046 --- /dev/null +++ b/remodel/k8s/apps/homepage/blog/remark42/deployment.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: remark42 + namespace: blog + labels: + app: remark42 +spec: + replicas: 1 + selector: + matchLabels: + app: remark42 + strategy: + type: Recreate + template: + metadata: + namespace: remark42 + labels: + app: remark42 + spec: + securityContext: + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 + fsGroup: 65534 + fsGroupChangePolicy: OnRootMismatch + seccompProfile: + type: RuntimeDefault + containers: + - name: remark42 + image: umputun/remark42:v1.12.1 + ports: + - name: http + containerPort: 8080 + envFrom: + - configMapRef: + name: remark42-env + - secretRef: + name: remark42-secret + - secretRef: + name: remark42-github + - secretRef: + name: remark42-google + volumeMounts: + - name: remark42 + mountPath: /srv/var + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: [ "ALL" ] + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 1000m + memory: 128Mi + volumes: + - name: remark42 + persistentVolumeClaim: + claimName: remark42 + \ No newline at end of file diff --git a/remodel/k8s/apps/homepage/blog/remark42/http-route.yaml b/remodel/k8s/apps/homepage/blog/remark42/http-route.yaml new file mode 100644 index 0000000..1f8e331 --- /dev/null +++ b/remodel/k8s/apps/homepage/blog/remark42/http-route.yaml @@ -0,0 +1,19 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: remark42-http-route + namespace: blog +spec: + parentRefs: + - name: euclid + namespace: gateway + hostnames: + - "remark42.euclid.stonegarden.dev" + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: remark42 + port: 80 \ No newline at end of file diff --git a/remodel/k8s/apps/homepage/blog/remark42/kustomization.yaml b/remodel/k8s/apps/homepage/blog/remark42/kustomization.yaml new file mode 100644 index 0000000..f6bb577 --- /dev/null +++ b/remodel/k8s/apps/homepage/blog/remark42/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +configMapGenerator: + - name: remark42-env + namespace: blog + literals: + - TIME_ZONE=Europe/Oslo + - REMARK_URL=https://remark42.euclid.stonegarden.dev + - SITE=stonegarden.dev + +resources: + - svc.yaml + - pvc.yaml + - secret-github.yaml + - secret-google.yaml + - secret-remark42.yaml + - deployment.yaml + - http-route.yaml diff --git a/remodel/k8s/apps/homepage/blog/remark42/pvc.yaml b/remodel/k8s/apps/homepage/blog/remark42/pvc.yaml new file mode 100644 index 0000000..797cadf --- /dev/null +++ b/remodel/k8s/apps/homepage/blog/remark42/pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: remark42 + namespace: blog +spec: + storageClassName: proxmox-csi + volumeName: pv-remark42 + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1G diff --git a/remodel/k8s/apps/homepage/blog/remark42/secret-github.yaml b/remodel/k8s/apps/homepage/blog/remark42/secret-github.yaml new file mode 100644 index 0000000..0862f39 --- /dev/null +++ b/remodel/k8s/apps/homepage/blog/remark42/secret-github.yaml @@ -0,0 +1,14 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: remark42-github + namespace: blog +spec: + template: + metadata: + name: remark42-github + namespace: blog + type: Opaque + encryptedData: + AUTH_GITHUB_CID: AgCXAD8duSmHjp2yvx+vLBhzTDj6t1Qi+H7IreCMX4jcIbNYRvcuPl5/QqklNAqsx9depqK2tdiGpm/OlKPvhcaspndiFEGpMPh4II+NM7LojM547f+tJGGd03zQO3x4pHMnQLgE4JOhq4zDU+YSZT/g8MVDZmQuw+XHZfLH+6TpvfVrgqsH74ylWol7e6LpXo+qfv64GODN2s6PJwEXgLUYB5EcukqFz3fuHOtbaz1EbgfwznNU2n3UW7mXg712zg05CZ/JN+6zPgDXV+9sQyk9UBmy5zSka9WJISNPI5akXR5nyRLYOfGmv0J2KuAcnbIUVpkUpqAoWBy1dO2PvwWxyvc+ME8F+ZgHPajqAHx9oB7F5BoSCYUsRr/fVgGby+A9qld7Rio8LoMMEKS8fe6A9TMDPkXOyil4WuvtcQuFlfssCAHfg2bjP05TblnMIPxsQEjDh1iqj+eKE8Kmka/uX7yR7MKJxhU7prCN/kpWbWGbZIR4ECl6R1xB8MJdN6I+VG9Ipv59NeeDGUo5UZvj8/DtHvc+67fGQV3oOiBUinYxiByLDrRjacipk3oCIe14j7yclzj/rXaHaJvGpySXQrx/BTfisUuCoLpENCr7bTT2PDsK4H5vfUoo/SG8c65dlrQuF91C3ILeS0ZZMKsa90U4+OkSDZw+2O5QO+5IXWIbztI8RAPq+DrlkcQJTg+Z2Duah1A4q0JVANamiFNLUM4GkA== + AUTH_GITHUB_CSEC: AgCPS02vJBCvE3OvNOWg7jWXTYqPEEibShhDc+RnhORY5o3GZ0IFpaflsGEJo4dNObNFhlaMZuZp1IZ9XceFqebX65CjwtM7HfHCgLRPI4Y2x5dmUcK0RnDtqbQsc1ecr5A3A10kMYTxa8gzPkEMM/R/pb/6/hOY4CO2DgvPP6386eyrKDL41hRAXQHJm/tceg7Nq0GRRFG+kA51VeVmQavAejeyyqgatYlOkz6wiZOs4bdNRyUbA2IuidQJaivfwcFWu8+vNw73RNQBZEkw938xQPoDvcbSt1tlSm3g6oMwTrUgrcQaiKv9g1MgfgKDq6MMLQSIjB1zYse8927r7668Robtd80wkwZPdOhUdYpmOHI4uSS9x6mxqaNlTjTxeg1bjgULTKl9NAeY9djpjJRDaMGnyZhAcsnsY15MWlTlX6SazrtvYdFlkDEnUbA5ahQBltV6pFr4RE9eoi16tsKRQFKGWnLx3vZo7zNpQKbxcFHoY64swXGNNgFCg3xIFeXsuu3CeQkDnC6mwjfXZOjc6B2T25sgnPCnPT3IRi0UDlwAO1mCO+gikDta4WyP+uPQ0frhkt5nezJQc8Y/mgCLjANvIY1zeP3k2StndOS5fefB+56iBLNPxABMQxXwjNacZ+/ONwe5lDb4fpY/2EGxR4nACY+7wPbE2YPFzLv/gAYoBbxus1muSF3l4Is25r5urJE6Th3RHtCMS+VSA/4WYxxRN4ctvkmUAJ9nfzM0YrwIwXJtCW0l diff --git a/remodel/k8s/apps/homepage/blog/remark42/secret-google.yaml b/remodel/k8s/apps/homepage/blog/remark42/secret-google.yaml new file mode 100644 index 0000000..cf0033e --- /dev/null +++ b/remodel/k8s/apps/homepage/blog/remark42/secret-google.yaml @@ -0,0 +1,14 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: remark42-google + namespace: blog +spec: + template: + metadata: + name: remark42-google + namespace: blog + type: Opaque + encryptedData: + AUTH_GOOGLE_CID: AgAa1H8GiVeeW1IfzSa8IgqmgdH7FOJBJ+ymfXTLjzuXSc38WaqegeY2PFL+ekE4fGTozBE5aNK1tgVL6oL4ir+bAZD04FKUkQAlvwQtvX8ROPhn6+bV3YS1041rxKDn11e/S5GC2cEzYmtqI2VH/TOPuEbm74FTwcMvi/SImDWWsxT6RzpBoGhQf7mSFLLkRXibhO67iWnvI+/v7KEFIxuhb6t5BCmRc8tq3PVJZX1CSMXoxbo0S5xIHK0BO2Ruy6wyUKNDGS192E4a2fueM/Iyf3+DmC0jbw18W18BvwiA8aS5tSp9xOJ+qkK1qsowhi6QubOKK6yuQAEPxczp7J3LhrdZ2zfQkHIl7mR6sTjrGM8i9GFgxOcUdTsP5Rr/x+okjPgezMpoTKuVUfdZ9ide9nCHVWELRp5YQUPWk7sWskuYepfMvI/x6M62NuWGJWATy4tfBSB/psCi9amJXwL4akb6NKzzsjHcTtRnL6wpLRlLrNyN7kCtfLg8qOjxovLzEWydJznRnAs9v8gqjlUD7U7kh+k+9Nc1Rqrn8WEfb1lPHtUgoB0G+4SCzeYqHqBOgjN6RIXP4y74wSB72aN8ZFzpbfCbMlSU9gMFN+alQ0GoWGTQ4mlkuy6t8rV+C7joM/KXdvBVQ/nARyXgyde5Uoh1E8gKYaZXAFCaZySdUCznwdm1Ue+q2X33Pobf4Gqpuu9WxKWENphPs2c6iS2yMw6T4mPU4yyLunipLqRrXf4VQMiwxD1YP1QK7ZkeCkoMQOqS6pOKDFaP4u/NVAxANH2otoha5VM= + AUTH_GOOGLE_CSEC: AgB5ZOQUZgptMzvi3IR+XWq6a2FA5NeBg8kxEJBbRhtRRevoQ0p+puHtyT1skX9t4rhdFgRKpJPuEAzus63t4mrv9PPJ9l3XXvmztFsXLTpJdDWXoskaFD9kks+BJzlS6kCFYmLnljm5E3rHk1B1ImrePus1YtMbjOev8Arzxkks2EqFW9k88LpXsgVyya2ueUNvCdE6LmSjIKa9W33+Tm5qgoNYbXY6zAaMQzhiN2PA46oHBccabxKSzVbdaDj7Xz3IAzb5TF7GSQlHCClU3p0hgBninL9nuuVyICH2I+5m0Vv9LnmJ+CItkA/8FZNbxUX4Z7ZMaG9gl3jAtBJqbz54KeTCgOz9HZarEI5EepWKom0VqBY8/05BqMQz1om7Y7FlCx5lZ6FjnJVBD2cGc/g7q824Q1X8POQnh46gnLySd2FCOSv38QoJjdkzdMjT61LTqSnPT7R8ZE0+lMCkmBopsBs8DbuM5/YxjFUzsVj9zs5mq/EWl5G835l+aHXkQWOmlE9UOiD7nPWQX58sL8QZdt0Maj/Q84CMHWS1ZWtV+lmA98XnT5oHwE9GL3SNCVWW33Ld6KQlxPyuMol0PsiNySJVzu+yX2S/BzMrmcrgLqAiZvI5dXX5RfUE3uQmyekxMPYh9B5BBmr9SS3WB0o5kEdEF4stt1UhWRj/Sazdh5TWJ8NP6brkS+CXhX9RA9pAW3wvFAPUbu7w+Be/cRm4wJpm8J6ekm+4PIKUVoE5J7EnIw== diff --git a/remodel/k8s/apps/homepage/blog/remark42/secret-remark42.yaml b/remodel/k8s/apps/homepage/blog/remark42/secret-remark42.yaml new file mode 100644 index 0000000..1ea8370 --- /dev/null +++ b/remodel/k8s/apps/homepage/blog/remark42/secret-remark42.yaml @@ -0,0 +1,14 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: remark42-secret + namespace: blog +spec: + template: + metadata: + name: remark42-secret + namespace: blog + type: Opaque + encryptedData: + ADMIN_SHARED_ID: AgB/aNJf9wbGvxZjqooeNaCTGSSi+Mq9ihYlI8bnendht9BRpT1Kil2x9S+J1FSnzpW0xYFjCM6wYPUxBFU8G+/vU7ZdmUHUt+ID/aHDju5HmL28OIMdgijJBK0KXXs+qZGM5TzYl7nu4fUAc/qM0S4dGket6Sfb8haJEW3DOpgJ1LqGptaAhHwHLdT91qjkGSw/vEK9GtQFVbcF6q+O699gXKY52u+D8JrfItp+LIOqhcpDnGA7R9alwCBOtsw0cFxUTyYTojlmU4EKggqgzP0vssLYBiv9Du8k0IUUZw8lU/lsOVTR8xJB0ZdeIB6tSwUO+T1WhmTzv0MoJM2picujHVdfWMXA2SGPVnAFCXqopnqXpFLv/oDGgqDAV8PxAO3HlyYV3+yir6LnurEZgtSoyVG5RErJRLwsjZthfAUeJyl/uo7fSQQ1bFRIUaMk/8qmxOv/h0EiDg/nWZlJaD3Bdi+xGt8m+SpzUQitsEPR98L8ccRPyKDRUGp37+JbPDQzYxLnLwmvb1GLcNkApvpGD/IimlHLMM9M5HiMILUEoJL7KU5BX5epgSA5T2VVrdLu00kjQK5f8iRGXUWc4R8/t+BFPgm0PIu2aUeC1p59Gk82gVL8uTI8CBehjWeRvhtVFl/U4fqpyvgKy6hrAu89Bs+WrJ7YdwYs9CJfQ87WTaSW+b2z6YBcOTbFrtbd1hvDSypr9O+L4FxorvB78F7K7ixiaugCreFWX1x85J2tzVl8Aal+JQXezszXMuCJ4Oeqe2Aykvr1SXek/jdEdbXUb0tIvwZWOEdvXD4a+g6i/5v2iEhWk1suEwdEBRpW7Q== + SECRET: