From e478bb301ddeb7c95e9f2c94fc821f88c0837545 Mon Sep 17 00:00:00 2001
From: Tanguy Herbron <tanguy.herbron@outlook.com>
Date: Wed, 19 Feb 2025 15:09:56 +0100
Subject: [PATCH] feat: Initial commit

---
 README.md                      |  0
 manifests/cache.yaml           | 19 ++++++++++++
 manifests/database-backup.yaml | 10 +++++++
 manifests/database.yaml        | 53 ++++++++++++++++++++++++++++++++++
 manifests/deployment.yaml      | 46 +++++++++++++++++++++++++++++
 manifests/ingress.yaml         | 18 ++++++++++++
 manifests/kustomization.yaml   | 13 +++++++++
 manifests/namespace.yaml       |  4 +++
 manifests/secrets.yaml         | 24 +++++++++++++++
 manifests/service.yaml         | 15 ++++++++++
 10 files changed, 202 insertions(+)
 create mode 100644 README.md
 create mode 100644 manifests/cache.yaml
 create mode 100644 manifests/database-backup.yaml
 create mode 100644 manifests/database.yaml
 create mode 100644 manifests/deployment.yaml
 create mode 100644 manifests/ingress.yaml
 create mode 100644 manifests/kustomization.yaml
 create mode 100644 manifests/namespace.yaml
 create mode 100644 manifests/secrets.yaml
 create mode 100644 manifests/service.yaml

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e69de29
diff --git a/manifests/cache.yaml b/manifests/cache.yaml
new file mode 100644
index 0000000..21ff9c8
--- /dev/null
+++ b/manifests/cache.yaml
@@ -0,0 +1,19 @@
+apiVersion: dragonflydb.io/v1alpha1
+kind: Dragonfly
+metadata:
+  name: ghostfolio-cache
+  namespace: ghostfolio
+spec:
+  replicas: 3
+  authentication:
+    passwordFromSecret:
+      name: ghostfolio-secrets
+      key: DRAGONFLY_PASSWORD
+  resources:
+    requests:
+      cpu: 500m
+      memory: 500Mi
+    limits:
+      cpu: 600m
+      memory: 750Mi
+
diff --git a/manifests/database-backup.yaml b/manifests/database-backup.yaml
new file mode 100644
index 0000000..ff082fb
--- /dev/null
+++ b/manifests/database-backup.yaml
@@ -0,0 +1,10 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: ScheduledBackup
+metadata:
+  name: ghostfolio-db-backup
+  namespace: ghostfolio
+spec:
+  schedule: "0 0 0 * * *"
+  backupOwnerReference: self
+  cluster:
+    name: ghostfolio-db
diff --git a/manifests/database.yaml b/manifests/database.yaml
new file mode 100644
index 0000000..9d2e77c
--- /dev/null
+++ b/manifests/database.yaml
@@ -0,0 +1,53 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: ghostfolio-db
+  namespace: ghostfolio
+
+spec:
+  imageName: ghcr.io/cloudnative-pg/postgresql:17.2
+  instances: 3
+
+  storage:
+    size: 1Gi
+    storageClass: local-path
+
+  bootstrap:
+    initdb:
+      database: ghostfolio
+      owner: ghostfolio
+      secret:
+        name: ghostfolio-db
+
+  postgresql:
+    pg_hba:
+      - host all all all md5
+
+  backup:
+    barmanObjectStore:
+      destinationPath: "s3://halis/cloudnativepg"
+      endpointURL: https://s3.halia.dev
+      s3Credentials:
+        accessKeyId:
+          name: s3-secret
+          key: AWS_ACCESS_KEY_ID
+        secretAccessKey:
+          name: s3-secret
+          key: AWS_SECRET_ACCESS_KEY
+        region:
+          name: s3-secret
+          key: AWS_REGION
+      wal:
+        compression: gzip
+        maxParallel: 8
+
+  resources:
+    requests:
+      cpu: 100m
+      memory: 100Mi
+    limits:
+      cpu: 500m
+      memory: 500Mi
+
+  monitoring:
+    enablePodMonitor: true
diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml
new file mode 100644
index 0000000..69ffdae
--- /dev/null
+++ b/manifests/deployment.yaml
@@ -0,0 +1,46 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+    name: ghostfolio
+    namespace: ghostfolio
+spec:
+    replicas: 1
+    selector:
+        matchLabels:
+            app: ghostfolio
+    template:
+        metadata:
+            labels:
+                app: ghostfolio
+        spec:
+            hostname: ghostfolio
+            subdomain: ghostfolio
+            containers:
+              - name: ghostfolio
+                image: ghostfolio/ghostfolio:2.139.1
+                ports:
+                  - containerPort: 3333
+                env:
+                  - name: DB_USER
+                    valueFrom:
+                      secretKeyRef:
+                        name: ghostfolio-db
+                        key: username
+                  - name: DB_PASSWORD
+                    valueFrom:
+                      secretKeyRef:
+                        name: ghostfolio-db
+                        key: password
+                  - name: DATABASE_URL
+                    value: "postgresql://$(DB_USER):$(DB_PASSWORD)@ghostfolio-db-rw.ghostfolio.svc.cluster.local:5432/ghostfolio"
+                  - name: NODE_ENV
+                    value: production
+                  - name: REDIS_HOST
+                    value: ghostfolio-cache.ghostfolio.svc.cluster.local
+                  - name: REDIS_PORT
+                    value: "6379"
+                  - name: REDIS_PASSWORD
+                    valueFrom:
+                      secretKeyRef:
+                        name: ghostfolio-secrets
+                        key: DRAGONFLY_PASSWORD
diff --git a/manifests/ingress.yaml b/manifests/ingress.yaml
new file mode 100644
index 0000000..a9c63f2
--- /dev/null
+++ b/manifests/ingress.yaml
@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ghostfolio-ingress
+  namespace: monitoring
+spec:
+  ingressClassName: nginx-internal
+  rules:
+  - host: invest.entos
+    http:
+      paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: ghostfolio-svc
+              port:
+                number: 80
diff --git a/manifests/kustomization.yaml b/manifests/kustomization.yaml
new file mode 100644
index 0000000..757bd28
--- /dev/null
+++ b/manifests/kustomization.yaml
@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: ghostfolio
+
+resources:
+  - namespace.yaml
+  - secrets.yaml
+  - database.yaml
+  - database-backup.yaml
+  - cache.yaml
+  - deployment.yaml
+  - service.yaml
+  - ingress.yaml
diff --git a/manifests/namespace.yaml b/manifests/namespace.yaml
new file mode 100644
index 0000000..60de681
--- /dev/null
+++ b/manifests/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ghostfolio
diff --git a/manifests/secrets.yaml b/manifests/secrets.yaml
new file mode 100644
index 0000000..5592b6d
--- /dev/null
+++ b/manifests/secrets.yaml
@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ghostfolio-secrets
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://git.halis.io/athens-school/k3s-secrets
+    targetRevision: prod-migration
+    path: ghostfolio
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=false
+      - ApplyOutOfSyncOnly=true
+      - PruneLast=true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: ghostfolio
diff --git a/manifests/service.yaml b/manifests/service.yaml
new file mode 100644
index 0000000..8f391f2
--- /dev/null
+++ b/manifests/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+    name: ghostfolio-svc
+    namespace: ghostfolio
+    labels:
+      app.kubernetes.io/name: ghostfolio
+spec:
+    ports:
+        - name: http
+          port: 80
+          protocol: TCP
+          targetPort: 3333
+    selector:
+        app: ghostfolio