diff --git a/apps/docmost/base/docmost-pdb.yaml b/apps/docmost/base/docmost-pdb.yaml new file mode 100644 index 0000000..3f9d74d --- /dev/null +++ b/apps/docmost/base/docmost-pdb.yaml @@ -0,0 +1,9 @@ +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: docmost-pdb +spec: + minAvailable: 1 + selector: + matchLabels: + app: docmost diff --git a/apps/docmost/base/docmost-pv.yaml b/apps/docmost/base/docmost-pv.yaml new file mode 100644 index 0000000..5819f6c --- /dev/null +++ b/apps/docmost/base/docmost-pv.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: docmost-pv +spec: + capacity: + storage: 10Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Delete + storageClassName: local-path + local: + path: /mnt/docmost/docmost-pv + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: docmost-pv-claim +spec: + accessModes: [ReadWriteMany] + resources: + requests: + storage: 10Gi + storageClassName: local-path diff --git a/apps/docmost/base/docmost-service.yaml b/apps/docmost/base/docmost-service.yaml new file mode 100644 index 0000000..a6ed969 --- /dev/null +++ b/apps/docmost/base/docmost-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: docmost +spec: + ports: + - name: http + port: 3000 + targetPort: 3000 + clusterIP: None + selector: + app: docmost diff --git a/apps/docmost/base/docmost-statefulset.yaml b/apps/docmost/base/docmost-statefulset.yaml new file mode 100644 index 0000000..abf9c08 --- /dev/null +++ b/apps/docmost/base/docmost-statefulset.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: docmost + annotations: + kube-score/ignore: pod-networkpolicy, pod-probes, container-security-context-readonlyrootfilesystem, container-security-context-privileged, container-security-context-user-group-id, container-image-tag +spec: + serviceName: docmost + replicas: 2 + selector: + matchLabels: + app: docmost + template: + metadata: + labels: + app: docmost + spec: + containers: + - env: + - name: APP_URL + value: https://wiki.sandbox.etsmtl.club + - name: REDIS_URL + value: redis://redis.docmost.svc.cluster.local:6379 + image: docmost/docmost:0.21.0 + name: docmost + imagePullPolicy: Always + envFrom: + - secretRef: + name: docmost-secrets + ports: + - containerPort: 3000 + protocol: TCP + volumeMounts: + - mountPath: /app/data/storage + name: docmost-pv-claim + resources: + requests: + cpu: 250m + memory: 500Mi + ephemeral-storage: 256Mi + limits: + cpu: 1000m + memory: 1Gi + ephemeral-storage: 1Gi + securityContext: + runAsUser: 10001 + runAsGroup: 10001 + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readinessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: 30 + periodSeconds: 10 + imagePullSecrets: + - name: dockerhub-pull + initContainers: + - name: init-permissions + image: busybox + command: ["/bin/sh", "-c"] + resources: + requests: + cpu: "50m" + memory: "64Mi" + ephemeral-storage: "64Mi" + limits: + cpu: "100m" + memory: "128Mi" + ephemeral-storage: "128Mi" + args: + - chown -R 10001:10001 /app/data/storage; + chmod -R 770 /app/data/storage; + volumeMounts: + - mountPath: /app/data/storage + name: docmost-pv-claim + restartPolicy: Always diff --git a/apps/docmost/base/kustomization.yaml b/apps/docmost/base/kustomization.yaml new file mode 100644 index 0000000..0255e39 --- /dev/null +++ b/apps/docmost/base/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - docmost-service.yaml + - docmost-statefulset.yaml + - redis-service.yaml + - redis-statefulset.yaml + - docmost-pdb.yaml + - docmost-pv.yaml + - redis-pv.yaml diff --git a/apps/docmost/base/redis-pv.yaml b/apps/docmost/base/redis-pv.yaml new file mode 100644 index 0000000..29166a3 --- /dev/null +++ b/apps/docmost/base/redis-pv.