AgAINe0r/Bk3kMdrMba/+kCiMsAuNE5OIptTnmzBlZfpTWuAo9ozKRVBBvo+/zGDmlETQMlq4C1MsrvcPHXnJols8DCfufMVuIyMWosxzhVOiApoEc6MGwy6QfgI19AbliBes5fCTqGHc39WKg+UA64OkEl5H+LtMezPC6EGnezL7sD5rrc3Vqdi7x/XfrwBI6xJ044aE8wRH6syuH1Py2FPdn8Y07DaV2Wuz9jNIhhjNQdDy80G+q6GHYKi0PsMe8zdLyd9rCxWmMk6SW8pyjTf2xn48Tp1ep9zfauhCnUQWDwPTz3JWe6GmPpTAH+xKDk5Glhyl6h0E/ScQJzdhUKcfh0idw8yALnzQhYPRQD4g/CcBXeu7DGURw8TM4VpwFPQAHVDfD2qvqfEaVoXCZkLpPGTotj8wr7MnB1nK8Ibcj4KbgGqIM6SlCS/AmlpmIBWlEQrAPYF9Hj/JR74+F43HZrwx2Ux8/8GBJCYlBgX9QAqrfffIBsDH89PPXyJgwTK3T1PMrRFRf7fx71NmOFogy7cBgiYYMka0VmCtDLvUfegO1KcQ1rjaNYkLai48u/CP/7Nyvz6LrF1tXe6w0AoEgRMGGZpB9InoF+5Xo8ZL9eZcz6dKyO1tUbIIEE5xbU7dGruWfcDh2upGAjbKQDcnZE+RaWallxaX+jfubwTh8G0Vah9wxt08ifTzF7R0AnAahS/8JQuo4R+kylczMNMTelOaelIN9Obx82JQBiAGrPTmXPW2RYr diff --git a/remodel/k8s/apps/homepage/blog/remark42/svc.yaml b/remodel/k8s/apps/homepage/blog/remark42/svc.yaml new file mode 100644 index 0000000..01f9190 --- /dev/null +++ b/remodel/k8s/apps/homepage/blog/remark42/svc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: remark42 + namespace: blog +spec: + selector: + app: remark42 + ports: + - name: web + port: 80 + targetPort: http \ No newline at end of file diff --git a/remodel/k8s/apps/homepage/kustomization.yaml b/remodel/k8s/apps/homepage/kustomization.yaml new file mode 100644 index 0000000..7d5929f --- /dev/null +++ b/remodel/k8s/apps/homepage/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: argocd +commonLabels: + dev.stonegarden: app-management + app.kubernetes.io/managed-by: argocd + +resources: + - project.yaml + - application-set.yaml diff --git a/remodel/k8s/apps/homepage/project.yaml b/remodel/k8s/apps/homepage/project.yaml new file mode 100644 index 0000000..2686adc --- /dev/null +++ b/remodel/k8s/apps/homepage/project.yaml @@ -0,0 +1,18 @@ +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: homepage + namespace: argocd +spec: + sourceRepos: + - 'https://github.com/vehagn/homelab' + destinations: + - namespace: 'argocd' + server: '*' + - namespace: 'blog' + server: '*' + - namespace: 'stonegarden' + server: '*' + clusterResourceWhitelist: + - group: '*' + kind: '*' \ No newline at end of file diff --git a/remodel/k8s/apps/homepage/stonegarden/deployment.yaml b/remodel/k8s/apps/homepage/stonegarden/deployment.yaml new file mode 100644 index 0000000..0fd8203 --- /dev/null +++ b/remodel/k8s/apps/homepage/stonegarden/deployment.