HGKeeper

imfreedom/k8s-cluster

Move 50-hub.imfreedom.org to kustomize

2021-06-17, Gary Kramlich

20da8b38faa3

Parents 04680e30a743
Children 7c63be9d5701

Move 50-hub.imfreedom.org to kustomize

3 files changed, 249 insertions(+), 255 deletions(-)

+0 -255

50-hub.imfreedom.org.yaml

+5 -0

50-hub.imfreedom.org/kustomization.yaml

+244 -0

50-hub.imfreedom.org/manifest.yaml

~~--- a/50-hub.imfreedom.org.yaml Thu Jun 17 02:23:42 2021 -0500~~

+++ /dev/null Thu Jan 01 00:00:00 1970 +0000

@@ -1,255 +0,0 @@

~~-# hub is a deployment of jetbrains hub software which we use for a centralized~~

~~-# authentication platform.~~

~~----~~

~~-apiVersion: traefik.containo.us/v1alpha1~~

~~-kind: IngressRoute~~

~~-metadata:~~

~~- name: hub-http~~

~~- namespace: imfreedom~~

~~-spec:~~

~~- entryPoints:~~

~~- - http~~

~~- routes:~~

~~- - match: Host(`hub.imfreedom.org`)~~

~~- kind: Rule~~

~~- services:~~

~~- - name: hub~~

~~- port: 8080~~

~~- middlewares:~~

~~- - name: https-redirect~~

~~----~~

~~-apiVersion: traefik.containo.us/v1alpha1~~

~~-kind: IngressRoute~~

~~-metadata:~~

~~- name: hub~~

~~- namespace: imfreedom~~

~~-spec:~~

~~- entryPoints:~~

~~- - https~~

~~- routes:~~

~~- - match: Host(`hub.imfreedom.org`)~~

~~- kind: Rule~~

~~- services:~~

~~- - name: hub~~

~~- port: 8080~~

~~- middlewares:~~

~~- - name: common-headers~~

~~- - name: hsts-headers~~

~~- - match: Host(`hub.imfreedom.org`) && PathPrefix(`/kludge`)~~

~~- kind: Rule~~

~~- services:~~

~~- - name: oauth-kludge~~

~~- port: 8080~~

~~- middlewares:~~

~~- - name: common-headers~~

~~- - name: hsts-headers~~

~~- tls:~~

~~- secretName: hub-tls~~

~~----~~

~~-apiVersion: cert-manager.io/v1alpha2~~

~~-kind: Certificate~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: hub-tls~~

~~-spec:~~

~~- secretName: hub-tls~~

~~- issuerRef:~~

~~- name: letsencrypt~~

~~- commonName: hub.imfreedom.org~~

~~- dnsNames:~~

~~- - hub.imfreedom.org~~

~~----~~

~~-apiVersion: v1~~

~~-kind: Service~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- labels:~~

~~- app: hub~~

~~- name: hub~~

~~-spec:~~

~~- ports:~~

~~- - port: 8080~~

~~- protocol: TCP~~

~~- selector:~~

~~- app: hub~~

~~----~~

~~-apiVersion: networking.k8s.io/v1~~

~~-kind: NetworkPolicy~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: hub~~

~~- labels:~~

~~- app: hub~~

~~-spec:~~

~~- podSelector:~~

~~- matchLabels:~~

~~- app: hub~~

~~- ingress:~~

~~- - from:~~

~~- - namespaceSelector:~~

~~- matchLabels:~~

~~- name: kube-public~~

~~- podSelector:~~

~~- matchLabels:~~

~~- app: traefik~~

~~- role: controller~~

~~- ports:~~

~~- - port: 8080~~

~~- protocol: TCP~~

~~----~~

~~-apiVersion: apps/v1~~

~~-kind: Deployment~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: hub~~

~~- labels:~~

~~- app: hub~~

~~-spec:~~

~~- replicas: 1~~

~~- selector:~~

~~- matchLabels:~~

~~- app: hub~~

~~- strategy:~~

~~- type: Recreate~~

~~- template:~~

~~- metadata:~~

~~- labels:~~

~~- app: hub~~

~~- spec:~~

~~- containers:~~

~~- - name: hub~~

~~- image: docker.io/jetbrains/hub:2021.1.13262~~

~~- ports:~~

~~- - containerPort: 8080~~

~~- resources:~~

~~- limits:~~

~~- cpu: 250m~~

~~- memory: 1024Mi~~

~~- requests:~~

~~- cpu: 100m~~

~~- memory: 512Mi~~

~~- volumeMounts:~~

~~- - mountPath: /opt/hub/data/~~

~~- name: hub~~

~~- readOnly: false~~

~~- subPath: data~~

~~- - mountPath: /opt/hub/conf/~~

~~- name: hub~~

~~- readOnly: false~~

~~- subPath: conf~~

~~- - mountPath: /opt/hub/logs/~~

~~- name: hub~~

~~- readOnly: false~~

~~- subPath: logs~~

~~- - mountPath: /opt/hub/backups/~~

~~- name: hub~~

~~- readOnly: false~~

~~- subPath: backups~~

~~- securityContext:~~

~~- fsGroup: 13001~~

~~- runAsUser: 13001~~

~~- volumes:~~

~~- - name: hub~~

~~- persistentVolumeClaim:~~

~~- claimName: hub~~

~~----~~

~~-apiVersion: v1~~

~~-kind: PersistentVolumeClaim~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: hub~~

