HGKeeper

imfreedom/k8s-cluster

Move 50-ci.imfreedom.org to kustomize

2021-06-17, Gary Kramlich

cfc67b784e47

Parents 7c63be9d5701
Children cb3b4fbc9980

Move 50-ci.imfreedom.org to kustomize

5 files changed, 311 insertions(+), 324 deletions(-)

+0 -324

50-ci.imfreedom.org.yaml

+14 -0

50-ci.imfreedom.org/postgres/kustomization.yaml

+113 -0

50-ci.imfreedom.org/postgres/manifest.yaml

+8 -0

50-ci.imfreedom.org/teamcity/kustomization.yaml

+176 -0

50-ci.imfreedom.org/teamcity/manifest.yaml

~~--- a/50-ci.imfreedom.org.yaml Thu Jun 17 02:27:31 2021 -0500~~

+++ /dev/null Thu Jan 01 00:00:00 1970 +0000

@@ -1,324 +0,0 @@

~~-# teamcity is a continuous integration system from jetbrains. This manifest~~

~~-# sets it up as well as a postgres instance.~~

~~----~~

~~-apiVersion: v1~~

~~-kind: Service~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: ci-postgres~~

~~- labels:~~

~~- app: ci~~

~~- role: db~~

~~-spec:~~

~~- ports:~~

~~- - port: 5432~~

~~- protocol: TCP~~

~~- selector:~~

~~- app: ci~~

~~- role: db~~

~~----~~

~~-apiVersion: networking.k8s.io/v1~~

~~-kind: NetworkPolicy~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: ci-postgres~~

~~- labels:~~

~~- app: ci~~

~~- role: db~~

~~-spec:~~

~~- podSelector:~~

~~- matchLabels:~~

~~- app: ci~~

~~- role: db~~

~~- ingress:~~

~~- - from:~~

~~- - podSelector:~~

~~- matchLabels:~~

~~- app: ci~~

~~- role: app~~

~~- ports:~~

~~- - port: 5432~~

~~- protocol: TCP~~

~~----~~

~~-apiVersion: apps/v1~~

~~-kind: Deployment~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: ci-postgres~~

~~- labels:~~

~~- app: ci~~

~~- role: db~~

~~-spec:~~

~~- replicas: 1~~

~~- selector:~~

~~- matchLabels:~~

~~- app: ci~~

~~- role: db~~

~~- strategy:~~

~~- type: Recreate~~

~~- template:~~

~~- metadata:~~

~~- labels:~~

~~- app: ci~~

~~- role: db~~

~~- spec:~~

~~- containers:~~

~~- - name: postgres~~

~~- image: postgres:11~~

~~- imagePullPolicy: Always~~

~~- env:~~

~~- - name: POSTGRES_USER~~

~~- valueFrom:~~

~~- secretKeyRef:~~

~~- name: ci-postgres~~

~~- key: username~~

~~- - name: POSTGRES_PASSWORD~~

~~- valueFrom:~~

~~- secretKeyRef:~~

~~- name: ci-postgres~~

~~- key: password~~

~~- - name: POSTGRES_DB~~

~~- valueFrom:~~

~~- secretKeyRef:~~

~~- name: ci-postgres~~

~~- key: db~~

~~- resources:~~

~~- limits:~~

~~- cpu: 200m~~

~~- memory: 256Mi~~

~~- requests:~~

~~- cpu: 100m~~

~~- memory: 128Mi~~

~~- ports:~~

~~- - containerPort: 5432~~

~~- volumeMounts:~~

~~- - mountPath: /var/lib/postgresql/data~~

~~- name: ci-postgres~~

~~- readOnly: false~~

~~- subPath: postgresql~~

~~- volumes:~~

~~- - name: ci-postgres~~

~~- persistentVolumeClaim:~~

~~- claimName: ci-db~~

~~----~~

~~-apiVersion: v1~~

~~-kind: PersistentVolumeClaim~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: ci-db~~

~~- labels:~~

~~- app: ci~~

~~- role: db~~

~~-spec:~~

~~- accessModes:~~

~~- - ReadWriteOnce~~

~~- resources:~~

~~- requests:~~

~~- storage: 1Gi~~

~~----~~

~~-apiVersion: gemini.fairwinds.com/v1beta1~~

~~-kind: SnapshotGroup~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: ci-db~~