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: redis-pv +spec: + capacity: + storage: 5Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Delete + storageClassName: local-path + local: + path: /mnt/redis/redis-pv + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: disktype + operator: In + values: + - ssd +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: redis-pv-claim +spec: + accessModes: [ReadWriteMany] + resources: + requests: + storage: 5Gi + storageClassName: local-path diff --git a/apps/docmost/base/redis-service.yaml b/apps/docmost/base/redis-service.yaml new file mode 100644 index 0000000..191d4f2 --- /dev/null +++ b/apps/docmost/base/redis-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: redis +spec: + ports: + - port: 6379 + targetPort: 6379 + clusterIP: None + selector: + app: redis diff --git a/apps/docmost/base/redis-statefulset.yaml b/apps/docmost/base/redis-statefulset.yaml new file mode 100644 index 0000000..4c14585 --- /dev/null +++ b/apps/docmost/base/redis-statefulset.yaml @@ -0,0 +1,58 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: redis + annotations: + kube-score/ignore: pod-networkpolicy, pod-probes-identical +spec: + serviceName: redis + replicas: 1 + selector: + matchLabels: + app: redis + template: + metadata: + labels: + app: redis + spec: + securityContext: + fsGroup: 1000 + containers: + - name: redis + image: redis:7.2.4 + imagePullPolicy: Always + ports: + - containerPort: 6379 + volumeMounts: + - name: redis-pv-claim + mountPath: /data + resources: + requests: + cpu: 250m + memory: 500Mi + ephemeral-storage: 256Mi + limits: + cpu: 1000m + memory: 1Gi + ephemeral-storage: 1Gi + livenessProbe: + exec: + command: + - redis-cli + - ping + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + exec: + command: + - redis-cli + - ping + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + runAsUser: 10001 + runAsGroup: 10001 + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + imagePullSecrets: + - name: dockerhub-pull diff --git a/apps/docmost/docmost.argoapp.yaml b/apps/docmost/docmost.argoapp.yaml new file mode 100644 index 0000000..ed190a1 --- /dev/null +++ b/apps/docmost/docmost.argoapp.yaml @@ -0,0 +1,20 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: docmost + namespace: argocd +spec: + destination: + namespace: docmost + server: https://cedille.kubernetes.omni.siderolabs.io?cluster=k8s-cedille-sandbox + project: k8s-cedille-sandbox + source: + path: apps/docmost/prod + repoURL: https://github.com/ClubCedille/k8s-cedille-sandbox.git + targetRevision: HEAD + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/apps/docmost/prod/httpproxy.yaml b/apps/docmost/prod/httpproxy.yaml new file mode 100644 index 0000000..c4bb80d --- /dev/null +++ b/apps/docmost/prod/httpproxy.yaml @@ -0,0 +1,19 @@ +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: docmost +spec: + virtualhost: + fqdn: wiki.sandbox.etsmtl.club + tls: + secretName: tls-delegation/sandbox-tls + routes: + - conditions: + - prefix: / + enableWebsockets: true + services: + - name: docmost + port: 3000 + timeoutPolicy: + idle: 600s + response: 600s diff --git a/apps/docmost/prod/kustomization.yaml b/apps/docmost/prod/kustomization.yaml new file mode 100644 index 0000000..210ee8c --- /dev/null +++ b/apps/docmost/prod/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +metadata: + namespace: docmost +resources: + - httpproxy.yaml + - postgres.yaml + - ../base diff --git a/apps/docmost/prod/manual-backup.yaml b/apps/docmost/prod/manual-backup.yaml new file mode 100644 index 0000000..e192981 --- /dev/null +++ b/apps/docmost/prod/manual-backup.yaml @@ -0,0 +1,12 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Backup +metadata: + name: cnpg-backup-docmost + namespace: docmost +spec: + backupOwnerReference: self + cluster: + name: postgresql-docmost + method: plugin + pluginConfiguration: + name: barman-cloud.cloudnative-pg.io diff --git a/apps/docmost/prod/postgres.yaml b/apps/docmost/prod/postgres.yaml new file mode 100644 index 0000000..9db9f0a --- /dev/null +++ b/apps/docmost/prod/postgres.yaml @@ -0,0 +1,14 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: postgresql-docmost +spec: + imageName: ghcr.io/cloudnative-pg/postgresql:17.2 + instances: 1 + bootstrap: + initdb: + database: docmost + owner: docmost + storage: + size: 15Gi + storageClass: cephfs