add ghostfolio

soerenschneider · soerenschneider · commit 2992a1bd89af · 2024-11-11T22:23:06.000+01:00
diff --git a/apps/ghostfolio/components/postgres/postgres-deployment.yaml b/apps/ghostfolio/components/postgres/postgres-deployment.yaml
@@ -62,12 +62,12 @@ spec:
             - name: "POSTGRES_USER"
               valueFrom:
                 secretKeyRef:
-                  name: "ghostfolio"
+                  name: "ghostfolio-postgres"
                   key: "POSTGRES_USER"
             - name: "POSTGRES_PASSWORD"
               valueFrom:
                 secretKeyRef:
-                  name: "ghostfolio"
+                  name: "ghostfolio-postgres"
                   key: "POSTGRES_PASSWORD"
             - name: "PGDATA"
               value: "/data/pgdata"
diff --git a/clusters/svc.ez.soeren.cloud/ghostfolio/external-secret-ghostfolio.yaml b/clusters/svc.ez.soeren.cloud/ghostfolio/external-secret-ghostfolio.yaml
@@ -0,0 +1,35 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: "ghostfolio"
+spec:
+  refreshInterval: 12h
+  secretStoreRef:
+    name: "vault"
+    kind: "ClusterSecretStore"
+  target:
+    name: "ghostfolio"
+    template:
+      engineVersion: v2
+      data:
+        DATABASE_URL: "postgresql://{{ .postgres_user }}:{{ .postgres_password }}@postgres:5432/ghostfolio?connect_timeout=300"
+        JWT_SECRET_KEY: "{{ .jwt_secret_key }}"
+        ACCESS_TOKEN_SALT: "{{ .access_token_salt }}"
+  data:
+    - secretKey: "postgres_user"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/ghostfolio"
+        property: "POSTGRES_USER"
+    - secretKey: "postgres_password"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/ghostfolio"
+        property: "POSTGRES_PASSWORD"
+    - secretKey: "jwt_secret_key"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/ghostfolio"
+        property: "JWT_SECRET"
+    - secretKey: "access_token_salt"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/ghostfolio"
+        property: "ACCESS_TOKEN_SALT"
diff --git a/clusters/svc.ez.soeren.cloud/ghostfolio/external-secret-postgres.yaml b/clusters/svc.ez.soeren.cloud/ghostfolio/external-secret-postgres.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: "ghostfolio-postgres"
+spec:
+  refreshInterval: 12h
+  secretStoreRef:
+    name: "vault"
+    kind: "ClusterSecretStore"
+  target:
+    name: "ghostfolio-postgres"
+    creationPolicy: "Owner"
+  data:
+    - secretKey: "POSTGRES_USER"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/ghostfolio"
+        property: "POSTGRES_USER"
+    - secretKey: "POSTGRES_PASSWORD"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/ghostfolio"
+        property: "POSTGRES_PASSWORD"
diff --git a/clusters/svc.ez.soeren.cloud/ghostfolio/kustomization.yaml b/clusters/svc.ez.soeren.cloud/ghostfolio/kustomization.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: "ghostfolio"
+resources:
+  - "../../../apps/ghostfolio"
+  - "namespace.yaml"
+  - "postgres-data-pv.yaml"
+  - "external-secret-ghostfolio.yaml"
+  - "external-secret-postgres.yaml"
+components:
+  - ../../../apps/ghostfolio/components/istio
+  - ../../../apps/ghostfolio/components/postgres
+  - ../../../apps/ghostfolio/components/postgres-pvc
+  - ../../../apps/ghostfolio/components/redis
+patches:
+  - target:
+      kind: "VirtualService"
+      name: "ghostfolio"
+    patch: |
+      - op: "replace"
+        path: "/spec/hosts"
+        value:
+          - "ghostfolio.svc.ez.soeren.cloud"
diff --git a/clusters/svc.ez.soeren.cloud/ghostfolio/namespace.yaml b/clusters/svc.ez.soeren.cloud/ghostfolio/namespace.yaml
@@ -0,0 +1,7 @@
+---
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: ghostfolio
+  labels:
+    name: ghostfolio
diff --git a/clusters/svc.ez.soeren.cloud/ghostfolio/postgres-data-pv.yaml b/clusters/svc.ez.soeren.cloud/ghostfolio/postgres-data-pv.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: ghostfolio-postgres
+spec:
+  accessModes:
+    - ReadWriteOnce
+  capacity:
+    storage: 1Gi
+  storageClassName: local-storage
+  local:
+    path: "/mnt/k8s/ghostfolio-postgres"
+  claimRef:
+    namespace: "ghostfolio"
+    name: "ghostfolio-postgres"
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - k8s.ez.soeren.cloud
