HGKeeper

imfreedom/k8s-cluster

move 50-wiki.imfreedom.org to kustomize

2021-06-17, Gary Kramlich

a704541a2be8

Parents 73d9271e8812
Children 03598dac72ea

move 50-wiki.imfreedom.org to kustomize

5 files changed, 300 insertions(+), 304 deletions(-)

+0 -304

50-wiki.imfreedom.org.yaml

+14 -0

50-wiki.imfreedom.org/mediawiki/kustomization.yaml

+154 -0

50-wiki.imfreedom.org/mediawiki/manifest.yaml

+14 -0

50-wiki.imfreedom.org/mysql/kustomization.yaml

+118 -0

50-wiki.imfreedom.org/mysql/manifest.yaml

~~--- a/50-wiki.imfreedom.org.yaml Thu Jun 17 03:22:42 2021 -0500~~

+++ /dev/null Thu Jan 01 00:00:00 1970 +0000

@@ -1,304 +0,0 @@

~~----~~

~~-apiVersion: v1~~

~~-kind: Service~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- labels:~~

~~- app: wiki~~

~~- role: database~~

~~- name: wiki-database~~

~~-spec:~~

~~- ports:~~

~~- - port: 3306~~

~~- protocol: TCP~~

~~- selector:~~

~~- app: wiki~~

~~- role: database~~

~~----~~

~~-apiVersion: networking.k8s.io/v1~~

~~-kind: NetworkPolicy~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: wiki-database~~

~~- labels:~~

~~- app: wiki~~

~~- role: database~~

~~-spec:~~

~~- podSelector:~~

~~- matchLabels:~~

~~- app: wiki~~

~~- role: database~~

~~- ingress:~~

~~- - from:~~

~~- - podSelector:~~

~~- matchLabels:~~

~~- app: wiki~~

~~- role: app~~

~~- ports:~~

~~- - port: 3306~~

~~- protocol: TCP~~

~~----~~

~~-apiVersion: apps/v1~~

~~-kind: Deployment~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: wiki-database~~

~~- labels:~~

~~- app: wiki~~

~~- role: database~~

~~-spec:~~

~~- replicas: 1~~

~~- selector:~~

~~- matchLabels:~~

~~- app: wiki~~

~~- role: database~~

~~- strategy:~~

~~- type: Recreate~~

~~- template:~~

~~- metadata:~~

~~- labels:~~

~~- app: wiki~~

~~- role: database~~

~~- spec:~~

~~- containers:~~

~~- - name: mysql~~

~~- image: docker.io/mysql:5~~

~~- imagePullPolicy: Always~~

~~- resources:~~

~~- limits:~~

~~- cpu: 200m~~

~~- memory: 384Mi~~

~~- requests:~~

~~- cpu: 100m~~

~~- memory: 192Mi~~

~~- ports:~~

~~- - containerPort: 3306~~

~~- volumeMounts:~~

~~- - mountPath: /var/lib/mysql/~~

~~- name: data~~

~~- readOnly: false~~

~~- subPath: mysql~~

~~- env:~~

~~- - name: MYSQL_ROOT_PASSWORD~~

~~- valueFrom:~~

~~- secretKeyRef:~~

~~- name: wiki-database~~

~~- key: root_password~~

~~- - name: MYSQL_USER~~

~~- valueFrom:~~

~~- secretKeyRef:~~

~~- name: wiki-database~~

~~- key: user~~

~~- - name: MYSQL_PASSWORD~~

~~- valueFrom:~~

~~- secretKeyRef:~~

~~- name: wiki-database~~

~~- key: password~~

~~- - name: MYSQL_DATABASE~~

~~- valueFrom:~~

~~- secretKeyRef:~~

~~- name: wiki-database~~

~~- key: database~~

~~- volumes:~~

~~- - name: data~~

~~- persistentVolumeClaim:~~

~~- claimName: wiki-database~~

~~----~~

~~-apiVersion: v1~~

~~-kind: PersistentVolumeClaim~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: wiki-database~~

~~- labels:~~

~~- app: wiki~~

~~- role: database~~

~~-spec:~~

~~- accessModes:~~

~~- - ReadWriteOnce~~

~~- resources:~~

~~- requests:~~

~~- storage: 1Gi~~

~~----~~

~~-apiVersion: gemini.fairwinds.com/v1beta1~~

~~-kind: SnapshotGroup~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: wiki-database~~

