File tree Expand file tree Collapse file tree 14 files changed +301
-0
lines changed
svc.ez.soeren.cloud/memos
svc.pt.soeren.cloud/memos Expand file tree Collapse file tree 14 files changed +301
-0
lines changed Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion : kustomize.config.k8s.io/v1alpha1
3+ kind : Component
4+ patches :
5+ - target :
6+ kind : " Deployment"
7+ name : " memos"
8+ patch : |-
9+ - op: "add"
10+ path: "/spec/template/spec/containers/0/env/-"
11+ value:
12+ name: "MEMOS_DRIVER"
13+ value: "mysql"
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion : " kustomize.config.k8s.io/v1alpha1"
3+ kind : " Component"
4+ patches :
5+ - target :
6+ kind : " Namespace"
7+ patch : |-
8+ - op: add
9+ path: "/metadata/labels/istio-injection"
10+ value: "enabled"
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion : " networking.istio.io/v1alpha3"
3+ kind : " VirtualService"
4+ metadata :
5+ name : " memos"
6+ spec :
7+ hosts :
8+ - " memos"
9+ gateways :
10+ - " istio-system/gateway"
11+ http :
12+ - match :
13+ - uri :
14+ prefix : " /"
15+ route :
16+ - destination :
17+ host : " memos"
18+ port :
19+ number : 80
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion : " kustomize.config.k8s.io/v1alpha1"
3+ kind : " Component"
4+ resources :
5+ - " istio-virtualservice.yaml"
6+ patches :
7+ - target :
8+ kind : " NetworkPolicy"
9+ name : " memos"
10+ patch : |-
11+ - op: "add"
12+ path: "/spec/ingress/-"
13+ value:
14+ ports:
15+ - protocol: "TCP"
16+ port: "memos"
17+ from:
18+ - namespaceSelector:
19+ matchLabels:
20+ kubernetes.io/metadata.name: "istio-system"
21+ podSelector:
22+ matchLabels:
23+ istio: "ingressgateway"
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion : apps/v1
3+ kind : Deployment
4+ metadata :
5+ name : memos
6+ labels :
7+ app.kubernetes.io/name : memos
8+ annotations :
9+ reloader.stakater.com/auto : " true"
10+ spec :
11+ replicas : 1
12+ selector :
13+ matchLabels :
14+ app.kubernetes.io/name : memos
15+ template :
16+ metadata :
17+ labels :
18+ app : memos
19+ app.kubernetes.io/name : memos
20+ app.kubernetes.io/instance : memos-prod
21+ app.kubernetes.io/component : memos
22+ spec :
23+ securityContext :
24+ runAsUser : 34171
25+ runAsGroup : 34171
26+ fsGroup : 34171
27+ runAsNonRoot : true
28+ seccompProfile :
29+ type : RuntimeDefault
30+ containers :
31+ - name : " memos"
32+ image : " ghcr.io/usememos/memos:0.22.5"
33+ imagePullPolicy : " IfNotPresent"
34+ env :
35+ - name : " MEMOS_PORT"
36+ value : " 5230"
37+ - name : " MEMOS_ADDR"
38+ value : " 0.0.0.0"
39+ envFrom :
40+ - secretRef :
41+ name : " memos"
42+ optional : true
43+ ports :
44+ - containerPort : 5230
45+ name : " memos"
46+ securityContext :
47+ allowPrivilegeEscalation : false
48+ readOnlyRootFilesystem : true
49+ runAsUser : 34171
50+ runAsGroup : 34171
51+ capabilities :
52+ drop :
53+ - " ALL"
54+ seccompProfile :
55+ type : " RuntimeDefault"
56+ livenessProbe :
57+ httpGet :
58+ path : " /"
59+ port : " memos"
60+ initialDelaySeconds : 15
61+ readinessProbe :
62+ httpGet :
63+ path : " /"
64+ port : " memos"
65+ initialDelaySeconds : 5
66+ startupProbe :
67+ httpGet :
68+ path : " /"
69+ port : memos
70+ failureThreshold : 60
71+ periodSeconds : 10
72+ resources :
73+ limits :
74+ memory : " 256Mi"
75+ requests :
76+ cpu : " 5m"
77+ memory : " 32Mi"
78+ volumeMounts :
79+ - name : storage
80+ mountPath : /var/opt/memos
81+ - name : tmp
82+ mountPath : /tmp
83+ volumes :
84+ - name : storage
85+ emptyDir :
86+ sizeLimit : 1Gi
87+ - name : tmp
88+ emptyDir :
89+ sizeLimit : 50M
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion : kustomize.config.k8s.io/v1beta1
3+ kind : Kustomization
4+ resources :
5+ - deployment.yaml
6+ - service.yaml
7+ - networkpolicy.yaml
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion : networking.k8s.io/v1
3+ kind : NetworkPolicy
4+ metadata :
5+ name : " memos"
6+ spec :
7+ podSelector :
8+ matchLabels :
9+ app.kubernetes.io/name : " memos"
10+ policyTypes :
11+ - Egress
12+ - Ingress
13+ ingress :
14+ - ports :
15+ - protocol : TCP
16+ port : " memos"
17+ from : []
18+ egress :
19+ - to :
20+ - ipBlock :
21+ cidr : 192.168.0.0/16
22+ ports :
23+ - port : 3306
24+ protocol : TCP
25+ - port : 3307
26+ protocol : TCP
27+ - to :
28+ - ipBlock :
29+ cidr : 0.0.0.0/0
30+ except :
31+ - 192.168.0.0/16
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion : v1
3+ kind : Service
4+ metadata :
5+ name : memos
6+ spec :
7+ ports :
8+ - port : 80
9+ targetPort : memos
10+ selector :
11+ app.kubernetes.io/name : memos
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion : external-secrets.io/v1beta1
3+ kind : ExternalSecret
4+ metadata :
5+ name : " memos"
6+ spec :
7+ refreshInterval : 12h
8+ secretStoreRef :
9+ name : " vault"
10+ kind : " ClusterSecretStore"
11+ target :
12+ name : " memos"
13+ template :
14+ engineVersion : v2
15+ data :
16+ MEMOS_DSN : " memos:{{ .password }}@tcp(dbs.ez.soeren.cloud:3306)/memos?charset=utf8&parseTime=True&loc=Local&tls=true"
17+ data :
18+ - secretKey : " password"
19+ remoteRef :
20+ key : " secret/soeren.cloud/env/prod/mariadb/galera-prod/memos/memos"
21+ property : " password"
Original file line number Diff line number Diff line change 1+ ---
2+ apiVersion : " kustomize.config.k8s.io/v1beta1"
3+ kind : " Kustomization"
4+ namespace : " memos"
5+ resources :
6+ - " namespace.yaml"
7+ - " ../../../apps/memos"
8+ - " external-secret-memos.yaml"
9+ components :
10+ - " ../../../apps/memos/components/istio"
11+ - " ../../../apps/memos/components/istio-proxy"
12+ - " ../../../apps/memos/components/database-mariadb"
13+ patches :
14+ - target :
15+ kind : " VirtualService"
16+ name : " memos"
17+ patch : |-
18+ - op: "replace"
19+ path: "/spec/hosts"
20+ value:
21+ - "memos.svc.ez.soeren.cloud"
You can’t perform that action at this time.
0 commit comments