From 0eafcfea18b7ebe7d4afe51ae6f8e5acaf28e748 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Fri, 15 Sep 2023 10:24:36 +0300 Subject: [PATCH] Add inventory and k6.ee redirector --- hackerspace/goredirect.yaml | 57 +++++++++ hackerspace/inventory.yaml | 200 ++++++++++++++++++++++++++++++++ hackerspace/mongodb-support.yml | 1 + 3 files changed, 258 insertions(+) create mode 100644 hackerspace/goredirect.yaml create mode 100644 hackerspace/inventory.yaml create mode 120000 hackerspace/mongodb-support.yml diff --git a/hackerspace/goredirect.yaml b/hackerspace/goredirect.yaml new file mode 100644 index 0000000..ba06e3b --- /dev/null +++ b/hackerspace/goredirect.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: goredirect + namespace: hackerspace +spec: + replicas: 2 + revisionHistoryLimit: 0 + selector: + matchLabels: + app.kubernetes.io/name: goredirect + template: + metadata: + labels: + app.kubernetes.io/name: goredirect + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - goredirect + topologyKey: topology.kubernetes.io/zone + weight: 100 + containers: + - image: harbor.k-space.ee/k-space/goredirect:latest + imagePullPolicy: Always + env: + - name: GOREDIRECT_NOT_FOUND + value: https://inventory.k-space.ee/m/inventory/add-slug/%s + - name: GOREDIRECT_FOUND + value: https://inventory.k-space.ee/m/inventory/%s/view + - name: MONGO_URI + valueFrom: + secretKeyRef: + key: connectionString.standard + name: inventory-mongodb-application-readwrite + name: goredirect + ports: + - containerPort: 8080 + name: http + protocol: TCP + resources: + limits: + cpu: "1" + memory: 500Mi + requests: + cpu: 100m + memory: 200Mi + securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 diff --git a/hackerspace/inventory.yaml b/hackerspace/inventory.yaml new file mode 100644 index 0000000..097aa76 --- /dev/null +++ b/hackerspace/inventory.yaml @@ -0,0 +1,200 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: inventory + namespace: hackerspace +spec: + replicas: 1 + revisionHistoryLimit: 0 + selector: + matchLabels: + app.kubernetes.io/name: inventory + template: + metadata: + labels: + app.kubernetes.io/name: inventory + spec: + containers: + - image: harbor.k-space.ee/k-space/inventory-app:latest + imagePullPolicy: Always + env: + - name: ENVIRONMENT_TYPE + value: PROD + - name: PYTHONUNBUFFERED + value: "1" + - name: MEMBERS_HOST + value: https://members.k-space.ee + - name: INVENTORY_ASSETS_BASE_URL + value: https://minio-cluster-shared.k-space.ee/inventory-5b342be1-60a1-4290-8061-e0b8fc17d40d/ + - name: OIDC_USERS_NAMESPACE + value: oidc-gateway + - name: MONGO_URI + valueFrom: + secretKeyRef: + key: connectionString.standard + name: inventory-mongodb-application-readwrite + - name: SECRET_KEY + valueFrom: + secretKeyRef: + key: SECRET_KEY + name: inventory-secrets + - name: INVENTORY_API_KEY + valueFrom: + secretKeyRef: + key: INVENTORY_API_KEY + name: inventory-api-key + - name: SLACK_DOORLOG_CALLBACK + valueFrom: + secretKeyRef: + key: SLACK_DOORLOG_CALLBACK + name: slack-secrets + - name: SLACK_VERIFICATION_TOKEN + valueFrom: + secretKeyRef: + key: SLACK_VERIFICATION_TOKEN + name: slack-secrets + envFrom: + - secretRef: + name: miniobucket-inventory-owner-secrets + - secretRef: + name: oidc-client-inventory-app-owner-secrets + name: inventory + ports: + - containerPort: 5000 + name: http + protocol: TCP + resources: + limits: + cpu: "1" + memory: 500Mi + requests: + cpu: 100m + memory: 200Mi + securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /tmp + name: tmp + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + serviceAccount: inventory + serviceAccountName: inventory + terminationGracePeriodSeconds: 30 + volumes: + - name: tmp +--- +apiVersion: codemowers.cloud/v1beta1 +kind: SecretClaim +metadata: + name: inventory-mongodb-readwrite-password +spec: + size: 32 + mapping: + - key: password + value: "%(plaintext)s" +--- +apiVersion: mongodbcommunity.mongodb.com/v1 +kind: MongoDBCommunity +metadata: + name: inventory-mongodb +spec: + agent: + logLevel: ERROR + maxLogFileDurationHours: 1 + additionalMongodConfig: + systemLog: + quiet: true + members: 3 + type: ReplicaSet + version: "6.0.3" + security: + authentication: + modes: ["SCRAM"] + users: + - name: readwrite + db: application + passwordSecretRef: + name: inventory-mongodb-readwrite-password + roles: + - name: readWrite + db: application + scramCredentialsSecretName: inventory-mongodb-readwrite + statefulSet: + spec: + logLevel: WARN + template: + spec: + containers: + - name: mongod + resources: + requests: + cpu: 100m + memory: 1Gi + limits: + cpu: 4000m + memory: 1Gi + volumeMounts: + - name: journal-volume + mountPath: /data/journal + - name: mongodb-agent + resources: + requests: + cpu: 1m + memory: 100Mi + limits: {} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - inventory-mongodb-svc + topologyKey: kubernetes.io/hostname + nodeSelector: + dedicated: monitoring + tolerations: + - key: dedicated + operator: Equal + value: monitoring + effect: NoSchedule + volumeClaimTemplates: + - metadata: + name: logs-volume + labels: + usecase: logs + spec: + storageClassName: mongo + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Mi + - metadata: + name: journal-volume + labels: + usecase: journal + spec: + storageClassName: mongo + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 512Mi + - metadata: + name: data-volume + labels: + usecase: data + spec: + storageClassName: mongo + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/hackerspace/mongodb-support.yml b/hackerspace/mongodb-support.yml new file mode 120000 index 0000000..e834dd2 --- /dev/null +++ b/hackerspace/mongodb-support.yml @@ -0,0 +1 @@ +../mongodb-operator/mongodb-support.yml \ No newline at end of file