feat: Initial commit

manifests/cache.yaml

@@ -0,0 +1,19 @@
+apiVersion: dragonflydb.io/v1alpha1
+kind: Dragonfly
+metadata:
+  name: ghostfolio-cache
+  namespace: ghostfolio
+spec:
+  replicas: 3
+  authentication:
+    passwordFromSecret:
+      name: ghostfolio-secrets
+      key: DRAGONFLY_PASSWORD
+  resources:
+    requests:
+      cpu: 500m
+      memory: 500Mi
+    limits:
+      cpu: 600m
+      memory: 750Mi
+

manifests/database-backup.yaml

@@ -0,0 +1,10 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: ScheduledBackup
+metadata:
+  name: ghostfolio-db-backup
+  namespace: ghostfolio
+spec:
+  schedule: "0 0 0 * * *"
+  backupOwnerReference: self
+  cluster:
+    name: ghostfolio-db

manifests/database.yaml

@@ -0,0 +1,53 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: ghostfolio-db
+  namespace: ghostfolio
+
+spec:
+  imageName: ghcr.io/cloudnative-pg/postgresql:17.2
+  instances: 3
+
+  storage:
+    size: 1Gi
+    storageClass: local-path
+
+  bootstrap:
+    initdb:
+      database: ghostfolio
+      owner: ghostfolio
+      secret:
+        name: ghostfolio-db
+
+  postgresql:
+    pg_hba:
+      - host all all all md5
+
+  backup:
+    barmanObjectStore:
+      destinationPath: "s3://halis/cloudnativepg"
+      endpointURL: https://s3.halia.dev
+      s3Credentials:
+        accessKeyId:
+          name: s3-secret
+          key: AWS_ACCESS_KEY_ID
+        secretAccessKey:
+          name: s3-secret
+          key: AWS_SECRET_ACCESS_KEY
+        region:
+          name: s3-secret
+          key: AWS_REGION
+      wal:
+        compression: gzip
+        maxParallel: 8
+
+  resources:
+    requests:
+      cpu: 100m
+      memory: 100Mi
+    limits:
+      cpu: 500m
+      memory: 500Mi
+
+  monitoring:
+    enablePodMonitor: true

manifests/deployment.yaml

@@ -0,0 +1,46 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+    name: ghostfolio
+    namespace: ghostfolio
+spec:
+    replicas: 1
+    selector:
+        matchLabels:
+            app: ghostfolio
+    template:
+        metadata:
+            labels:
+                app: ghostfolio
+        spec:
+            hostname: ghostfolio
+            subdomain: ghostfolio
+            containers:
+              - name: ghostfolio
+                image: ghostfolio/ghostfolio:2.139.1
+                ports:
+                  - containerPort: 3333
+                env:
+                  - name: DB_USER
+                    valueFrom:
+                      secretKeyRef:
+                        name: ghostfolio-db
+                        key: username
+                  - name: DB_PASSWORD
+                    valueFrom:
+                      secretKeyRef:
+                        name: ghostfolio-db
+                        key: password
+                  - name: DATABASE_URL
+                    value: "postgresql://$(DB_USER):$(DB_PASSWORD)@ghostfolio-db-rw.ghostfolio.svc.cluster.local:5432/ghostfolio"
+                  - name: NODE_ENV
+                    value: production
+                  - name: REDIS_HOST
+                    value: ghostfolio-cache.ghostfolio.svc.cluster.local
+                  - name: REDIS_PORT
+                    value: "6379"
+                  - name: REDIS_PASSWORD
+                    valueFrom:
+                      secretKeyRef:
+                        name: ghostfolio-secrets
+                        key: DRAGONFLY_PASSWORD

manifests/ingress.yaml

@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ghostfolio-ingress
+  namespace: monitoring
+spec:
+  ingressClassName: nginx-internal
+  rules:
+  - host: invest.entos
+    http:
+      paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: ghostfolio-svc
+              port:
+                number: 80

manifests/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: ghostfolio
+
+resources:
+  - namespace.yaml
+  - secrets.yaml
+  - database.yaml
+  - database-backup.yaml
+  - cache.yaml
+  - deployment.yaml
+  - service.yaml
+  - ingress.yaml

manifests/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ghostfolio

manifests/secrets.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ghostfolio-secrets
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://git.halis.io/athens-school/k3s-secrets
+    targetRevision: prod-migration
+    path: ghostfolio
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=false
+      - ApplyOutOfSyncOnly=true
+      - PruneLast=true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: ghostfolio

manifests/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+    name: ghostfolio-svc
+    namespace: ghostfolio
+    labels:
+      app.kubernetes.io/name: ghostfolio
+spec:
+    ports:
+        - name: http
+          port: 80
+          protocol: TCP
+          targetPort: 3333
+    selector:
+        app: ghostfolio