diff --git a/discourse/application.yaml b/discourse/application.yaml new file mode 100644 index 0000000..2979e46 --- /dev/null +++ b/discourse/application.yaml @@ -0,0 +1,382 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: discourse + annotations: + external-dns.alpha.kubernetes.io/target: traefik.k-space.ee + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" +spec: + tls: + - hosts: + - "*.k-space.ee" + secretName: + rules: + - host: "discourse.k-space.ee" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: discourse + port: + name: http + +--- +apiVersion: v1 +kind: Service +metadata: + name: discourse +spec: + type: ClusterIP + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/instance: discourse + app.kubernetes.io/name: discourse +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: discourse +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: discourse + annotations: + reloader.stakater.com/auto: "true" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: discourse + app.kubernetes.io/name: discourse + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: discourse + app.kubernetes.io/name: discourse + spec: + serviceAccountName: discourse + securityContext: + fsGroup: 0 + fsGroupChangePolicy: Always + initContainers: + containers: + - name: discourse + image: docker.io/bitnami/discourse:3.3.2-debian-12-r0 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - CHOWN + - SYS_CHROOT + - FOWNER + - SETGID + - SETUID + - DAC_OVERRIDE + drop: + - ALL + privileged: false + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + env: + - name: BITNAMI_DEBUG + value: "true" + - name: DISCOURSE_USERNAME + valueFrom: + secretKeyRef: + name: discourse-password + key: username + - name: DISCOURSE_PASSWORD + valueFrom: + secretKeyRef: + name: discourse-password + key: password + - name: DISCOURSE_PORT_NUMBER + value: "8080" + - name: DISCOURSE_EXTERNAL_HTTP_PORT_NUMBER + value: "80" + - name: DISCOURSE_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: discourse-postgresql + key: password + - name: POSTGRESQL_CLIENT_CREATE_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: discourse-postgres-superuser + key: password + - name: POSTGRESQL_CLIENT_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: discourse-postgres-superuser + key: password + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: discourse-redis + key: redis-password + envFrom: + - configMapRef: + name: discourse + - secretRef: + name: discourse-email + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + tcpSocket: + port: http + initialDelaySeconds: 500 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + readinessProbe: + httpGet: + path: /srv/status + port: http + initialDelaySeconds: 100 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + resources: + limits: + cpu: "6.0" + ephemeral-storage: 2Gi + memory: 12288Mi + requests: + cpu: "1.0" + ephemeral-storage: 50Mi + memory: 3072Mi + volumeMounts: + - name: discourse-data + mountPath: /bitnami/discourse + subPath: discourse + - name: sidekiq + image: docker.io/bitnami/discourse:3.3.2-debian-12-r0 + imagePullPolicy: "IfNotPresent" + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - CHOWN + - SYS_CHROOT + - FOWNER + - SETGID + - SETUID + - DAC_OVERRIDE + drop: + - ALL + privileged: false + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + seLinuxOptions: {} + seccompProfile: + type: RuntimeDefault + command: + - /opt/bitnami/scripts/discourse/entrypoint.sh + args: + - /opt/bitnami/scripts/discourse-sidekiq/run.sh + env: + - name: BITNAMI_DEBUG + value: "true" + - name: DISCOURSE_USERNAME + valueFrom: + secretKeyRef: + name: discourse-password + key: username + - name: DISCOURSE_PASSWORD + valueFrom: + secretKeyRef: + name: discourse-password + key: password + - name: DISCOURSE_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: discourse-postgresql + key: password + - name: DISCOURSE_POSTGRESQL_PASSWORD + valueFrom: + secretKeyRef: + name: discourse-postgres-superuser + key: password + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: discourse-redis + key: redis-password + envFrom: + - configMapRef: + name: discourse + - secretRef: + name: discourse-email + livenessProbe: + exec: + command: ["/bin/sh", "-c", "pgrep -f ^sidekiq"] + initialDelaySeconds: 500 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + readinessProbe: + exec: + command: ["/bin/sh", "-c", "pgrep -f ^sidekiq"] + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + resources: + limits: + cpu: 750m + ephemeral-storage: 2Gi + memory: 768Mi + requests: + cpu: 500m + ephemeral-storage: 50Mi + memory: 512Mi + volumeMounts: + - name: discourse-data + mountPath: /bitnami/discourse + subPath: discourse + volumes: + - name: discourse-data + persistentVolumeClaim: + claimName: discourse-data +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: discourse-data + namespace: discourse +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "3Gi" + storageClassName: "proxmox-nas" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: discourse + namespace: discourse +data: + DISCOURSE_HOST: "discourse.k-space.ee" + DISCOURSE_SKIP_INSTALL: "yes" + DISCOURSE_PRECOMPILE_ASSETS: "yes" + DISCOURSE_SITE_NAME: "K-Space Discourse" + DISCOURSE_USERNAME: "k-space" + DISCOURSE_EMAIL: "dos4dev@k-space.ee" + DISCOURSE_REDIS_HOST: "discourse-redis" + DISCOURSE_REDIS_PORT_NUMBER: "6379" + DISCOURSE_DATABASE_HOST: "discourse-postgres-rw" + DISCOURSE_DATABASE_PORT_NUMBER: "5432" + DISCOURSE_DATABASE_NAME: "discourse" + DISCOURSE_DATABASE_USER: "discourse" + POSTGRESQL_CLIENT_DATABASE_HOST: "discourse-postgres-rw" + POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER: "5432" + POSTGRESQL_CLIENT_POSTGRES_USER: "postgres" + POSTGRESQL_CLIENT_CREATE_DATABASE_NAME: "discourse" + POSTGRESQL_CLIENT_CREATE_DATABASE_EXTENSIONS: "hstore,pg_trgm" +--- +apiVersion: codemowers.cloud/v1beta1 +kind: OIDCClient +metadata: + name: discourse + namespace: discourse +spec: + displayName: Discourse + uri: https://discourse.k-space.ee + redirectUris: + - https://discourse.k-space.ee/auth/oidc/callback + allowedGroups: + - k-space:floor + - k-space:friends + grantTypes: + - authorization_code + - refresh_token + responseTypes: + - code + availableScopes: + - openid + - profile + pkce: false +--- +apiVersion: codemowers.cloud/v1beta1 +kind: SecretClaim +metadata: + name: discourse-redis + namespace: discourse +spec: + size: 32 + mapping: + - key: redis-password + value: "%(plaintext)s" + - key: REDIS_URI + value: "redis://:%(plaintext)s@discourse-redis" +--- +apiVersion: dragonflydb.io/v1alpha1 +kind: Dragonfly +metadata: + name: discourse-redis + namespace: discourse +spec: + authentication: + passwordFromSecret: + key: redis-password + name: discourse-redis + replicas: 3 + resources: + limits: + cpu: 1000m + memory: 1Gi + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: discourse-redis + app.kubernetes.io/part-of: dragonfly +--- +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: discourse-postgres + namespace: discourse +spec: + instances: 1 + enableSuperuserAccess: true + bootstrap: + initdb: + database: discourse + owner: discourse + secret: + name: discourse-postgresql + dataChecksums: true + encoding: 'UTF8' + storage: + size: 10Gi + storageClass: postgres