Like 0
Fork 0

Last active 1740003215

naomi's Avatar naomi revised this gist 1740003215. Go to revision

1 file changed, 493 insertions

tandoor.yaml(file created)

@@ -0,0 +1,493 @@
1 + ---
2 + apiVersion: v1
3 + kind: Namespace
4 + metadata:
5 + name: tandoor
6 + ---
7 + # kubectl -n tandoor create secret generic recipes --from-literal=postgresql-password=$(openssl rand -base64 33) --from-literal=postgresql-postgres-password=$(openssl rand -base64 33) --from-literal=secret-key=$(openssl rand -hex 32)
8 + #kind: Secret
9 + #apiVersion: v1
10 + #metadata:
11 + # name: recipes
12 + # namespace: tandoor
13 + #type: Opaque
14 + #data:
15 + # postgresql-password: ...
16 + # postgresql-postgres-password: ...
17 + # secret-key: ...
18 + ---
19 + kind: ConfigMap
20 + apiVersion: v1
21 + metadata:
22 + labels:
23 + app: recipes
24 + name: recipes-nginx-config
25 + namespace: tandoor
26 + data:
27 + nginx-config: |-
28 + events {
29 + worker_connections 1024;
30 + }
31 + http {
32 + include mime.types;
33 + server {
34 + listen 80;
35 + server_name _;
36 +
37 + client_max_body_size 16M;
38 +
39 + # serve static files
40 + location /static/ {
41 + alias /static/;
42 + }
43 + # serve media files
44 + location /media/ {
45 + alias /media/;
46 + }
47 + }
48 + }
49 + ---
50 + apiVersion: v1
51 + kind: ServiceAccount
52 + metadata:
53 + name: recipes
54 + namespace: tandoor
55 + ---
56 + apiVersion: v1
57 + kind: PersistentVolumeClaim
58 + metadata:
59 + name: recipes-media
60 + namespace: tandoor
61 + labels:
62 + app: recipes
63 + spec:
64 + accessModes:
65 + - ReadWriteMany
66 + resources:
67 + requests:
68 + storage: 100Gi
69 + storageClassName: rook-cephfs
70 + ---
71 + apiVersion: v1
72 + kind: PersistentVolumeClaim
73 + metadata:
74 + name: recipes-static
75 + namespace: tandoor
76 + labels:
77 + app: recipes
78 + spec:
79 + accessModes:
80 + - ReadWriteMany
81 + resources:
82 + requests:
83 + storage: 100Gi
84 + storageClassName: rook-cephfs
85 + ---
86 + apiVersion: apps/v1
87 + kind: StatefulSet
88 + metadata:
89 + labels:
90 + app: recipes
91 + tier: database
92 + name: recipes-postgresql
93 + namespace: tandoor
94 + spec:
95 + replicas: 1
96 + selector:
97 + matchLabels:
98 + app: recipes
99 + serviceName: recipes-postgresql
100 + updateStrategy:
101 + type: RollingUpdate
102 + template:
103 + metadata:
104 + annotations:
105 + backup.velero.io/backup-volumes: data
106 + labels:
107 + app: recipes
108 + tier: database
109 + name: recipes-postgresql
110 + spec:
111 + containers:
112 + - name: recipes-db
113 + env:
114 + - name: BITNAMI_DEBUG
115 + value: "false"
116 + - name: POSTGRESQL_PORT_NUMBER
117 + value: "5432"
118 + - name: POSTGRESQL_VOLUME_DIR
119 + value: /bitnami/postgresql
120 + - name: PGDATA
121 + value: /bitnami/postgresql/data
122 + - name: POSTGRES_USER
123 + value: recipes
124 + - name: POSTGRES_PASSWORD
125 + valueFrom:
126 + secretKeyRef:
127 + name: recipes
128 + key: postgresql-password
129 + - name: POSTGRESQL_POSTGRES_PASSWORD
130 + valueFrom:
131 + secretKeyRef:
132 + name: recipes
133 + key: postgresql-postgres-password
134 + - name: POSTGRES_DB
135 + value: recipes
136 + image: docker.io/bitnami/postgresql:15.5.0-debian-11-r17
137 + imagePullPolicy: IfNotPresent
138 + livenessProbe:
139 + exec:
140 + command:
141 + - sh
142 + - -c
143 + - exec pg_isready -U "postgres" -d "wiki" -h 127.0.0.1 -p 5432
144 + failureThreshold: 6
145 + initialDelaySeconds: 30
146 + periodSeconds: 10
147 + successThreshold: 1
148 + timeoutSeconds: 5
149 + ports:
150 + - containerPort: 5432
151 + name: postgresql
152 + protocol: TCP
153 + readinessProbe:
154 + exec:
155 + command:
156 + - sh
157 + - -c
158 + - -e
159 + - |
160 + pg_isready -U "postgres" -d "wiki" -h 127.0.0.1 -p 5432
161 + [ -f /opt/bitnami/postgresql/tmp/.initialized ]
162 + failureThreshold: 6
163 + initialDelaySeconds: 5
164 + periodSeconds: 10
165 + successThreshold: 1
