From 97b22346d964dd41abd62ef75831611b7d291821 Mon Sep 17 00:00:00 2001 From: Tanguy Herbron Date: Mon, 3 Apr 2023 10:19:50 +0200 Subject: [PATCH] feat(vaultwarden): Migrate to its own repo for easier CD management --- README.md | 55 +++++++++++++++++++------------------ apps/vaultwarden.yaml | 14 ++++++++++ vaultwarden/backup-pvc.yaml | 12 -------- vaultwarden/cronjob.yaml | 25 ----------------- vaultwarden/deployment.yaml | 41 --------------------------- vaultwarden/ingress.yaml | 23 ---------------- vaultwarden/namespace.yaml | 4 --- vaultwarden/service.yaml | 17 ------------ 8 files changed, 42 insertions(+), 149 deletions(-) create mode 100644 apps/vaultwarden.yaml delete mode 100644 vaultwarden/backup-pvc.yaml delete mode 100644 vaultwarden/cronjob.yaml delete mode 100644 vaultwarden/deployment.yaml delete mode 100644 vaultwarden/ingress.yaml delete mode 100644 vaultwarden/namespace.yaml delete mode 100644 vaultwarden/service.yaml diff --git a/README.md b/README.md index 368ef77..ef0fa8b 100644 --- a/README.md +++ b/README.md @@ -1,32 +1,33 @@ # K3s cluster -| Name | Usage | Accessibility | Host | DB type | Additional data | Backup configuration | Loki integration | Prometheus integration | Secret management | Status | -|-------------------------|--------------------------------------|------------------|-------------------------|------------|----------------------|----------------------|------------------|------------------------|-------------------|-----------------------------------| -| Traefik | Reverse proxy and load balancer | Public & Private | Socrates & Pythagoras-b | - | - | - | Configured | Configured | - | Completed5 | -| Vaultwarden | Password manager | Public | Pythagoras-b | MariaDB | - | 4AM K8s CronJob | Configured | Not available | - | Completed | -| Gitlab | Version control system | Public | Pythagoras-b | PostgreSQL | User created content | 5AM internal CronJob | Configured | Configured | Configured | Completed4 | -| Radarr | Movie collection manager | Private | Plato | PostgreSQL | - | - | Configured | Configured | Configured | Completed | -| Flaresolverr | Cloudflare proxy | Private | Plato | - | - | - | - | - | - | Completed | -| Prometheus | Metrics aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | - | Partial | -| Loki | Log aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | - | Partial | -| Grafana | Graph visualizer | Public | Pythagoras-b | - | - | Not configured | Configured | Configured | Configured | Partial | -| Sonarr | TV shows collection manager | Private | Plato | SQLite | - | Not configured | Configured | Configured | Configured | Partial | -| Prowlarr | Torrent indexer | Private | Plato | PostgreSQL | - | Not configured | Configured | Not available | Configured | Partial | -| Jellyfin | Media streaming | Public | Archimedes | SQLite** | - | - | Configured | Not configured | Not configured | Awaiting configuration | -| Jellyseerr | Media requesting WebUI | Public | Pythagoras-b | - | - | - | Not configured | Not configured | Not configured | Awaiting configuration | -| Adguard | DNS ad blocker and custom DNS server | Private | Socrates | - | - | - | Not configured | Not configured | Not configured | Pending configuration1 | -| Owncloud Infinity Scale | File hosting webUI | Public | Plato | ? | Drive files | Not configured | Configured | Not available | Not configured | Pending configuration2 | -| Synapse | Matrix server - Message centralizer | Public | Pythagoras-b | PostgreSQL | User medias | 4AM K8s CronJob | Configured | Configured | Not configured | Pending configuration3 | -| therbron.com | Personal website | Public | Socrates | - | - | - | Not configured | Not configured | - | Awaiting configuration | -| Home assistant | Home automation and monitoring | Private | Pythagoras-a | MariaDB | - | Not configured | Not configured | Not configured | Not configured | Awaiting configuration | -| Vikunja | To-do and Kanban boards | Public | Pythagoras-b | - | - | - | Not configured | Not configured | - | Migrate to Gitlab | -| Wiki | Documentation manager | Public | Pythagoras-b | - | - | - | Not configured | Not configured | - | Migrate to VuePress and Gitlab | -| PaperlessNG | PDF viewer and organiser | Public | Pythagoras-b | PostgreSQL | - | - | Not configured | Not configured | - | Research migration into OCIS | -| Deluge | Torrent client | Private | Plato | - |
?