~~-spec:~~

~~- persistentVolumeClaim:~~

~~- claimName: wiki-database~~

~~- schedule:~~

~~- - every: 12 hours~~

~~- keep: 2~~

~~----~~

~~-apiVersion: traefik.containo.us/v1alpha1~~

~~-kind: IngressRoute~~

~~-metadata:~~

~~- name: wiki-http~~

~~- namespace: imfreedom~~

~~-spec:~~

~~- entryPoints:~~

~~- - http~~

~~- routes:~~

~~- - match: Host(`wiki.imfreedom.org`)~~

~~- kind: Rule~~

~~- services:~~

~~- - name: wiki-app~~

~~- port: 80~~

~~- middlewares:~~

~~- - name: https-redirect~~

~~----~~

~~-apiVersion: traefik.containo.us/v1alpha1~~

~~-kind: IngressRoute~~

~~-metadata:~~

~~- name: wiki-https~~

~~- namespace: imfreedom~~

~~-spec:~~

~~- entryPoints:~~

~~- - https~~

~~- routes:~~

~~- - match: Host(`wiki.imfreedom.org`)~~

~~- kind: Rule~~

~~- services:~~

~~- - name: wiki-app~~

~~- port: 80~~

~~- middlewares:~~

~~- # - name: ci-body-size~~

~~- - name: common-headers~~

~~- - name: hsts-headers~~

~~- tls:~~

~~- secretName: wiki-tls~~

~~----~~

~~-apiVersion: cert-manager.io/v1alpha2~~

~~-kind: Certificate~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: wiki-tls~~

~~-spec:~~

~~- secretName: wiki-tls~~

~~- issuerRef:~~

~~- name: letsencrypt~~

~~- commonName: wiki.imfreedom.org~~

~~- dnsNames:~~

~~- - wiki.imfreedom.org~~

~~----~~

~~-apiVersion: v1~~

~~-kind: Service~~

~~-metadata:~~

~~- name: wiki-app~~

~~- namespace: imfreedom~~

~~- labels:~~

~~- app: wiki~~

~~- role: app~~

~~-spec:~~

~~- ports:~~

~~- - port: 80~~

~~- protocol: TCP~~

~~- selector:~~

~~- app: wiki~~

~~- role: app~~

~~----~~

~~-apiVersion: networking.k8s.io/v1~~

~~-kind: NetworkPolicy~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: wiki-app~~

~~- labels:~~

~~- app: wiki~~

~~- role: app~~

~~-spec:~~

~~- podSelector:~~

~~- matchLabels:~~

~~- app: wiki~~

~~- role: app~~

~~- ingress:~~

~~- - from:~~

~~- - namespaceSelector:~~

~~- matchLabels:~~

~~- name: kube-public~~

~~- podSelector:~~

~~- matchLabels:~~

~~- app: traefik~~

~~- role: controller~~

~~- ports:~~

~~- - port: 80~~

~~- protocol: TCP~~

~~----~~

~~-apiVersion: apps/v1~~

~~-kind: Deployment~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: wiki-app~~

~~- labels:~~

~~- app: wiki~~

~~- role: app~~

~~-spec:~~

~~- replicas: 1~~

~~- selector:~~

~~- matchLabels:~~

~~- app: wiki~~

~~- role: app~~

~~- strategy:~~

~~- type: Recreate~~

~~- template:~~

~~- metadata:~~

~~- labels:~~

~~- app: wiki~~

~~- role: app~~

~~- spec:~~

~~- containers:~~

~~- - name: mediawiki~~

~~- image: docker.io/imfreedom/wiki:latest~~

~~- imagePullPolicy: Always~~

~~- resources:~~

~~- limits:~~

~~- cpu: 500m~~

~~- memory: 512Mi~~

~~- requests:~~

~~- cpu: 250m~~

~~- memory: 128Mi~~

~~- ports:~~

~~- - containerPort: 80~~

~~- volumeMounts:~~

~~- - mountPath: /var/www/html/images/~~

~~- name: uploads~~

~~- readOnly: false~~

~~- subPath: uploads~~

~~- - mountPath: /config~~

~~- name: config~~

~~- readOnly: true~~

~~- volumes:~~

~~- - name: uploads~~

~~- persistentVolumeClaim:~~

~~- claimName: wiki-uploads~~

~~- - name: config~~

~~- secret:~~

~~- secretName: wiki-app~~

~~----~~

~~-apiVersion: v1~~

~~-kind: PersistentVolumeClaim~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: wiki-uploads~~