166 + timeoutSeconds: 5
167 + resources:
168 + requests:
169 + cpu: 250m
170 + memory: 256Mi
171 + securityContext:
172 + runAsUser: 1001
173 + terminationMessagePath: /dev/termination-log
174 + terminationMessagePolicy: File
175 + volumeMounts:
176 + - mountPath: /bitnami/postgresql
177 + name: data
178 + dnsPolicy: ClusterFirst
179 + initContainers:
180 + - command:
181 + - sh
182 + - -c
183 + - |
184 + mkdir -p /bitnami/postgresql/data
185 + chmod 700 /bitnami/postgresql/data
186 + find /bitnami/postgresql -mindepth 0 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
187 + xargs chown -R 1001:1001
188 + image: docker.io/bitnami/minideb:stretch
189 + imagePullPolicy: Always
190 + name: init-chmod-data
191 + resources:
192 + requests:
193 + cpu: 250m
194 + memory: 256Mi
195 + securityContext:
196 + runAsUser: 0
197 + volumeMounts:
198 + - mountPath: /bitnami/postgresql
199 + name: data
200 + restartPolicy: Always
201 + securityContext:
202 + fsGroup: 1001
203 + serviceAccount: recipes
204 + serviceAccountName: recipes
205 + terminationGracePeriodSeconds: 30
206 + volumeClaimTemplates:
207 + - apiVersion: v1
208 + kind: PersistentVolumeClaim
209 + metadata:
210 + name: data
211 + spec:
212 + accessModes:
213 + - ReadWriteOnce
214 + resources:
215 + requests:
216 + storage: 50Gi
217 + volumeMode: Filesystem
218 + storageClassName: rook-ssd-block
219 + ---
220 + apiVersion: v1
221 + kind: Service
222 + metadata:
223 + labels:
224 + app: recipes
225 + tier: database
226 + name: recipes-postgresql
227 + namespace: tandoor
228 + spec:
229 + ports:
230 + - name: postgresql
231 + port: 5432
232 + protocol: TCP
233 + targetPort: postgresql
234 + selector:
235 + app: recipes
236 + tier: database
237 + sessionAffinity: None
238 + type: ClusterIP
239 + ---
240 + apiVersion: apps/v1
241 + kind: Deployment
242 + metadata:
243 + name: recipes
244 + namespace: tandoor
245 + labels:
246 + app: recipes
247 + environment: production
248 + tier: frontend
249 + spec:
250 + replicas: 1
251 + strategy:
252 + type: Recreate
253 + selector:
254 + matchLabels:
255 + app: recipes
256 + environment: production
257 + template:
258 + metadata:
259 + annotations:
260 + backup.velero.io/backup-volumes: media,static
261 + labels:
262 + app: recipes
263 + tier: frontend
264 + environment: production
265 + spec:
266 + restartPolicy: Always
267 + serviceAccount: recipes
268 + serviceAccountName: recipes
269 + initContainers:
270 + - name: init-chmod-data
271 + env:
272 + - name: SECRET_KEY
273 + valueFrom:
274 + secretKeyRef:
275 + name: recipes
276 + key: secret-key
277 + - name: DB_ENGINE
278 + value: django.db.backends.postgresql
279 + - name: POSTGRES_HOST
280 + value: recipes-postgresql
281 + - name: POSTGRES_PORT
282 + value: "5432"
283 + - name: POSTGRES_USER
284 + value: postgres
285 + - name: POSTGRES_DB
286 + value: recipes
287 + - name: POSTGRES_PASSWORD
288 + valueFrom:
289 + secretKeyRef:
290 + name: recipes
291 + key: postgresql-postgres-password
292 + image: vabene1111/recipes
293 + imagePullPolicy: Always
294 + resources:
295 + requests:
296 + cpu: 250m
297 + memory: 64Mi
298 + command:
299 + - sh
300 + - -c
301 + - |
302 + set -e
303 + source venv/bin/activate
304 + echo "Updating database"
305 + python manage.py migrate
306 + python manage.py collectstatic_js_reverse
307 + python manage.py collectstatic --noinput
308 + echo "Setting media file attributes"
309 + chown -R 65534:65534 /opt/recipes/mediafiles
310 + find /opt/recipes/mediafiles -type d | xargs -r chmod 755
311 + find /opt/recipes/mediafiles -type f | xargs -r chmod 644
312 + echo "Done"
313 + securityContext:
314 + runAsUser: 0
315 + volumeMounts:
316 + - mountPath: /opt/recipes/mediafiles
317 + name: media
318 + # mount as subPath due to lost+found on ext4 pvc
319 + subPath: files
320 + - mountPath: /opt/recipes/staticfiles
321 + name: static