~~-spec:~~

~~- persistentVolumeClaim:~~

~~- claimName: ci-db~~

~~- schedule:~~

~~- - every: 12 hours~~

~~- keep: 2~~

~~----~~

~~-apiVersion: traefik.containo.us/v1alpha1~~

~~-kind: IngressRoute~~

~~-metadata:~~

~~- name: ci-http~~

~~- namespace: imfreedom~~

~~-spec:~~

~~- entryPoints:~~

~~- - http~~

~~- routes:~~

~~- - match: Host(`ci.imfreedom.org`) || Host(`artifacts.imfreedom.org`)~~

~~- kind: Rule~~

~~- services:~~

~~- - name: ci~~

~~- port: 8111~~

~~- middlewares:~~

~~- - name: https-redirect~~

~~----~~

~~-apiVersion: traefik.containo.us/v1alpha1~~

~~-kind: Middleware~~

~~-metadata:~~

~~- name: ci-body-size~~

~~- namespace: imfreedom~~

~~-spec:~~

~~- buffering:~~

~~- maxRequestBodyBytes: 16777216~~

~~- memRequestBodyBytes: 209715~~

~~----~~

~~-apiVersion: traefik.containo.us/v1alpha1~~

~~-kind: IngressRoute~~

~~-metadata:~~

~~- name: ci~~

~~- namespace: imfreedom~~

~~-spec:~~

~~- entryPoints:~~

~~- - https~~

~~- routes:~~

~~- - match: Host(`ci.imfreedom.org`) || Host(`artifacts.imfreedom.org`)~~

~~- kind: Rule~~

~~- services:~~

~~- - name: ci~~

~~- port: 8111~~

~~- middlewares:~~

~~- # - name: ci-body-size~~

~~- - name: common-headers~~

~~- - name: hsts-headers~~

~~- tls:~~

~~- secretName: ci-tls~~

~~----~~

~~-apiVersion: cert-manager.io/v1alpha2~~

~~-kind: Certificate~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: ci-tls~~

~~-spec:~~

~~- secretName: ci-tls~~

~~- issuerRef:~~

~~- name: letsencrypt~~

~~- commonName: ci.imfreedom.org~~

~~- dnsNames:~~

~~- - ci.imfreedom.org~~

~~- - artifacts.imfreedom.org~~

~~----~~

~~-apiVersion: v1~~

~~-kind: Service~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- labels:~~

~~- app: ci~~

~~- role: app~~

~~- name: ci~~

~~-spec:~~

~~- ports:~~

~~- - port: 8111~~

~~- protocol: TCP~~

~~- selector:~~

~~- app: ci~~

~~- role: app~~

~~----~~

~~-apiVersion: networking.k8s.io/v1~~

~~-kind: NetworkPolicy~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: ci~~

~~- labels:~~

~~- app: ci~~

~~- role: app~~

~~-spec:~~

~~- podSelector:~~

~~- matchLabels:~~

~~- app: ci~~

~~- role: app~~

~~- ingress:~~

~~- - from:~~

~~- - namespaceSelector:~~

~~- matchLabels:~~

~~- name: kube-public~~

~~- podSelector:~~

~~- matchLabels:~~

~~- app: traefik~~

~~- role: controller~~

~~- ports:~~

~~- - port: 8111~~

~~- protocol: TCP~~

~~----~~

~~-apiVersion: apps/v1~~

~~-kind: Deployment~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: ci~~

~~- labels:~~

~~- app: ci~~

~~- role: app~~

~~-spec:~~

~~- replicas: 1~~

~~- selector:~~

~~- matchLabels:~~

~~- app: ci~~

~~- role: app~~

~~- strategy:~~

~~- type: Recreate~~

~~- template:~~

~~- metadata:~~

~~- labels:~~

~~- app: ci~~

~~- role: app~~

~~- spec:~~

~~- containers:~~

~~- - name: teamcity~~

~~- image: docker.io/rwgrim/teamcity-server:latest~~

~~- imagePullPolicy: Always~~

~~- env:~~

~~- - name: TEAMCITY_SERVER_MEM_OPTS~~

~~- value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Xmx3g -XX:ReservedCodeCacheSize=350m~~

~~- - name: TEAMCITY_HTTPS_PROXY_ENABLED~~

~~- value: 'true'~~

~~- ports:~~

~~- - containerPort: 8111~~

~~- resources:~~

~~- limits:~~

~~- cpu: 1000m~~

~~- memory: 3072Mi~~

~~- requests:~~

~~- cpu: 500m~~

~~- memory: 1024Mi~~

~~- volumeMounts:~~

~~- - mountPath: /data/teamcity_server/datadir/~~

~~- name: datadir~~

~~- readOnly: false~~

~~- subPath: datadir~~

~~- - mountPath: /opt/teamcity/logs/~~

~~- name: hostdir~~

~~- readOnly: false~~

~~- subPath: logs~~

~~- - mountPath: /opt/teamcity/temp/~~

~~- name: hostdir~~

~~- readOnly: false~~

~~- subPath: temp~~

~~- securityContext:~~

~~- # fsGroup: 1000~~

~~- runAsUser: 1000~~

~~- volumes:~~

~~- - name: datadir~~

~~- persistentVolumeClaim:~~

~~- claimName: ci~~

~~- - name: hostdir~~

~~- emptyDir: {}~~

~~----~~

~~-apiVersion: v1~~

~~-kind: PersistentVolumeClaim~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: ci~~

