Add inventory and k6.ee redirector

hackerspace/goredirect.yaml

@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: goredirect
+  namespace: hackerspace
+spec:
+  replicas: 2
+  revisionHistoryLimit: 0
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: goredirect
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: goredirect
+    spec:
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - podAffinityTerm:
+                labelSelector:
+                  matchExpressions:
+                  - key: app.kubernetes.io/name
+                    operator: In
+                    values:
+                    - goredirect
+                topologyKey: topology.kubernetes.io/zone
+              weight: 100
+      containers:
+        - image: harbor.k-space.ee/k-space/goredirect:latest
+          imagePullPolicy: Always 
+          env:
+            - name: GOREDIRECT_NOT_FOUND
+              value: https://inventory.k-space.ee/m/inventory/add-slug/%s
+            - name: GOREDIRECT_FOUND
+              value: https://inventory.k-space.ee/m/inventory/%s/view
+            - name: MONGO_URI
+              valueFrom:
+                secretKeyRef:
+                  key: connectionString.standard
+                  name: inventory-mongodb-application-readwrite
+          name: goredirect
+          ports:
+            - containerPort: 8080
+              name: http
+              protocol: TCP
+          resources:
+            limits:
+              cpu: "1"
+              memory: 500Mi
+            requests:
+              cpu: 100m
+              memory: 200Mi
+          securityContext:
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000

hackerspace/inventory.yaml

@@ -0,0 +1,200 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: inventory
+  namespace: hackerspace
+spec:
+  replicas: 1
+  revisionHistoryLimit: 0
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: inventory
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: inventory
+    spec:
+      containers:
+      - image: harbor.k-space.ee/k-space/inventory-app:latest
+        imagePullPolicy: Always
+        env:
+        - name: ENVIRONMENT_TYPE
+          value: PROD
+        - name: PYTHONUNBUFFERED
+          value: "1"
+        - name: MEMBERS_HOST
+          value: https://members.k-space.ee
+        - name: INVENTORY_ASSETS_BASE_URL
+          value: https://minio-cluster-shared.k-space.ee/inventory-5b342be1-60a1-4290-8061-e0b8fc17d40d/
+        - name: OIDC_USERS_NAMESPACE
+          value: oidc-gateway
+        - name: MONGO_URI
+          valueFrom:
+            secretKeyRef:
+              key: connectionString.standard
+              name: inventory-mongodb-application-readwrite
+        - name: SECRET_KEY
+          valueFrom:
+            secretKeyRef:
+              key: SECRET_KEY
+              name: inventory-secrets
+        - name: INVENTORY_API_KEY
+          valueFrom:
+            secretKeyRef:
+              key: INVENTORY_API_KEY
+              name: inventory-api-key
+        - name: SLACK_DOORLOG_CALLBACK
+          valueFrom:
+            secretKeyRef:
+              key: SLACK_DOORLOG_CALLBACK
+              name: slack-secrets
+        - name: SLACK_VERIFICATION_TOKEN
+          valueFrom:
+            secretKeyRef:
+              key: SLACK_VERIFICATION_TOKEN
+              name: slack-secrets
+        envFrom:
+        - secretRef:
+            name: miniobucket-inventory-owner-secrets
+        - secretRef:
+            name: oidc-client-inventory-app-owner-secrets
+        name: inventory
+        ports:
+        - containerPort: 5000
+          name: http
+          protocol: TCP
+        resources:
+          limits:
+            cpu: "1"
+            memory: 500Mi
+          requests:
+            cpu: 100m
+            memory: 200Mi
+        securityContext:
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 1000
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /tmp
+          name: tmp
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      serviceAccount: inventory
+      serviceAccountName: inventory
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: tmp
+---
+apiVersion: codemowers.cloud/v1beta1
+kind: SecretClaim
+metadata:
+  name: inventory-mongodb-readwrite-password
+spec:
+  size: 32
+  mapping:
+    - key: password
+      value: "%(plaintext)s"
+---
+apiVersion: mongodbcommunity.mongodb.com/v1
+kind: MongoDBCommunity
+metadata:
+  name: inventory-mongodb
+spec:
+  agent:
+    logLevel: ERROR
+    maxLogFileDurationHours: 1
+  additionalMongodConfig:
+    systemLog:
+      quiet: true
+  members: 3
+  type: ReplicaSet
+  version: "6.0.3"
+  security:
+    authentication:
+      modes: ["SCRAM"]
+  users:
+    - name: readwrite
+      db: application
+      passwordSecretRef:
+        name: inventory-mongodb-readwrite-password
+      roles:
+        - name: readWrite
+          db: application
+      scramCredentialsSecretName: inventory-mongodb-readwrite
+  statefulSet:
+    spec:
+      logLevel: WARN
+      template:
+        spec:
+          containers:
+            - name: mongod
+              resources:
+                requests:
+                  cpu: 100m
+                  memory: 1Gi
+                limits:
+                  cpu: 4000m
+                  memory: 1Gi
+              volumeMounts:
+                - name: journal-volume
+                  mountPath: /data/journal
+            - name: mongodb-agent
+              resources:
+                requests:
+                  cpu: 1m
+                  memory: 100Mi
+                limits: {}
+          affinity:
+            podAntiAffinity:
+              requiredDuringSchedulingIgnoredDuringExecution:
+                - labelSelector:
+                    matchExpressions:
+                      - key: app
+                        operator: In
+                        values:
+                          - inventory-mongodb-svc
+                  topologyKey: kubernetes.io/hostname
+          nodeSelector:
+            dedicated: monitoring
+          tolerations:
+            - key: dedicated
+              operator: Equal
+              value: monitoring
+              effect: NoSchedule
+      volumeClaimTemplates:
+        - metadata:
+            name: logs-volume
+            labels:
+              usecase: logs
+          spec:
+            storageClassName: mongo
+            accessModes:
+            - ReadWriteOnce
+            resources:
+              requests:
+                storage: 100Mi
+        - metadata:
+            name: journal-volume
+            labels:
+              usecase: journal
+          spec:
+            storageClassName: mongo
+            accessModes:
+            - ReadWriteOnce
+            resources:
+              requests:
+                storage: 512Mi
+        - metadata:
+            name: data-volume
+            labels:
+              usecase: data
+          spec:
+            storageClassName: mongo
+            accessModes:
+            - ReadWriteOnce
+            resources:
+              requests:
+                storage: 10Gi

hackerspace/mongodb-support.yml

@@ -0,0 +1 @@
+../mongodb-operator/mongodb-support.yml