Cadoles/nineskeletor
10
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

kubernites
Some checks failed
Cadoles/nineskeletor/pipeline/head There was a failure building this commit
Details

Browse Source
This commit is contained in:
afornerot
2023-06-26 09:20:23 +02:00
parent c7c1f9caa7
commit dc0e331414
55 changed files with 16295 additions and 5727 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
misc/k8s/kind/cluster/kustomization.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- https://raw.githubusercontent.com/ory/k8s/v0.30.0/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml
- https://forge.cadoles.com/CadolesKube/c-kustom//base/cloudnative-pg-operator?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/redis?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/minio?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/metallb?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/metrics?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/nginx?ref=develop

7
misc/k8s/kind/cluster/lb/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: metallb-system
resources:
- ./resources/ipaddresspoool.yaml
- ./resources/advertise.yaml

9
misc/k8s/kind/cluster/lb/resources/advertise.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: l2-ip-pool-ad
namespace: metallb-system
spec:
ipAddressPools:
- main-pool

8
misc/k8s/kind/cluster/lb/resources/ipaddresspoool.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: main-pool
namespace: metallb-system
spec:
addresses:
- 172.23.10.100-172.23.10.200

48
misc/k8s/kind/kind-cluster.yaml Normal file
View File

@ -0,0 +1,48 @@
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: nineskeletor
networking:
podSubnet: "10.110.0.0/16"
serviceSubnet: "10.115.0.0/16"
nodes:
- role: control-plane
image: kindest/node:v1.27.2
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true"
extraPortMappings:
- containerPort: 31000
hostPort: 31000
listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
- containerPort: 80
hostPort: 8080
listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
labels:
ingress-ready: true
- role: worker
image: kindest/node:v1.27.2
kubeadmConfigPatches:
- |
kind: JoinConfiguration
nodeRegistration:
kubeletExtraArgs:
system-reserved: memory=2Gi
- role: worker
image: kindest/node:v1.27.2
kubeadmConfigPatches:
- |
kind: JoinConfiguration
nodeRegistration:
kubeletExtraArgs:
system-reserved: memory=2Gi
- role: worker
image: kindest/node:v1.27.2
kubeadmConfigPatches:
- |
kind: JoinConfiguration
nodeRegistration:
kubeletExtraArgs:
system-reserved: memory=2Gi

8
misc/k8s/kustomization/base/components/app-cnpg/configurations/cnpg-cluster.yaml Normal file
View File

@ -0,0 +1,8 @@
---
nameReference:
- kind: Secret
fieldSpecs:
- path: spec/superuserSecret/name
kind: Cluster
- path: spec/bootstrap/initdb/secret/name
kind: Cluster

32
misc/k8s/kustomization/base/components/app-cnpg/kustomization.yaml Normal file
View File

@ -0,0 +1,32 @@
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
generatorOptions:
disableNameSuffixHash: true
configurations:
- ./configurations/cnpg-cluster.yaml
resources:
- ./resources/app-cnpg-cluster.yaml
secretgenerator:
- name: postgres-admin
type: secret
literals:
- username=postgres
- password=notsosecret
- name: postgres-user
type: Secret
literals:
- username=app
- password=NotSoSecretButThisIsBad
vars:
- name: POSTGRES_DATABASE_SERVICE_NAME
objref:
name: postgres
kind: Cluster
apiVersion: postgresql.cnpg.io/v1
fieldref:
fieldpath: metadata.name

17
misc/k8s/kustomization/base/components/app-cnpg/resources/app-cnpg-cluster.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: postgres
spec:
instances: 3
primaryUpdateStrategy: unsupervised
superuserSecret:
name: postgres-admin
bootstrap:
initdb:
database: app
owner: app
secret:
name: postgres-user
storage:
size: 20Gi

10
misc/k8s/kustomization/base/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
components:
- components/app-cnpg
resources:
- resources/app
- resources/minio
- resources/redis

26
misc/k8s/kustomization/base/resources/adminer/adminer-deployment.yaml Normal file
View File

@ -0,0 +1,26 @@
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
io.kompose.service: adminer
name: adminer
spec:
selector:
matchLabels:
io.kompose.service: adminer
replicas: 1
template:
metadata:
labels:
io.kompose.service: adminer
spec:
containers:
- name: adminer
image: reg.cadoles.com/afornerot/adminer
imagePullPolicy: "Always"
env:
- name: ADMINER_DESIGN
value: "pappu687"
ports:
- containerPort: 80
resources: {}

14
misc/k8s/kustomization/base/resources/adminer/adminer-service.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: adminer
name: adminer
spec:
type: ClusterIP
ports:
- name: adminer
port: 8080
targetPort: 80
selector:
io.kompose.service: adminer