~~- labels:~~

~~- app: hub~~

~~-spec:~~

~~- accessModes:~~

~~- - ReadWriteOnce~~

~~- resources:~~

~~- requests:~~

~~- storage: 1Gi~~

~~----~~

~~-apiVersion: gemini.fairwinds.com/v1beta1~~

~~-kind: SnapshotGroup~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: hub~~

~~-spec:~~

~~- persistentVolumeClaim:~~

~~- claimName: hub~~

~~- schedule:~~

~~- - every: 12 hours~~

~~- keep: 2~~

~~----~~

~~-apiVersion: v1~~

~~-kind: Service~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- labels:~~

~~- app: oauth-kludge~~

~~- name: oauth-kludge~~

~~-spec:~~

~~- ports:~~

~~- - port: 8080~~

~~- protocol: TCP~~

~~- selector:~~

~~- app: oauth-kludge~~

~~----~~

~~-apiVersion: networking.k8s.io/v1~~

~~-kind: NetworkPolicy~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: oauth-kludge~~

~~- labels:~~

~~- app: oauth-kludge~~

~~-spec:~~

~~- podSelector:~~

~~- matchLabels:~~

~~- app: oauth-kludge~~

~~- ingress:~~

~~- - from:~~

~~- - namespaceSelector:~~

~~- matchLabels:~~

~~- name: kube-public~~

~~- podSelector:~~

~~- matchLabels:~~

~~- app: traefik~~

~~- role: controller~~

~~- ports:~~

~~- - port: 8080~~

~~- protocol: TCP~~

~~----~~

~~-apiVersion: apps/v1~~

~~-kind: Deployment~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: oauth-kludge~~

~~- labels:~~

~~- app: oauth-kludge~~

~~-spec:~~

~~- replicas: 1~~

~~- selector:~~

~~- matchLabels:~~

~~- app: oauth-kludge~~

~~- template:~~

~~- metadata:~~

~~- labels:~~

~~- app: oauth-kludge~~

~~- spec:~~

~~- containers:~~

~~- - name: oauth-kludge~~

~~- image: docker.io/rwgrim/oauth-kludge:latest~~

~~- imagePullPolicy: Always~~

~~- env:~~

~~- - name: OAUTH_KLUDGE_SCOPE~~

~~- value: 0-0-0-0-0~~

~~- - name: OAUTH_KLUDGE_TOKEN_ENDPOINT~~

~~- value: https://hub.imfreedom.org/hub/api/rest/oauth2/token~~

~~- ports:~~

~~- - containerPort: 8080~~

~~- resources:~~

~~- limits:~~

~~- cpu: 50m~~

~~- memory: 64Mi~~

~~- requests:~~

~~- cpu: 10m~~

~~- memory: 32Mi~~

~~----~~

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/50-hub.imfreedom.org/kustomization.yaml Thu Jun 17 02:25:37 2021 -0500

@@ -0,0 +1,5 @@

+---

+namespace: imfreedom

+resources:

+ - manifest.yaml

+---

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/50-hub.imfreedom.org/manifest.yaml Thu Jun 17 02:25:37 2021 -0500

@@ -0,0 +1,244 @@

+# hub is a deployment of jetbrains hub software which we use for a centralized

+# authentication platform.

+---

+apiVersion: traefik.containo.us/v1alpha1

+kind: IngressRoute

+metadata:

+ name: hub-http

+spec:

+ entryPoints:

+ - http

+ routes:

+ - match: Host(`hub.imfreedom.org`)

+ kind: Rule

+ services:

+ - name: hub

+ port: 8080

+ middlewares:

+ - name: https-redirect

+---

+apiVersion: traefik.containo.us/v1alpha1

+kind: IngressRoute

+metadata:

+ name: hub

+spec:

+ entryPoints:

+ - https

+ routes:

+ - match: Host(`hub.imfreedom.org`)

+ kind: Rule

+ services:

+ - name: hub

+ port: 8080

+ middlewares:

+ - name: common-headers

+ - name: hsts-headers

+ - match: Host(`hub.imfreedom.org`) && PathPrefix(`/kludge`)