~~- labels:~~

~~- app: wiki~~

~~- role: app~~

~~-spec:~~

~~- accessModes:~~

~~- - ReadWriteOnce~~

~~- resources:~~

~~- requests:~~

~~- storage: 1Gi~~

~~----~~

~~-apiVersion: gemini.fairwinds.com/v1beta1~~

~~-kind: SnapshotGroup~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: wiki-uploads~~

~~-spec:~~

~~- persistentVolumeClaim:~~

~~- claimName: wiki-uploads~~

~~- schedule:~~

~~- - every: 12 hours~~

~~- keep: 2~~

~~----~~

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/50-wiki.imfreedom.org/mediawiki/kustomization.yaml Thu Jun 17 03:44:29 2021 -0500

@@ -0,0 +1,14 @@

+---

+namespace: imfreedom

+commonLabels:

+ app: wiki

+ role: app

+resources:

+ - manifest.yaml

+secretGenerator:

+ - name: wiki-app

+ files:

+ - secrets/LocalSettings.php

+ options:

+ disableNameSuffixHash: true

+---

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/50-wiki.imfreedom.org/mediawiki/manifest.yaml Thu Jun 17 03:44:29 2021 -0500

@@ -0,0 +1,154 @@

+---

+apiVersion: traefik.containo.us/v1alpha1

+kind: IngressRoute

+metadata:

+ name: wiki-http

+spec:

+ entryPoints:

+ - http

+ routes:

+ - match: Host(`wiki.imfreedom.org`)

+ kind: Rule

+ services:

+ - name: wiki-app

+ port: 80

+ middlewares:

+ - name: https-redirect

+---

+apiVersion: traefik.containo.us/v1alpha1

+kind: IngressRoute

+metadata:

+ name: wiki-https

+spec:

+ entryPoints:

+ - https

+ routes:

+ - match: Host(`wiki.imfreedom.org`)

+ kind: Rule

+ services:

+ - name: wiki-app

+ port: 80

+ middlewares:

+ # - name: ci-body-size

+ - name: common-headers

+ - name: hsts-headers

+ tls:

+ secretName: wiki-tls

+---

+apiVersion: cert-manager.io/v1alpha2

+kind: Certificate

+metadata:

+ name: wiki-tls

+spec:

+ secretName: wiki-tls

+ issuerRef:

+ name: letsencrypt

+ commonName: wiki.imfreedom.org

+ dnsNames:

+ - wiki.imfreedom.org

+---

+apiVersion: v1

+kind: Service

+metadata:

+ name: wiki-app

+spec:

+ ports:

+ - port: 80

+ protocol: TCP

+ selector:

+ app: wiki

+ role: app

+---

+apiVersion: networking.k8s.io/v1

+kind: NetworkPolicy

+metadata:

+ name: wiki-app

+spec:

+ podSelector:

+ matchLabels:

+ app: wiki

+ role: app

+ ingress:

+ - from:

+ - namespaceSelector:

+ matchLabels:

+ name: kube-public

+ podSelector:

+ matchExpressions:

+ - key: app

+ operator: In

+ values:

+ - traefik

+ - key: role

+ operator: In

+ values:

+ - controller

+ ports:

+ - port: 80

+ protocol: TCP

+---

+apiVersion: apps/v1

+kind: Deployment

+metadata:

+ name: wiki-app

+spec:

+ replicas: 1

+ selector:

+ matchLabels:

+ app: wiki

+ role: app

+ strategy:

+ type: Recreate

+ template:

+ spec:

+ containers:

+ - name: mediawiki

+ image: docker.io/imfreedom/wiki:latest

+ imagePullPolicy: Always

+ resources:

+ limits:

+ cpu: 500m

+ memory: 512Mi

+ requests:

+ cpu: 250m

+ memory: 128Mi

+ ports:

+ - containerPort: 80

+ volumeMounts:

+ - mountPath: /var/www/html/images/

+ name: uploads

+ readOnly: false

+ subPath: uploads

+ - mountPath: /config

+ name: config

+ readOnly: true

+ volumes:

+ - name: uploads

+ persistentVolumeClaim:

+ claimName: wiki-uploads

+ - name: config

+ secret:

+ secretName: wiki-app

+---

+apiVersion: v1

+kind: PersistentVolumeClaim

+metadata:

+ name: wiki-uploads

+spec:

+ accessModes:

+ - ReadWriteOnce

+ resources:

+ requests:

+ storage: 1Gi

+---

+apiVersion: gemini.fairwinds.com/v1beta1

+kind: SnapshotGroup

+metadata:

+ name: wiki-uploads

+spec:

+ persistentVolumeClaim:

+ claimName: wiki-uploads

+ schedule:

+ - every: 12 hours

+ keep: 2

+---

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/50-wiki.imfreedom.org/mysql/kustomization.yaml Thu Jun 17 03:44:29 2021 -0500

@@ -0,0 +1,14 @@

+---

+namespace: imfreedom

+commonLabels:

+ app: wiki

+ role: database

+resources:

+ - manifest.yaml

+secretGenerator:

+ - name: wiki-database

+ envs:

+ - secrets/env

+ options:

+ disableNameSuffixHash: true

+---

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/50-wiki.imfreedom.org/mysql/manifest.yaml Thu Jun 17 03:44:29 2021 -0500

@@ -0,0 +1,118 @@

+---

+apiVersion: v1

+kind: Service

+metadata:

+ name: wiki-database

+spec:

+ ports:

+ - port: 3306

+ protocol: TCP

+ selector:

+ app: wiki

+ role: database

+---

+apiVersion: networking.k8s.io/v1

+kind: NetworkPolicy

+metadata:

+ name: wiki-database

+spec:

+ podSelector:

+ matchLabels:

+ app: wiki

+ role: database

+ ingress:

+ - from:

+ - podSelector:

+ matchExpressions:

+ - key: app

+ operator: In

+ values:

+ - wiki

+ - key: role

+ operator: In

+ values:

+ - app

+ ports:

+ - port: 3306

+ protocol: TCP

+---

+apiVersion: apps/v1

+kind: Deployment

+metadata:

+ name: wiki-database

+spec:

+ replicas: 1

+ selector:

+ matchLabels:

+ app: wiki

+ role: database

+ strategy:

+ type: Recreate

+ template:

+ spec:

+ containers:

+ - name: mysql

+ image: docker.io/mysql:5

+ imagePullPolicy: Always

+ resources:

+ limits:

+ cpu: 200m

+ memory: 384Mi

+ requests:

+ cpu: 100m

+ memory: 192Mi

+ ports:

+ - containerPort: 3306

+ volumeMounts:

+ - mountPath: /var/lib/mysql/

+ name: data

+ readOnly: false

+ subPath: mysql

+ env:

+ - name: MYSQL_ROOT_PASSWORD

+ valueFrom:

+ secretKeyRef:

+ name: wiki-database

+ key: root_password

+ - name: MYSQL_USER

+ valueFrom:

+ secretKeyRef:

+ name: wiki-database

+ key: user

+ - name: MYSQL_PASSWORD

+ valueFrom:

+ secretKeyRef:

+ name: wiki-database

+ key: password

+ - name: MYSQL_DATABASE

+ valueFrom:

+ secretKeyRef:

+ name: wiki-database

+ key: database

+ volumes:

+ - name: data

+ persistentVolumeClaim:

+ claimName: wiki-database

+---

+apiVersion: v1

+kind: PersistentVolumeClaim

+metadata:

+ name: wiki-database

+spec:

+ accessModes:

+ - ReadWriteOnce

+ resources:

+ requests:

+ storage: 1Gi

+---

+apiVersion: gemini.fairwinds.com/v1beta1

+kind: SnapshotGroup

+metadata:

+ name: wiki-database

+spec:

+ persistentVolumeClaim:

+ claimName: wiki-database

+ schedule:

+ - every: 12 hours

+ keep: 2

+---