6
misc/k8s/kustomization/base/resources/adminer/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- adminer-deployment.yaml
- adminer-service.yaml

90
misc/k8s/kustomization/base/resources/app/app-deployment.yaml Normal file
View File

@ -0,0 +1,90 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: app
name: app
spec:
replicas: 3
selector:
matchLabels:
io.kompose.service: app
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: app
spec:
restartPolicy: Always
containers:
- image: reg.cadoles.com/afornerot/nineskeletor
imagePullPolicy: Always
name: app-php-fpm
args: ["/usr/sbin/php-fpm81", "-F", "-e"]
resources: {}
env:
- name: PHP_FPM_LISTEN
value: 127.0.0.1:9000
- name: PHP_MEMORY_LIMIT
value: 128m
- name: PHP_FPM_MEMORY_LIMIT
value: 128m
- name: PHP_FPM_LOG_LEVEL
value: warning
- name: POSTGRES_DATABASE_SERVICE_NAME
value: $(POSTGRES_DATABASE_SERVICE_NAME)-rw
- name: POSTGRES_DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: postgres-user
key: username
- name: POSTGRES_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-user
key: password
- name: DATABASE_URL
value: "postgresql://$(POSTGRES_DATABASE_USERNAME):$(POSTGRES_DATABASE_PASSWORD)@$(POSTGRES_DATABASE_SERVICE_NAME)-rw:5432/app"
- name: REDIS_HOST
value: rfs-$(REDIS_SERVICE_NAME)
- name: REDIS_PORT
value: "26379"
- name: MINIO_SERVICE_NAME
value: $(MINIO_SERVICE_NAME)
- name: MINIO_URL
value: "http://$(MINIO_SERVICE_NAME):9000"
- name: MINIO_KEY
valueFrom:
secretKeyRef:
name: minio-secret
key: minio-root-user
- name: MINIO_SECRET
valueFrom:
secretKeyRef:
name: minio-secret
key: minio-root-password
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "/app/bin/console doctrine:migrations:migrate --no-interaction --allow-no-migration && /app/bin/console app:Init"]
- image: reg.cadoles.com/afornerot/nineskeletor
imagePullPolicy: Always
name: app-nginx
args: ["/usr/sbin/nginx"]
env:
- name: NGINX_APP_UPSTREAM_BACKEND_SERVER
value: 127.0.0.1:9000
- name: NGINX_APP_ROOT
value: "/public"
- name: NGINX_APP_PHP_INDEX
value: "/index.php"
- name: NGINX_ERROR_LOG_LEVEL
value: "warn"
- name: NGINX_APP_PHP_NON_FILE_PATTERN
value: "^/index\\.php(/|$)"
ports:
- containerPort: 8080
resources: {}

14
misc/k8s/kustomization/base/resources/app/app-service.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: app
name: app
spec:
type: ClusterIP
ports:
- name: app
port: 8080
targetPort: 8080
selector:
io.kompose.service: app

6
misc/k8s/kustomization/base/resources/app/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- app-service.yaml
- app-deployment.yaml

23
misc/k8s/kustomization/base/resources/minio/kustomization.yaml Normal file
View File

@ -0,0 +1,23 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- minio-persistentvolumeclaim.yaml
- minio-deployment.yaml
- minio-service.yaml
- minio-tenant.yaml
secretGenerator:
- name: minio-secret
literals:
- "minio-root-user=minio"
- "minio-root-password=minio123"
vars:
- name: MINIO_SERVICE_NAME
objref:
name: minio
apiVersion: minio.min.io/v2
kind: Tenant
fieldref:
fieldpath: metadata.name

44
misc/k8s/kustomization/base/resources/minio/minio-deployment.yaml Normal file
View File

@ -0,0 +1,44 @@
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: minio
labels:
io.kompose.service: minio
spec:
replicas: 3
selector:
matchLabels:
io.kompose.service: minio
template:
metadata:
labels:
io.kompose.service: minio
spec:
containers:
- name: minio
image: reg.cadoles.com/proxy_cache/minio/minio
command: ["minio"]
args: ["server", "/data"]
ports:
- name: web-ui
containerPort: 9000
volumeMounts:
- name: minio-data
mountPath: /data
resources: {}
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: minio-secret
key: minio-root-user
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: minio-secret
key: minio-root-password
volumes:
- name: minio-data
persistentVolumeClaim:
claimName: minio-data

13
misc/k8s/kustomization/base/resources/minio/minio-persistentvolumeclaim.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: minio
name: minio-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
status: {}