322 + # mount as subPath due to lost+found on ext4 pvc
323 + subPath: files
324 + containers:
325 + - name: recipes-nginx
326 + image: nginx:latest
327 + imagePullPolicy: IfNotPresent
328 + ports:
329 + - containerPort: 80
330 + protocol: TCP
331 + name: http
332 + - containerPort: 8080
333 + protocol: TCP
334 + name: gunicorn
335 + resources:
336 + requests:
337 + cpu: 250m
338 + memory: 64Mi
339 + volumeMounts:
340 + - mountPath: /media
341 + name: media
342 + # mount as subPath due to lost+found on ext4 pvc
343 + subPath: files
344 + - mountPath: /static
345 + name: static
346 + # mount as subPath due to lost+found on ext4 pvc
347 + subPath: files
348 + - name: nginx-config
349 + mountPath: /etc/nginx/nginx.conf
350 + subPath: nginx-config
351 + readOnly: true
352 + - name: recipes
353 + image: vabene1111/recipes
354 + imagePullPolicy: IfNotPresent
355 + command:
356 + - /opt/recipes/venv/bin/gunicorn
357 + - -b
358 + - :8080
359 + - --access-logfile
360 + - "-"
361 + - --error-logfile
362 + - "-"
363 + - --log-level
364 + - INFO
365 + - recipes.wsgi
366 + livenessProbe:
367 + failureThreshold: 3
368 + httpGet:
369 + path: /
370 + port: 8080
371 + scheme: HTTP
372 + periodSeconds: 30
373 + readinessProbe:
374 + httpGet:
375 + path: /
376 + port: 8080
377 + scheme: HTTP
378 + periodSeconds: 30
379 + resources:
380 + requests:
381 + cpu: 250m
382 + memory: 64Mi
383 + volumeMounts:
384 + - mountPath: /opt/recipes/mediafiles
385 + name: media
386 + # mount as subPath due to lost+found on ext4 pvc
387 + subPath: files
388 + - mountPath: /opt/recipes/staticfiles
389 + name: static
390 + # mount as subPath due to lost+found on ext4 pvc
391 + subPath: files
392 + env:
393 + - name: DEBUG
394 + value: "0"
395 + - name: ALLOWED_HOSTS
396 + value: '*'
397 + - name: SECRET_KEY
398 + valueFrom:
399 + secretKeyRef:
400 + name: recipes
401 + key: secret-key
402 + - name: GUNICORN_MEDIA
403 + value: "0"
404 + - name: DB_ENGINE
405 + value: django.db.backends.postgresql
406 + - name: POSTGRES_HOST
407 + value: recipes-postgresql
408 + - name: POSTGRES_PORT
409 + value: "5432"
410 + - name: POSTGRES_USER
411 + value: postgres
412 + - name: POSTGRES_DB
413 + value: recipes
414 + - name: POSTGRES_PASSWORD
415 + valueFrom:
416 + secretKeyRef:
417 + name: recipes
418 + key: postgresql-postgres-password
419 + securityContext:
420 + runAsUser: 65534
421 + volumes:
422 + - name: media
423 + persistentVolumeClaim:
424 + claimName: recipes-media
425 + - name: static
426 + persistentVolumeClaim:
427 + claimName: recipes-static
428 + - name: nginx-config
429 + configMap:
430 + name: recipes-nginx-config
431 + ---
432 + apiVersion: v1
433 + kind: Service
434 + metadata:
435 + name: recipes
436 + namespace: tandoor
437 + labels:
438 + app: recipes
439 + tier: frontend
440 + spec:
441 + selector:
442 + app: recipes
443 + tier: frontend
444 + environment: production
445 + ports:
446 + - port: 80
447 + targetPort: http
448 + name: http
449 + protocol: TCP
450 + - port: 8080
451 + targetPort: gunicorn
452 + name: gunicorn
453 + protocol: TCP
454 + ---
455 + apiVersion: networking.k8s.io/v1
456 + kind: Ingress
457 + metadata:
458 + annotations:
459 + kubernetes.io/tls-acme: "true"
460 + cert-manager.io/cluster-issuer: letsencrypt-prod
461 + name: recipes
462 + namespace: tandoor
463 + spec:
464 + ingressClassName: nginx
465 + rules:
466 + - host: recipes.tblflp.net
467 + http:
468 + paths:
469 + - backend:
470 + service:
471 + name: recipes
472 + port:
473 + number: 8080
474 + path: /
475 + pathType: Prefix
476 + - backend:
477 + service:
478 + name: recipes
479 + port:
480 + number: 80
481 + path: /media
482 + pathType: Prefix
483 + - backend:
484 + service:
485 + name: recipes
486 + port:
487 + number: 80
488 + path: /static
489 + pathType: Prefix
490 + tls:
491 + - hosts:
492 + - recipes.tblflp.net
493 + secretName: recipes-local-tls
Newer Older

Powered by Opengist Load: 90ms

English