~~- labels:~~

~~- app: ci~~

~~- role: app~~

~~-spec:~~

~~- accessModes:~~

~~- - ReadWriteOnce~~

~~- resources:~~

~~- requests:~~

~~- storage: 25Gi~~

~~----~~

~~-apiVersion: gemini.fairwinds.com/v1beta1~~

~~-kind: SnapshotGroup~~

~~-metadata:~~

~~- namespace: imfreedom~~

~~- name: ci~~

~~-spec:~~

~~- persistentVolumeClaim:~~

~~- claimName: ci~~

~~- schedule:~~

~~- - every: 12 hours~~

~~- keep: 2~~

~~----~~

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/50-ci.imfreedom.org/postgres/kustomization.yaml Thu Jun 17 02:40:36 2021 -0500

@@ -0,0 +1,14 @@

+---

+namespace: imfreedom

+commonLabels:

+ app: ci

+ role: db

+resources:

+ - manifest.yaml

+secretGenerator:

+ - name: ci-postgres

+ envs:

+ - secrets/env

+ options:

+ disableNameSuffixHash: true

+---

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/50-ci.imfreedom.org/postgres/manifest.yaml Thu Jun 17 02:40:36 2021 -0500

@@ -0,0 +1,113 @@

+---

+apiVersion: v1

+kind: Service

+metadata:

+ name: ci-postgres

+spec:

+ ports:

+ - port: 5432

+ protocol: TCP

+ selector:

+ app: ci

+ role: db

+---

+apiVersion: networking.k8s.io/v1

+kind: NetworkPolicy

+metadata:

+ name: ci-postgres

+spec:

+ podSelector:

+ matchLabels:

+ app: ci

+ role: db

+ ingress:

+ - from:

+ - podSelector:

+ matchExpressions:

+ - key: app

+ operator: In

+ values:

+ - ci

+ - key: role

+ operator: In

+ values:

+ - app

+ ports:

+ - port: 5432

+ protocol: TCP

+---

+apiVersion: apps/v1

+kind: Deployment

+metadata:

+ name: ci-postgres

+spec:

+ replicas: 1

+ selector:

+ matchLabels:

+ app: ci

+ role: db

+ strategy:

+ type: Recreate

+ template:

+ spec:

+ containers:

+ - name: postgres

+ image: postgres:11

+ imagePullPolicy: Always

+ env:

+ - name: POSTGRES_USER

+ valueFrom:

+ secretKeyRef:

+ name: ci-postgres

+ key: username

+ - name: POSTGRES_PASSWORD

+ valueFrom:

+ secretKeyRef:

+ name: ci-postgres

+ key: password

+ - name: POSTGRES_DB

+ valueFrom:

+ secretKeyRef:

+ name: ci-postgres

+ key: db

+ resources:

+ limits:

+ cpu: 200m

+ memory: 256Mi

+ requests:

+ cpu: 100m

+ memory: 128Mi

+ ports:

+ - containerPort: 5432

+ volumeMounts:

+ - mountPath: /var/lib/postgresql/data

+ name: ci-postgres

+ readOnly: false

+ subPath: postgresql

+ volumes:

+ - name: ci-postgres

+ persistentVolumeClaim:

+ claimName: ci-db

+---

+apiVersion: v1

+kind: PersistentVolumeClaim

+metadata:

+ name: ci-db

+spec:

+ accessModes:

+ - ReadWriteOnce

+ resources:

+ requests:

+ storage: 1Gi

+---

+apiVersion: gemini.fairwinds.com/v1beta1

+kind: SnapshotGroup

+metadata:

+ name: ci-db

+spec:

+ persistentVolumeClaim:

+ claimName: ci-db

+ schedule:

+ - every: 12 hours

+ keep: 2

+---

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/50-ci.imfreedom.org/teamcity/kustomization.yaml Thu Jun 17 02:40:36 2021 -0500

@@ -0,0 +1,8 @@

+---

+namespace: imfreedom

+commonLabels:

+ app: ci

+ role: app

+resources:

+ - manifest.yaml

+---

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/50-ci.imfreedom.org/teamcity/manifest.yaml Thu Jun 17 02:40:36 2021 -0500

@@ -0,0 +1,176 @@

+---

+apiVersion: traefik.containo.us/v1alpha1

+kind: IngressRoute

+metadata:

+ name: ci-http

+spec:

+ entryPoints:

+ - http

+ routes:

+ - match: Host(`ci.imfreedom.org`) || Host(`artifacts.imfreedom.org`)

+ kind: Rule

+ services:

+ - name: ci

+ port: 8111

+ middlewares:

+ - name: https-redirect

+---

+apiVersion: traefik.containo.us/v1alpha1

+kind: Middleware

+metadata:

+ name: ci-body-size

+spec:

+ buffering:

+ maxRequestBodyBytes: 16777216

+ memRequestBodyBytes: 209715

+---

+apiVersion: traefik.containo.us/v1alpha1

+kind: IngressRoute

+metadata:

+ name: ci

+spec:

+ entryPoints:

+ - https

+ routes:

+ - match: Host(`ci.imfreedom.org`) || Host(`artifacts.imfreedom.org`)

+ kind: Rule

+ services:

+ - name: ci

+ port: 8111

+ middlewares:

+ # - name: ci-body-size

+ - name: common-headers

+ - name: hsts-headers

+ tls:

+ secretName: ci-tls

+---

+apiVersion: cert-manager.io/v1alpha2

+kind: Certificate

+metadata:

+ name: ci-tls

+spec:

+ secretName: ci-tls

+ issuerRef:

+ name: letsencrypt

+ commonName: ci.imfreedom.org

+ dnsNames:

+ - ci.imfreedom.org

+ - artifacts.imfreedom.org

+---

+apiVersion: v1

+kind: Service

+metadata:

+ name: ci

+spec:

+ ports:

+ - port: 8111

+ protocol: TCP

+ selector:

+ app: ci

+ role: app

+---

+apiVersion: networking.k8s.io/v1

+kind: NetworkPolicy

+metadata:

+ name: ci

+spec:

+ podSelector:

+ matchLabels:

+ app: ci

+ role: app

+ ingress:

+ - from:

+ - namespaceSelector:

+ matchLabels:

+ name: kube-public

+ podSelector:

+ matchExpressions:

+ - key: app

+ operator: In

+ values:

+ - traefik

+ - key: role

+ operator: In

+ values:

+ - controller

+ ports:

+ - port: 8111

+ protocol: TCP

+---

+apiVersion: apps/v1

+kind: Deployment

+metadata:

+ name: ci

+spec:

+ replicas: 1

+ selector:

+ matchLabels:

+ app: ci

+ role: app

+ strategy:

+ type: Recreate

+ template:

+ spec:

+ containers:

+ - name: teamcity

+ image: docker.io/rwgrim/teamcity-server:latest

+ imagePullPolicy: Always

+ env:

+ - name: TEAMCITY_SERVER_MEM_OPTS

+ value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Xmx3g -XX:ReservedCodeCacheSize=350m

+ - name: TEAMCITY_HTTPS_PROXY_ENABLED

+ value: 'true'

+ ports:

+ - containerPort: 8111

+ resources:

+ limits:

+ cpu: 1000m

+ memory: 3072Mi

+ requests:

+ cpu: 500m

+ memory: 1024Mi

+ volumeMounts:

+ - mountPath: /data/teamcity_server/datadir/

+ name: datadir

+ readOnly: false

+ subPath: datadir

+ - mountPath: /opt/teamcity/logs/

+ name: hostdir

+ readOnly: false

+ subPath: logs

+ - mountPath: /opt/teamcity/temp/

+ name: hostdir

+ readOnly: false

+ subPath: temp

+ securityContext:

+ # fsGroup: 1000

+ runAsUser: 1000

+ volumes:

+ - name: datadir

+ persistentVolumeClaim:

+ claimName: ci

+ - name: hostdir

+ emptyDir: {}

+---

+apiVersion: v1

+kind: PersistentVolumeClaim

+metadata:

+ name: ci

+spec:

+ accessModes:

+ - ReadWriteOnce

+ resources:

+ requests:

+ storage: 25Gi

+---

+apiVersion: gemini.fairwinds.com/v1beta1

+kind: SnapshotGroup

+metadata:

+ name: ci

+spec:

+ persistentVolumeClaim:

+ claimName: ci

+ schedule:

+ - every: 12 hours

+ keep: 2

+---