15
misc/k8s/kustomization/base/resources/minio/minio-service.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: minio
name: minio
spec:
ports:
- name: minio
port: 9000
targetPort: 9000
selector:
io.kompose.service: minio
status:
loadBalancer: {}

26
misc/k8s/kustomization/base/resources/minio/minio-tenant.yaml Normal file
View File

@ -0,0 +1,26 @@
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: minio
spec:
pools:
- servers: 4
name: pool-0
volumesPerServer: 2
volumeClaimTemplate:
metadata:
name: minio-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
containerSecurityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
configuration:
name: minio-configuration
users:
- name: minio-user

22
misc/k8s/kustomization/base/resources/openldap/kustomization.yaml Normal file
View File

@ -0,0 +1,22 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- openldap-deployment.yaml
- openldap-service.yaml
vars:
- name: OPENLDAP_SERVICE_NAME
objref:
name: openldap
apiVersion: v1
kind: Service
fieldref:
fieldpath: metadata.name
secretGenerator:
- name: openldap-secret
literals:
- "adminpassword=openldap"

37
misc/k8s/kustomization/base/resources/openldap/openldap-deployment.yaml Normal file
View File

@ -0,0 +1,37 @@
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: openldap
labels:
app.kubernetes.io/name: openldap
spec:
selector:
matchLabels:
app.kubernetes.io/name: openldap
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: openldap
spec:
containers:
- name: openldap
image: docker.io/bitnami/openldap:latest
imagePullPolicy: "Always"
env:
- name: LDAP_USERS
value: ""
- name: LDAP_PASSWORDS
value: ""
- name: LDAP_ADMIN_USERNAME
value: "admin"
- name: LDAP_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: openldap-secret
key: adminpassword
- name: LDAP_ROOT
value: "dc=nine,dc=fr"
ports:
- containerPort: 1389

14
misc/k8s/kustomization/base/resources/openldap/openldap-service.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: openldap
labels:
app.kubernetes.io/name: openldap
spec:
type: ClusterIP
ports:
- name: openldap
port: 389
targetPort: 1389
selector:
app.kubernetes.io/name: openldap

7
misc/k8s/kustomization/base/resources/phpldapadmin/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- phpldapadmin-deployment.yaml
- phpldapadmin-service.yaml

34
misc/k8s/kustomization/base/resources/phpldapadmin/phpldapadmin-deployment.yaml Normal file
View File

@ -0,0 +1,34 @@
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
io.kompose.service: phpldapadmin
name: phpldapadmin
spec:
selector:
matchLabels:
io.kompose.service: phpldapadmin
replicas: 1
template:
metadata:
labels:
io.kompose.service: phpldapadmin
spec:
containers:
- name: phpldapadmin
image: osixia/phpldapadmin:latest
imagePullPolicy: "Always"
env:
- name: PHPLDAPADMIN_HTTPS
value: "false"
- name: PHPLDAPADMIN_LDAP_HOSTS
value: $(OPENLDAP_SERVICE_NAME)
- name: PHPLDAPADMIN_LDAP_CLIENT_TLS
value: "false"
ports:
- containerPort: 80
resources: {}
restartPolicy: Always
serviceAccountName: ""
volumes: null
status: {}

14
misc/k8s/kustomization/base/resources/phpldapadmin/phpldapadmin-service.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: phpldapadmin
name: phpldapadmin
spec:
type: ClusterIP
ports:
- name: phpldapadmin
port: 8080
targetPort: 80
selector:
io.kompose.service: phpldapadmin

14
misc/k8s/kustomization/base/resources/redis/kustomization.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- redis-redisfailover.yaml
vars:
- name: REDIS_SERVICE_NAME
objref:
name: redis
apiVersion: databases.spotahome.com/v1
kind: RedisFailover
fieldref:
fieldpath: metadata.name

21
misc/k8s/kustomization/base/resources/redis/redis-redisfailover.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: databases.spotahome.com/v1
kind: RedisFailover
metadata:
name: redis
spec:
sentinel:
replicas: 3
resources:
requests:
cpu: 100m
limits:
memory: 100Mi
redis:
replicas: 3
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 400m
memory: 500Mi

24
misc/k8s/kustomization/base/resources/sftp/kustomization.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- sftp-deployment.yaml
- sftp-service.yaml
vars:
- name: SFTP_SERVICE_NAME
objref:
name: sftp
apiVersion: v1
kind: Service
fieldref:
fieldpath: metadata.name
secretGenerator:
- name: sftp-secret
literals:
- "user=user"
- "password=pass"
- "users=user:pass:1001:1001"