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: stonegarden + namespace: stonegarden +spec: + replicas: 1 + selector: + matchLabels: + app: stonegarden + template: + metadata: + namespace: stonegarden + labels: + app: stonegarden + spec: + securityContext: + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 + fsGroup: 65534 + fsGroupChangePolicy: OnRootMismatch + seccompProfile: + type: RuntimeDefault + containers: + - name: stonegarden + image: registry.gitlab.com/vehagn/stonegarden:latest + imagePullPolicy: Always + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: [ "ALL" ] + ports: + - name: web + containerPort: 3000 \ No newline at end of file diff --git a/remodel/k8s/apps/homepage/stonegarden/http-route.yaml b/remodel/k8s/apps/homepage/stonegarden/http-route.yaml new file mode 100644 index 0000000..e3b4295 --- /dev/null +++ b/remodel/k8s/apps/homepage/stonegarden/http-route.yaml @@ -0,0 +1,19 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: stonegarden + namespace: stonegarden +spec: + parentRefs: + - name: stonegarden + namespace: gateway + hostnames: + - "stonegarden.dev" + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - name: stonegarden + port: 3000 \ No newline at end of file diff --git a/remodel/k8s/apps/homepage/stonegarden/kustomization.yaml b/remodel/k8s/apps/homepage/stonegarden/kustomization.yaml new file mode 100644 index 0000000..53584db --- /dev/null +++ b/remodel/k8s/apps/homepage/stonegarden/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ns.yaml + - service.yaml + - deployment.yaml + - http-route.yaml diff --git a/remodel/k8s/apps/homepage/stonegarden/ns.yaml b/remodel/k8s/apps/homepage/stonegarden/ns.yaml new file mode 100644 index 0000000..e1079e3 --- /dev/null +++ b/remodel/k8s/apps/homepage/stonegarden/ns.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: stonegarden + labels: + dev.stonegarden.app: homepage \ No newline at end of file diff --git a/remodel/k8s/apps/homepage/stonegarden/service.yaml b/remodel/k8s/apps/homepage/stonegarden/service.yaml new file mode 100644 index 0000000..037aa84 --- /dev/null +++ b/remodel/k8s/apps/homepage/stonegarden/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: stonegarden + namespace: stonegarden +spec: + type: ClusterIP + ports: + - name: web + port: 3000 + selector: + app: stonegarden diff --git a/remodel/tofu/kubernetes/main.tf b/remodel/tofu/kubernetes/main.tf index ce75cfc..aa39bbc 100644 --- a/remodel/tofu/kubernetes/main.tf +++ b/remodel/tofu/kubernetes/main.tf @@ -121,6 +121,10 @@ module "volumes" { node = "euclid" size = "1G" } + pv-remark42 = { + node = "euclid" + size = "1G" + } pv-jellyfin-config = { node = "euclid" size = "12G"