install miniflux

soerenschneider · soerenschneider · commit a4fba376a08b · 2025-03-11T22:04:16.000+01:00
diff --git a/clusters/svc.ez.soeren.cloud/miniflux/external-secret-miniflux-postgres-restic.yaml b/clusters/svc.ez.soeren.cloud/miniflux/external-secret-miniflux-postgres-restic.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: "external-secrets.io/v1beta1"
+kind: "ExternalSecret"
+metadata:
+  name: "miniflux-restic-postgres"
+spec:
+  refreshInterval: "1h"
+  secretStoreRef:
+    name: "vault"
+    kind: "ClusterSecretStore"
+  target:
+    name: "miniflux-restic-postgres"
+    creationPolicy: "Owner"
+  data:
+    - secretKey: "AWS_ACCESS_KEY_ID"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/restic/miniflux/aws-credentials"
+        property: "AWS_ACCESS_KEY_ID"
+    - secretKey: "AWS_SECRET_ACCESS_KEY"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/restic/miniflux/aws-credentials"
+        property: "AWS_SECRET_ACCESS_KEY"
+    - secretKey: "RESTIC_PASSWORD"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/restic/miniflux/restic"
+        property: "pass"
+    - secretKey: "POSTGRES_USER"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/miniflux-postgres"
+        property: "POSTGRES_USER"
+    - secretKey: "POSTGRES_PASSWORD"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/miniflux-postgres"
+        property: "POSTGRES_PASSWORD"
diff --git a/clusters/svc.ez.soeren.cloud/miniflux/external-secret-miniflux-postgres.yaml b/clusters/svc.ez.soeren.cloud/miniflux/external-secret-miniflux-postgres.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: "external-secrets.io/v1beta1"
+kind: "ExternalSecret"
+metadata:
+  name: "miniflux-postgres"
+spec:
+  refreshInterval: "12h"
+  secretStoreRef:
+    name: "vault"
+    kind: "ClusterSecretStore"
+  target:
+    name: "miniflux-postgres"
+    creationPolicy: "Owner"
+  data:
+    - secretKey: "POSTGRES_USER"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/miniflux-postgres"
+        property: "POSTGRES_USER"
+    - secretKey: "POSTGRES_PASSWORD"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/miniflux-postgres"
+        property: "POSTGRES_PASSWORD"
diff --git a/clusters/svc.ez.soeren.cloud/miniflux/external-secret-miniflux.yaml b/clusters/svc.ez.soeren.cloud/miniflux/external-secret-miniflux.yaml
@@ -0,0 +1,35 @@
+---
+apiVersion: "external-secrets.io/v1beta1"
+kind: "ExternalSecret"
+metadata:
+  name: "miniflux"
+spec:
+  refreshInterval: 12h
+  secretStoreRef:
+    name: "vault"
+    kind: "ClusterSecretStore"
+  target:
+    name: "miniflux"
+    template:
+      engineVersion: v2
+      data:
+        DATABASE_URL: "postgres://{{ .POSTGRES_USER }}:{{ .POSTGRES_PASSWORD }}@postgres/miniflux?sslmode=disable"
+        ADMIN_USERNAME: "{{ .ADMIN_USERNAME }}"
+        ADMIN_PASSWORD: "{{ .ADMIN_PASSWORD }}"
+  data:
+    - secretKey: "POSTGRES_USER"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/miniflux-postgres"
+        property: "POSTGRES_USER"
+    - secretKey: "POSTGRES_PASSWORD"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/miniflux-postgres"
+        property: "POSTGRES_PASSWORD"
+    - secretKey: "ADMIN_USERNAME"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/miniflux"
+        property: "ADMIN_USERNAME"
+    - secretKey: "ADMIN_PASSWORD"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/miniflux"
+        property: "ADMIN_PASSWORD"
diff --git a/clusters/svc.ez.soeren.cloud/miniflux/kustomization.yaml b/clusters/svc.ez.soeren.cloud/miniflux/kustomization.yaml
@@ -0,0 +1,38 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: miniflux
+resources:
+  - namespace.yaml
+  - pv.yaml
+  - external-secret-miniflux.yaml
+  - external-secret-miniflux-postgres.yaml
+  - external-secret-miniflux-postgres-restic.yaml
+  - ../../../apps/miniflux
+components:
+  - ../../../apps/miniflux/components/istio
+  - ../../../apps/miniflux/components/postgres
+  - ../../../apps/miniflux/components/postgres-pvc
+  - ../../../apps/miniflux/components/restic-postgres
+patches:
+  - target:
+      kind: "VirtualService"
+      name: "miniflux"
+    patch: |-
+      - op: replace
+        path: /spec/hosts
+        value:
+          - miniflux.svc.ez.soeren.cloud
+configMapGenerator:
+  - name: miniflux
+    behavior: merge
+    literals:
+      - CREATE_ADMIN=1
+  - name: miniflux-restic-postgres
+    literals:
+      - "RETENTION_DAYS=7"
+      - "RETENTION_WEEKS=4"
+      - "RETENTION_MONTHS=6"
+      - RESTIC_REPOSITORY=s3:https://s3.amazonaws.com/soerenschneider-restic-prod/miniflux
+      - RESTIC_BACKUP_ID=miniflux
+      - POSTGRES_HOST=postgres
diff --git a/clusters/svc.ez.soeren.cloud/miniflux/namespace.yaml b/clusters/svc.ez.soeren.cloud/miniflux/namespace.yaml
@@ -0,0 +1,7 @@
+---
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: miniflux
+  labels:
+    name: miniflux
diff --git a/clusters/svc.ez.soeren.cloud/miniflux/pv.yaml b/clusters/svc.ez.soeren.cloud/miniflux/pv.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: "v1"
+kind: "PersistentVolume"
+metadata:
+  name: "miniflux-postgres"
+spec:
+  accessModes:
+    - "ReadWriteOnce"
+  capacity:
+    storage: "5Gi"
+  volumeMode: "Filesystem"
+  storageClassName: "local-storage"
+  persistentVolumeReclaimPolicy: "Retain"
+  claimRef:
+    namespace: "miniflux"
+    name: "miniflux-postgres"
+  local:
+    path: "/mnt/k8s/miniflux-postgres"
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: "kubernetes.io/hostname"
+              operator: "In"
+              values:
+                - "k8s.ez.soeren.cloud"