27
misc/k8s/kustomization/base/resources/sftp/sftp-deployment.yaml Normal file
View File

@ -0,0 +1,27 @@
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
io.kompose.service: sftp
name: sftp
spec:
selector:
matchLabels:
io.kompose.service: sftp
replicas: 1
template:
metadata:
labels:
io.kompose.service: sftp
spec:
containers:
- name: sftp
image: atmoz/sftp
ports:
- containerPort: 22
env:
- name: SFTP_USERS
valueFrom:
secretKeyRef:
name: sftp-secret
key: users

14
misc/k8s/kustomization/base/resources/sftp/sftp-service.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: sftp
name: sftp
spec:
type: ClusterIP
ports:
- name: sftp
port: 22
targetPort: 22
selector:
io.kompose.service: sftp

6
misc/k8s/kustomization/base/resources/sftpbrowser/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- sftpbrowser-deployment.yaml
- sftpbrowser-service.yaml

40
misc/k8s/kustomization/base/resources/sftpbrowser/sftpbrowser-deployment.yaml Normal file
View File

@ -0,0 +1,40 @@
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
io.kompose.service: sftpbrowser
name: sftpbrowser
spec:
selector:
matchLabels:
io.kompose.service: sftpbrowser
replicas: 1
template:
metadata:
labels:
io.kompose.service: sftpbrowser
spec:
containers:
- name: sftpbrowser
image: reg.cadoles.com/afornerot/sftpbrowser
imagePullPolicy: "Always"
env:
- name: SFTP_HOST
value: ${SFTP_SERVICE_NAME}
- name: SFTP_PORT
value: "22"
- name: SFTP_USER
valueFrom:
secretKeyRef:
name: sftp-secret
key: user
- name: SFTP_PASSWORD
valueFrom:
secretKeyRef:
name: sftp-secret
key: password
- name: FAKE_FILES
value: '["AFNOR"]'
ports:
- containerPort: 80
resources: {}

14
misc/k8s/kustomization/base/resources/sftpbrowser/sftpbrowser-service.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: sftpbrowser
name: sftpbrowser
spec:
type: ClusterIP
ports:
- name: sftpbrowser
port: 8080
targetPort: 80
selector:
io.kompose.service: sftpbrowser

3
misc/k8s/kustomization/base/secrets/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*
!.gitignore
!.gitkeep

0
misc/k8s/kustomization/base/secrets/.gitkeep Normal file
View File

28
misc/k8s/kustomization/overlays/dev/kustomization.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: app-dev
namePrefix: nineskeletor-
resources:
- ../../base
- ../../base/resources/adminer
- ../../base/resources/openldap
- ../../base/resources/phpldapadmin
- ../../base/resources/sftp
- ../../base/resources/sftpbrowser
- resources/namespace.yaml
- resources/ingress.yaml
patches:
- path: patches/app-deployment.yaml
- path: patches/add-registry-pull-secret.yaml
target:
kind: Deployment
version: v1
secretGenerator:
- files:
- secrets/dockerconfig/.dockerconfigjson
name: regcred-dev
type: kubernetes.io/dockerconfigjson

4
misc/k8s/kustomization/overlays/dev/patches/add-registry-pull-secret.yaml Normal file
View File

@ -0,0 +1,4 @@
- op: add
path: "/spec/template/spec/imagePullSecrets"
value:
- name: regcred-dev

15
misc/k8s/kustomization/overlays/dev/patches/app-deployment.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: app
name: app
spec:
template:
spec:
restartPolicy: Always
containers:
- name: app-php-fpm
env:
- name: APP_ENV
value: dev

42
misc/k8s/kustomization/overlays/dev/resources/ingress.yaml Normal file
View File

@ -0,0 +1,42 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "138m"
nginx.ingress.kubernetes.io/enable-cors: "true" #cf 01
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" #cf 01
spec:
ingressClassName: nginx
rules:
- host: app.dev.local
http:
paths:
- path: /adminer
pathType: Prefix
backend:
service:
name: adminer
port:
number: 8080
- path: /phpldapadmin
pathType: Prefix
backend:
service:
name: phpldapadmin
port:
number: 8080
- path: /sftpbrowser
pathType: Prefix
backend:
service:
name: sftpbrowser
port:
number: 8080
- path: /pouet
pathType: Prefix
backend:
service:
name: app
port:
number: 8080

4
misc/k8s/kustomization/overlays/dev/resources/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: app-dev

3
misc/k8s/kustomization/overlays/dev/secrets/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*
!.gitignore
!.gitkeep

0
misc/k8s/kustomization/overlays/dev/secrets/.gitkeep Normal file
View File