+ kind: Rule

+ services:

+ - name: oauth-kludge

+ port: 8080

+ middlewares:

+ - name: common-headers

+ - name: hsts-headers

+ tls:

+ secretName: hub-tls

+---

+apiVersion: cert-manager.io/v1alpha2

+kind: Certificate

+metadata:

+ name: hub-tls

+spec:

+ secretName: hub-tls

+ issuerRef:

+ name: letsencrypt

+ commonName: hub.imfreedom.org

+ dnsNames:

+ - hub.imfreedom.org

+---

+apiVersion: v1

+kind: Service

+metadata:

+ labels:

+ app: hub

+ name: hub

+spec:

+ ports:

+ - port: 8080

+ protocol: TCP

+ selector:

+ app: hub

+---

+apiVersion: networking.k8s.io/v1

+kind: NetworkPolicy

+metadata:

+ name: hub

+ labels:

+ app: hub

+spec:

+ podSelector:

+ matchLabels:

+ app: hub

+ ingress:

+ - from:

+ - namespaceSelector:

+ matchLabels:

+ name: kube-public

+ podSelector:

+ matchLabels:

+ app: traefik

+ role: controller

+ ports:

+ - port: 8080

+ protocol: TCP

+---

+apiVersion: apps/v1

+kind: Deployment

+metadata:

+ name: hub

+ labels:

+ app: hub

+spec:

+ replicas: 1

+ selector:

+ matchLabels:

+ app: hub

+ strategy:

+ type: Recreate

+ template:

+ metadata:

+ labels:

+ app: hub

+ spec:

+ containers:

+ - name: hub

+ image: docker.io/jetbrains/hub:2021.1.13262

+ ports:

+ - containerPort: 8080

+ resources:

+ limits:

+ cpu: 250m

+ memory: 1024Mi

+ requests:

+ cpu: 100m

+ memory: 512Mi

+ volumeMounts:

+ - mountPath: /opt/hub/data/

+ name: hub

+ readOnly: false

+ subPath: data

+ - mountPath: /opt/hub/conf/

+ name: hub

+ readOnly: false

+ subPath: conf

+ - mountPath: /opt/hub/logs/

+ name: hub

+ readOnly: false

+ subPath: logs

+ - mountPath: /opt/hub/backups/

+ name: hub

+ readOnly: false

+ subPath: backups

+ securityContext:

+ fsGroup: 13001

+ runAsUser: 13001

+ volumes:

+ - name: hub

+ persistentVolumeClaim:

+ claimName: hub

+---

+apiVersion: v1

+kind: PersistentVolumeClaim

+metadata:

+ name: hub

+ labels:

+ app: hub

+spec:

+ accessModes:

+ - ReadWriteOnce

+ resources:

+ requests:

+ storage: 1Gi

+---

+apiVersion: gemini.fairwinds.com/v1beta1

+kind: SnapshotGroup

+metadata:

+ name: hub

+spec:

+ persistentVolumeClaim:

+ claimName: hub

+ schedule:

+ - every: 12 hours

+ keep: 2

+---

+apiVersion: v1

+kind: Service

+metadata:

+ labels:

+ app: oauth-kludge

+ name: oauth-kludge

+spec:

+ ports:

+ - port: 8080

+ protocol: TCP

+ selector:

+ app: oauth-kludge

+---

+apiVersion: networking.k8s.io/v1

+kind: NetworkPolicy

+metadata:

+ name: oauth-kludge

+ labels:

+ app: oauth-kludge

+spec:

+ podSelector:

+ matchLabels:

+ app: oauth-kludge

+ ingress:

+ - from:

+ - namespaceSelector:

+ matchLabels:

+ name: kube-public

+ podSelector:

+ matchLabels:

+ app: traefik

+ role: controller

+ ports:

+ - port: 8080

+ protocol: TCP

+---

+apiVersion: apps/v1

+kind: Deployment

+metadata:

+ name: oauth-kludge

+ labels:

+ app: oauth-kludge

+spec:

+ replicas: 1

+ selector:

+ matchLabels:

+ app: oauth-kludge

+ template:

+ metadata:

+ labels:

+ app: oauth-kludge

+ spec:

+ containers:

+ - name: oauth-kludge

+ image: docker.io/rwgrim/oauth-kludge:latest

+ imagePullPolicy: Always

+ env:

+ - name: OAUTH_KLUDGE_SCOPE

+ value: 0-0-0-0-0

+ - name: OAUTH_KLUDGE_TOKEN_ENDPOINT

+ value: https://hub.imfreedom.org/hub/api/rest/oauth2/token

+ ports:

+ - containerPort: 8080

+ resources:

+ limits:

+ cpu: 50m

+ memory: 64Mi

+ requests:

+ cpu: 10m

+ memory: 32Mi

+---