imfreedom/k8s-cluster

1a8a2e7d0f04
Parents ce8d02ebe3fa
Children 8955702ad10d
Migrate keel to kustomize and add a discord webhook bridge
--- a/30-keel.yaml Sat Jun 19 18:12:59 2021 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,153 +0,0 @@
-# keel.sh is a tool to automatically update deployments when external things
-# like image tags change on a registry.
-#
-# This manifest is a cleaned up version of
-# curl "https://sunstone.dev/keel?namespace=keel&username=admin&password=admin&tag=latest"
----
-apiVersion: v1
-kind: Namespace
-metadata:
- name: keel
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: keel
- namespace: keel
- labels:
- app: keel
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: keel
-rules:
- - apiGroups:
- - ""
- resources:
- - namespaces
- verbs:
- - watch
- - list
- - apiGroups:
- - ""
- resources:
- - secrets
- verbs:
- - get
- - watch
- - list
- - apiGroups:
- - ""
- - extensions
- - apps
- - batch
- resources:
- - pods
- - replicasets
- - replicationcontrollers
- - statefulsets
- - deployments
- - daemonsets
- - jobs
- - cronjobs
- verbs:
- - get
- - delete # required to delete pods during force upgrade of the same tag
- - watch
- - list
- - update
- - apiGroups:
- - ""
- resources:
- - configmaps
- - pods/portforward
- verbs:
- - get
- - create
- - update
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: keel
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: keel
-subjects:
- - kind: ServiceAccount
- name: keel
- namespace: keel
----
-apiVersion: v1
-kind: Service
-metadata:
- name: keel
- namespace: keel
- labels:
- app: keel
-spec:
- ports:
- - port: 9300
- protocol: TCP
- name: keel
- selector:
- app: keel
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: keel
- namespace: keel
- labels:
- app: keel
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: keel
- template:
- metadata:
- labels:
- app: keel
- spec:
- serviceAccountName: keel
- containers:
- - name: keel
- image: keelhq/keel:latest
- imagePullPolicy: Always
- command: ["/bin/keel"]
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- # Basic auth (to enable UI/API)
- - name: BASIC_AUTH_USER
- value: "admin"
- - name: BASIC_AUTH_PASSWORD
- value: "abc123"
- - name: AUTHENTICATED_WEBHOOKS
- value: "false"
- - name: NOTIFICATION_LEVEL
- value: "info"
- # Enable insecure registries
- - name: INSECURE_REGISTRY
- value: "true"
- ports:
- - containerPort: 9300
- livenessProbe:
- httpGet:
- path: /healthz
- port: 9300
- initialDelaySeconds: 30
- timeoutSeconds: 10
- resources:
- limits:
- cpu: 100m
- memory: 128Mi
- requests:
- cpu: 50m
- memory: 64Mi
----
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/30-keel/discord-bridge.yaml Sun Jul 04 23:31:52 2021 -0500
@@ -0,0 +1,75 @@
+# This is a keel to discord bridge from
+# https://github.com/Gabisonfire/discord-keel-bridge. Its been tweaked a bit
+# to set the webhook url from a secret, add resources limits, have 2 replicas,
+# add a pod disruption budget, and anti affinity rules.
+---
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: discord-keel-bridge
+spec:
+ minAvailable: 1
+ selector:
+ matchLabels:
+ app: discord-keel-bridge
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: discord-keel-bridge
+spec:
+ replicas: 2
+ revisionHistoryLimit: 0
+ selector:
+ matchLabels:
+ app: discord-keel-bridge
+ template:
+ metadata:
+ labels:
+ app: discord-keel-bridge
+ spec:
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - discord-keel-bridge
+ topologyKey: failure-domain.beta.kubernetes.io/region
+ weight: 100
+ containers:
+ - name: discord-keel-bridge
+ image: gabisonfire/discord-keel-bridge:1.0
+ ports:
+ - containerPort: 5000
+ env:
+ - name: DISCORD_BRIDGE_URL
+ valueFrom:
+ secretKeyRef:
+ name: discord-keel-bridge
+ key: bridge_url
+ - name: DISCORD_BRIDGE_PORT
+ value: "5000"
+ resources:
+ limits:
+ cpu: 50m
+ memory: 96Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: discord-keel-bridge
+spec:
+ selector:
+ app: discord-keel-bridge
+ ports:
+ - protocol: TCP
+ port: 5000
+ targetPort: 5000
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/30-keel/kustomization.yaml Sun Jul 04 23:31:52 2021 -0500
@@ -0,0 +1,12 @@
+---
+namespace: keel
+resources:
+ - manifest.yaml
+ - discord-bridge.yaml
+secretGenerator:
+ - name: discord-keel-bridge
+ envs:
+ - secrets/env
+ options:
+ disableNameSuffixHash: true
+---
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/30-keel/manifest.yaml Sun Jul 04 23:31:52 2021 -0500
@@ -0,0 +1,156 @@
+# keel.sh is a tool to automatically update deployments when external things
+# like image tags change on a registry.
+#
+# This manifest is a cleaned up version of
+# curl "https://sunstone.dev/keel?namespace=keel&username=admin&password=admin&tag=latest"
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: keel
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: keel
+ namespace: keel
+ labels:
+ app: keel
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: keel
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - watch
+ - list
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - watch
+ - list
+ - apiGroups:
+ - ""
+ - extensions
+ - apps
+ - batch
+ resources:
+ - pods
+ - replicasets
+ - replicationcontrollers
+ - statefulsets
+ - deployments
+ - daemonsets
+ - jobs
+ - cronjobs
+ verbs:
+ - get
+ - delete # required to delete pods during force upgrade of the same tag
+ - watch
+ - list
+ - update
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - pods/portforward
+ verbs:
+ - get
+ - create
+ - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: keel
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: keel
+subjects:
+ - kind: ServiceAccount
+ name: keel
+ namespace: keel
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: keel
+ namespace: keel
+ labels:
+ app: keel
+spec:
+ ports:
+ - port: 9300
+ protocol: TCP
+ name: keel
+ selector:
+ app: keel
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: keel
+ namespace: keel
+ labels:
+ app: keel
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: keel
+ template:
+ metadata:
+ labels:
+ app: keel
+ spec:
+ serviceAccountName: keel
+ containers:
+ - name: keel
+ image: keelhq/keel:latest
+ imagePullPolicy: Always
+ command: ["/bin/keel"]
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ # Basic auth (to enable UI/API)
+ - name: BASIC_AUTH_USER
+ value: "admin"
+ - name: BASIC_AUTH_PASSWORD
+ value: "abc123"
+ - name: AUTHENTICATED_WEBHOOKS
+ value: "false"
+ - name: NOTIFICATION_LEVEL
+ value: "info"
+ # Enable insecure registries
+ - name: INSECURE_REGISTRY
+ value: "true"
+ # Our discord bridge
+ - name: WEBHOOK_ENDPOINT
+ value: "http://discord-keel-bridge:5000/v1/incoming"
+ ports:
+ - containerPort: 9300
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 9300
+ initialDelaySeconds: 30
+ timeoutSeconds: 10
+ resources:
+ limits:
+ cpu: 100m
+ memory: 128Mi
+ requests:
+ cpu: 50m
+ memory: 64Mi
+---