imfreedom/k8s-cluster

Add the trac configuration, it's not done, but it's getting there

2021-05-04, Gary Kramlich
76397373adc7
Parents f86ae140dc67
Children d8a798d3f184
Add the trac configuration, it's not done, but it's getting there
3 files changed, 234 insertions(+), 0 deletions(-)
  • +25 -0
    50-developer.pidgin.im/trac/kustomization.yaml
  • +139 -0
    50-developer.pidgin.im/trac/manifest.yaml
  • +70 -0
    50-developer.pidgin.im/trac/sites-enabled/developer.pidgin.im.conf
    • --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/50-developer.pidgin.im/trac/kustomization.yaml Tue May 04 14:38:53 2021 -0500
    @@ -0,0 +1,25 @@
    +---
    +namespace: roost
    +commonLabels:
    + app: trac
    + role: app
    +configMapGenerator:
    + - name: trac-apache2-sites-enabled
    + files:
    + - sites-enabled/developer.pidgin.im.conf
    + options:
    + disableNameSuffixHash: true
    +resources:
    + - manifest.yaml
    +secretGenerator:
    + - name: trac-env
    + envs:
    + - secrets/env
    + options:
    + disableNameSuffixHash: true
    + - name: trac-conf
    + files:
    + - secrets/trac.ini
    + - secrets/trac.htdigest
    + options:
    + disableNameSuffixHash: true
    --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/50-developer.pidgin.im/trac/manifest.yaml Tue May 04 14:38:53 2021 -0500
    @@ -0,0 +1,139 @@
    +---
    +apiVersion: v1
    +kind: Service
    +metadata:
    + name: trac-app
    +spec:
    + ports:
    + - port: 80
    + protocol: TCP
    +---
    +apiVersion: apps/v1
    +kind: Deployment
    +metadata:
    + name: trac-app
    +spec:
    + replicas: 1
    + selector:
    + matchLabels:
    + app: trac
    + role: app
    + strategy:
    + type: Recreate
    + template:
    + metadata:
    + labels:
    + app: trac
    + role: app
    + spec:
    + initContainers:
    + - name: bootstrap
    + image: docker.io/rwgrim/trac-bootstrap:latest
    + imagePullPolicy: Always
    + env:
    + - name: DESTINATION
    + valueFrom:
    + secretKeyRef:
    + name: trac-env
    + key: destination
    + - name: GID
    + valueFrom:
    + secretKeyRef:
    + name: trac-env
    + key: gid
    + - name: S3_ACCESS_KEY
    + valueFrom:
    + secretKeyRef:
    + name: trac-env
    + key: s3_access_key
    + - name: S3_KEY
    + valueFrom:
    + secretKeyRef:
    + name: trac-env
    + key: s3_key
    + - name: S3_SECRET_KEY
    + valueFrom:
    + secretKeyRef:
    + name: trac-env
    + key: s3_secret_key
    + - name: S3_URL
    + valueFrom:
    + secretKeyRef:
    + name: trac-env
    + key: s3_url
    + - name: TAR_ARGS
    + value: -J
    + - name: UID
    + valueFrom:
    + secretKeyRef:
    + name: trac-env
    + key: uid
    + volumeMounts:
    + - mountPath: /srv
    + name: trac-trac
    + readOnly: false
    + subPath: trac
    + containers:
    + - name: trac
    + image: docker.io/rwgrim/apache2-trac:latest
    + imagePullPolicy: Always
    + env:
    + resources:
    + limits:
    + cpu: 500m
    + memory: 256Mi
    + requests:
    + cpu: 250m
    + memory: 128Mi
    + ports:
    + - containerPort: 5432
    + volumeMounts:
    + - mountPath: /srv
    + name: trac-trac
    + readOnly: false
    + subPath: trac
    + - mountPath: /srv/trac/conf
    + name: trac-conf
    + readOnly: true
    + - mountPath: /srv/trac/log
    + name: trac-log
    + readOnly: false
    + - mountPath: /etc/apache2/sites-enabled/
    + name: trac-apache2-sites-enabled
    + readOnly: true
    + volumes:
    + - name: trac-trac
    + persistentVolumeClaim:
    + claimName: trac-trac
    + - name: trac-conf
    + secret:
    + secretName: trac-conf
    + - name: trac-apache2-sites-enabled
    + configMap:
    + name: trac-apache2-sites-enabled
