commit 930a6d0c658ee8d1dc407db364aa16891f1464b2 Author: Tanguy Herbron Date: Thu Mar 6 20:56:41 2025 +0100 feat: Initial configuration diff --git a/README.md b/README.md new file mode 100644 index 0000000..33d47a7 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# Dawarich + +Location tracking and history diff --git a/manifests/database-backup.yaml b/manifests/database-backup.yaml new file mode 100644 index 0000000..7eaebf2 --- /dev/null +++ b/manifests/database-backup.yaml @@ -0,0 +1,10 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: ScheduledBackup +metadata: + name: dawarich-db-backup + namespace: dawarich +spec: + schedule: "0 0 0 * * *" + backupOwnerReference: self + cluster: + name: dawarich-db diff --git a/manifests/database-ondemande-backup.yaml b/manifests/database-ondemande-backup.yaml new file mode 100644 index 0000000..eb91e30 --- /dev/null +++ b/manifests/database-ondemande-backup.yaml @@ -0,0 +1,8 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Backup +metadata: + name: dawarich-db-ondemand-backup + namespace: dawarich +spec: + cluster: + name: dawarich-db diff --git a/manifests/database-recovery.yaml b/manifests/database-recovery.yaml new file mode 100644 index 0000000..e57bd3e --- /dev/null +++ b/manifests/database-recovery.yaml @@ -0,0 +1,48 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: dawarich-db + namespace: dawarich + +spec: + instances: 3 + + storage: + size: 1Gi + storageClass: local-path + + bootstrap: + recovery: + source: dawarich-db + + postgresql: + pg_hba: + - host all all all md5 + + externalClusters: + - name: dawarich-db + barmanObjectStore: + serverName: dawarich-db + destinationPath: "s3://halis/cloudnativepg" + endpointURL: https://s3.halia.dev + s3Credentials: + accessKeyId: + name: s3-secret + key: AWS_ACCESS_KEY_ID + secretAccessKey: + name: s3-secret + key: AWS_SECRET_ACCESS_KEY + region: + name: s3-secret + key: AWS_REGION + wal: + compression: gzip + maxParallel: 8 + + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi diff --git a/manifests/database.yaml b/manifests/database.yaml new file mode 100644 index 0000000..3872485 --- /dev/null +++ b/manifests/database.yaml @@ -0,0 +1,57 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: dawarich-db + namespace: dawarich + +spec: + instances: 3 + + imageName: git.halis.io/athens-school/cnpg-postgis:17-3.5 + + storage: + size: 1Gi + storageClass: local-path + + bootstrap: + initdb: + database: dawarich + owner: dawarich + secret: + name: dawarich-db + postInitTemplateSQL: + - CREATE EXTENSION postgis; + - CREATE EXTENSION postgis_topology; + + postgresql: + pg_hba: + - host all all all md5 + + backup: + barmanObjectStore: + destinationPath: "s3://halis/cloudnativepg" + endpointURL: https://s3.halia.dev + s3Credentials: + accessKeyId: + name: s3-secret + key: AWS_ACCESS_KEY_ID + secretAccessKey: + name: s3-secret + key: AWS_SECRET_ACCESS_KEY + region: + name: s3-secret + key: AWS_REGION + wal: + compression: gzip + maxParallel: 8 + + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + + monitoring: + enablePodMonitor: true diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml new file mode 100644 index 0000000..7eca9c7 --- /dev/null +++ b/manifests/deployment.yaml @@ -0,0 +1,135 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dawarich + namespace: dawarich +spec: + replicas: 1 + selector: + matchLabels: + app: dawarich + template: + metadata: + labels: + app: dawarich + spec: + containers: + - name: dawarich + image: freikin/dawarich:0.24.1 + command: ["web-entrypoint.sh"] + args: ["bin/rails", "server", "-p", "3000", "-b", "::"] + ports: + - containerPort: 3000 + - containerPort: 9394 + name: metrics + env: + - name: RAILS_ENV + value: "production" + - name: REDIS_URL + value: "redis://dawarich-svc.dawarich.svc.cluster.local:6379/0" + - name: DATABASE_HOST + value: "dawarich-db-rw.dawarich.svc.cluster.local" + - name: DATABASE_PORT + value: "5432" + - name: DATABASE_USERNAME + valueFrom: + secretKeyRef: + name: dawarich-db + key: username + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: dawarich-db + key: password + - name: DATABASE_NAME + value: "dawarich" + - name: MIN_MINUTES_SPENT_IN_CITY + value: "60" + - name: APPLICATION_HOSTS + value: "timeline.halis.io" + - name: TIME_ZONE + value: "Europe/Copenhagen" + - name: APPLICATION_PROTOCOL + value: "http" + - name: DISTANCE_UNIT + value: "km" + - name: PROMETHEUS_EXPORTER_ENABLED + value: "false" + - name: PROMETHES_EXPORTER_HOST + value: "0.0.0.0" + - name: PROMETHES_EXPORTER_PORT + value: "9394" + - name: SECRET_KEY_BASE + valueFrom: + secretKeyRef: + name: dawarich-secrets + key: key + - name: RAILS_LOG_TO_STDOUT + value: "true" + volumeMounts: + - mountPath: "/var/app/public" + name: dawarich-public + - mountPath: "/var/app/tmp/imports/watched" + name: dawarich-watched + - name: sidekiq + image: freikin/dawarich:0.24.1 + command: ["sidekiq-entrypoint.sh"] + args: ["bundle", "exec", "sidekiq"] + env: + - name: RAILS_ENV + value: "production" + - name: REDIS_URL + value: "redis://dawarich-svc.dawarich.svc.cluster.local:6379/0" + - name: DATABASE_HOST + value: "dawarich-db-rw.dawarich.svc.cluster.local" + - name: DATABASE_PORT + value: "5432" + - name: DATABASE_USERNAME + valueFrom: + secretKeyRef: + name: dawarich-db + key: username + - name: DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: dawarich-db + key: password + - name: DATABASE_NAME + value: "dawarich" + - name: APPLICATION_HOST + value: "timeline.halis.io" + - name: BACKGROUND_PROCESSING_CONCURRENCY + value: "10" + - name: APPLICATION_PROTOCOL + value: "http" + - name: DISTANCE_UNIT + value: "km" + - name: PROMETHEUS_EXPORTER_ENABLED + value: "false" + - name: PROMETHEUS_EXPORTER_HOST + value: "0.0.0.0" + - name: PROMETHEUS_EXPORTER_PORT + value: "9394" + - name: SECRET_KEY_BASE + valueFrom: + secretKeyRef: + name: dawarich-secrets + key: key + - name: RAILS_LOG_TO_STDOUT + value: "true" + volumeMounts: + - mountPath: "/var/app/public" + name: dawarich-public + - mountPath: "/var/app/tmp/imports/watched" + name: dawarich-watched + - name: redis + image: redis:7.4.2 + ports: + - containerPort: 6379 + volumes: + - name: dawarich-public + persistentVolumeClaim: + claimName: dawarich-public-pvc + - name: dawarich-watched + persistentVolumeClaim: + claimName: dawarich-watched-pvc diff --git a/manifests/ingress.yaml b/manifests/ingress.yaml new file mode 100644 index 0000000..18c0bfb --- /dev/null +++ b/manifests/ingress.yaml @@ -0,0 +1,29 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: dawarich-ingress + namespace: dawarich + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + kubernetes.io/ingress.class: nginx-external + acme.cert-manager.io/http01-edit-in-place: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" +spec: + tls: + - hosts: + - timeline.halis.io + secretName: timeline-halis-io-tls + ingressClassName: nginx-external + rules: + - host: timeline.halis.io + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: dawarich-svc + port: + number: 80 diff --git a/manifests/kustomization.yaml b/manifests/kustomization.yaml new file mode 100644 index 0000000..244bb23 --- /dev/null +++ b/manifests/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - namespace.yaml + - secrets.yaml + - database.yaml + - database-backup.yaml + - service.yaml + - ingress.yaml + - pvc.yaml + - deployment.yaml diff --git a/manifests/namespace.yaml b/manifests/namespace.yaml new file mode 100644 index 0000000..c452ed7 --- /dev/null +++ b/manifests/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: dawarich diff --git a/manifests/pvc.yaml b/manifests/pvc.yaml new file mode 100644 index 0000000..0a41edc --- /dev/null +++ b/manifests/pvc.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: dawarich-public-pvc + namespace: dawarich + labels: + recurring-job.longhorn.io/source: enabled + recurring-job-group.longhorn.io/standard-pvc: enabled +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: redundant-storage-class +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: dawarich-watched-pvc + namespace: dawarich + labels: + recurring-job.longhorn.io/source: enabled + recurring-job-group.longhorn.io/standard-pvc: enabled +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: redundant-storage-class diff --git a/manifests/secrets.yaml b/manifests/secrets.yaml new file mode 100644 index 0000000..98eeeb1 --- /dev/null +++ b/manifests/secrets.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: dawarich-secrets + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://git.halis.io/athens-school/k3s-secrets.git + targetRevision: prod-migration + path: dawarich + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=false + - ApplyOutOfSyncOnly=true + - PruneLast=true + destination: + server: https://kubernetes.default.svc + namespace: dawarich diff --git a/manifests/service.yaml b/manifests/service.yaml new file mode 100644 index 0000000..20c541c --- /dev/null +++ b/manifests/service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: dawarich-svc + namespace: dawarich +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 3000 + - name: redis + port: 6379 + protocol: TCP + targetPort: 6379 + selector: + app: dawarich +