    + - name: trac-log
    + emptyDir: {}
    +---
    +apiVersion: v1
    +kind: PersistentVolumeClaim
    +metadata:
    + name: trac-trac
    +spec:
    + accessModes:
    + - ReadWriteOnce
    + resources:
    + requests:
    + storage: 2Gi
    +---
    +apiVersion: gemini.fairwinds.com/v1beta1
    +kind: SnapshotGroup
    +metadata:
    + name: trac-trac
    +spec:
    + persistentVolumeClaim:
    + claimName: trac-app
    + schedule:
    + - every: day
    + keep: 0
    +---
    +
    --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/50-developer.pidgin.im/trac/sites-enabled/developer.pidgin.im.conf Tue May 04 14:38:53 2021 -0500
    @@ -0,0 +1,70 @@
    +<Directory "/srv/trac/deploy/cgi-bin/trac.wsgi">
    + WSGIApplicationGroup %{GLOBAL}
    + Require all granted
    +</Directory>
    +
    +<Directory "/srv/trac/deploy/cgi-bin/viewmtn_to_hg.wsgi">
    + WSGIApplicationGroup %{GLOBAL}
    + Require all granted
    +</Directory>
    +
    +<Directory "/srv/trac/deploy/">
    + Options -Indexes -MultiViews
    + Require all granted
    +</Directory>
    +
    +<Directory "/srv/trac/files/attachments/">
    + Options -Indexes -MultiViews
    + Require all granted
    +</Directory>
    +
    +<Directory "/srv/htdocs_extension/">
    + Options -Indexes -MultiViews
    + Require all granted
    +</Directory>
    +
    +<VirtualHost *:80>
    + # ServerName developer.pidgin.im
    +
    + # Header edit Set-Cookie "^(.*)" $1;Secure;HttpOnly
    + # Header set X-Frame-Options DENY
    + # Header always set Strict-Transport-Security "max-age=31536000"
    +
    + XSendFile on
    + XSendFilePath /srv/trac/files/attachments/
    + #XSendFilePath /srv/downloads/
    +
    + DocumentRoot /srv/trac/deploy/htdocs
    + WSGIScriptAlias /viewmtn /srv/trac/deploy/cgi-bin/viewmtn_to_hg.wsgi
    + WSGIScriptAlias / /srv/trac/deploy/cgi-bin/trac.wsgi
    + Alias /chrome/ /srv/trac/deploy/htdocs/
    + Alias /static/ /srv/trac/deploy/htdocs/site/
    + Alias /robots.txt /srv/trac/deploy/htdocs/site/robots.txt
    + Alias /favicon.ico /srv/trac/deploy/htdocs/site/pidgin.ico
    + Alias /l10n/ /srv/trac/deploy/htdocs/l10n/
    + Alias /extension/ /srv/htdocs_extension/
    + #Alias /raw-attachment/ /srv/trac/files/attachments/
    + Alias /shared/ /srv/htdocs/shared
    +
    + # try to rate limit people on /query, /register, and /search
    + #SecRuleEngine On
    + #<LocationMatch "^/(query|register|search)">
    + # SecAction initcol:ip=${REMOTE_ADDR},pass,nolog
    + # SecAction "phase:5,deprecatevar:ip.heavypaths=1/1,pass,nolog"
    + # SecRule IP:HEAVYPATHS "@gt 20" "phase:2,pause:300,deny,status:509,setenv:RATELIMITED,skip:1,nolog"
    + # SecAction "phase:2,pass,setvar:ip.heavypaths=+1,nolog"
    + #</LocationMatch>
    +
    + RedirectPermanent /simpleticket /newticket
    + RedirectPermanent /BonjourWindows "/wiki/Protocol Specific Questions#CanIuseWindowsPidginforBonjour"
    +
    + RedirectMatch permanent /doxygen/2.0.0/html/(.*) https://docs.pidgin.im/pidgin/2.x.y/$1
    + RedirectMatch permanent /doxygen/2.2.0/html/(.*) https://docs.pidgin.im/pidgin/2.x.y/$1
    + RedirectMatch permanent /doxygen/2.5.0/html/(.*) https://docs.pidgin.im/pidgin/2.x.y/$1
    + RedirectMatch permanent /doxygen/2.5.2/html/(.*) https://docs.pidgin.im/pidgin/2.x.y/$1
    + RedirectMatch permanent /doxygen/2.7.11/html/(.*) https://docs.pidgin.im/pidgin/2.x.y/$1
    + RedirectMatch permanent /doxygen/2.10.5/html/(.*) https://docs.pidgin.im/pidgin/2.x.y/$1
    + RedirectMatch permanent /doxygen/2.13.0/html/(.*) https://docs.pidgin.im/pidgin/2.x.y/$1
    + RedirectMatch permanent /doxygen/dev2.x.y/html/(.*) https://docs.pidgin.im/pidgin/2.x.y/$1
    +</VirtualHost>
    +