| - | Not configured | Not configured | Not configured | Awaiting configuration | -| Minecraft | Vanilla minecraft server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | - | Awaiting configuration | -| Satisfactory | Satisfactory server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | - | Not needed for v1 | -| Space engineers | Space engineers server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | - | Not needed for v1 | -| Raspsnir | Bachelor memorial website | Public | Pythagoras-b | PostgreSQL | - | Not configured | Not configured | Not configured | - | Not needed for v1 | +| Name | Usage | Accessibility | Host | DB type | Additional data | Backup configuration | Loki integration | Prometheus integration | Secret management | Status | Standalone migration | +|-------------------------|--------------------------------------|------------------|-------------------------|------------|----------------------|----------------------|------------------|------------------------|------------------------|-----------------------------------|----------------------| +| Traefik | Reverse proxy and load balancer | Public & Private | Socrates & Pythagoras-b | - | - | - | Configured | Configured | - | Completed5 | Backbone | +| ArgoCD | Declarative GitOPS CD | Private | Pythagoras-b | - | - | - | Configured | Not configured | - | Partial | Backbone | +| Vaultwarden | Password manager | Public | Pythagoras-b | PostgreSQL | - | 4AM K8s CronJob | Configured | Not available | Configured | Completed | Completed | +| Gitlab | Version control system | Public | Pythagoras-b | PostgreSQL | User created content | 5AM internal CronJob | Configured | Configured | Not configured | Partial4 | Awaiting | +| Radarr | Movie collection manager | Private | Plato | PostgreSQL | - | - | Configured | Configured | Not configured | Partial | Awaiting | +| Flaresolverr | Cloudflare proxy | Private | Plato | - | - | - | - | - | - | Completed | Awaiting | +| Prometheus | Metrics aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | Not configured | Partial | Awaiting | +| Loki | Log aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | Not configured | Partial | Awaiting | +| Grafana | Graph visualizer | Public | Pythagoras-b | - | - | Not configured | Configured | Configured | Configured | Partial | Awaiting | +| Sonarr | TV shows collection manager | Private | Plato | SQLite | - | Not configured | Configured | Configured | Not configured | Partial | Awaiting | +| Prowlarr | Torrent indexer | Private | Plato | PostgreSQL | - | Not configured | Configured | Not available | Not configured | Partial | Awaiting | +| Jellyfin | Media streaming | Public | Archimedes | SQLite** | - | - | Configured | Configured | Configured6 | Completed | Awaiting | +| Jellyseerr | Media requesting WebUI | Public | Pythagoras-b | - | - | - | Not configured | Not available | Configured7 | Awaiting configuration | Awaiting | +| Adguard | DNS ad blocker and custom DNS server | Private | Socrates | - | - | - | Not configured | Not configured | Not configured | Pending configuration1 | Awaiting | +| Owncloud Infinity Scale | File hosting webUI | Public | Plato | ? | Drive files | Not configured | Configured | Not available | Not configured | Pending configuration2 | Awaiting | +| Synapse | Matrix server - Message centralizer | Public | Pythagoras-b | PostgreSQL | User medias | 4AM K8s CronJob | Configured | Configured | Not configured | Pending configuration3 | Awaiting | +| therbron.com | Personal website | Public | Socrates | - | - | - | Not configured | Not configured | - | Awaiting configuration | Awaiting | +| Home assistant | Home automation and monitoring | Private | Pythagoras-a | MariaDB | - | Not configured | Not configured | Not configured | Not configured | Awaiting configuration | Awaiting | +| Vikunja | To-do and Kanban boards | Public | Pythagoras-b | - | - | - | Not configured | Not configured | - | Migrate to Gitlab | Awaiting | +| Wiki | Documentation manager | Public | Pythagoras-b | - | - | - | Not configured | Not configured | - | Migrate to VuePress and Gitlab | Awaiting | +| PaperlessNG | PDF viewer and organiser | Public | Pythagoras-b | PostgreSQL | - | - | Not configured | Not configured | - | Research migration into OCIS | Awaiting | +| Deluge | Torrent client | Private | Plato | - |
?
| - | Not configured | Not configured | Not configured | Awaiting configuration | Awaiting | +| Minecraft | Vanilla minecraft server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | - | Awaiting configuration | Awaiting | +| Satisfactory | Satisfactory server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | - | Not needed for v1 | Awaiting | +| Space engineers | Space engineers server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | - | Not needed for v1 | Awaiting | +| Raspsnir | Bachelor memorial website | Public | Pythagoras-b | PostgreSQL | - | Not configured | Not configured | Not configured | - | Not needed for v1 | Awaiting | \* Configuration panel only available internally
** Current implementation only support SQLite, making manual backups a necessity
diff --git a/apps/vaultwarden.yaml b/apps/vaultwarden.yaml new file mode 100644 index 0000000..26b728d --- /dev/null +++ b/apps/vaultwarden.yaml @@ -0,0 +1,14 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: vaultwarden + namespace: argocd +spec: + project: default + source: + repoURL: https://git.halia.dev/athens-school/bitwarden.git + targetRevision: k3s + path: manifests + destination: + server: https://kubernetes.default.svc + namespace: vaultwarden diff --git a/vaultwarden/backup-pvc.yaml b/vaultwarden/backup-pvc.yaml deleted file mode 100644 index f9f7ff9..0000000 --- a/vaultwarden/backup-pvc.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: vaultwarden-backup-pvc - namespace: vaultwarden -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: flat-storage-class diff --git a/vaultwarden/cronjob.yaml b/vaultwarden/cronjob.yaml deleted file mode 100644 index bf82b93..0000000 --- a/vaultwarden/cronjob.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: batch/v1 -kind: CronJob -metadata: - name: backup-job - namespace: vaultwarden -spec: - schedule: "0 4 * * *" # Every day at 4AM - concurrencyPolicy: Forbid - jobTemplate: - spec: - template: - spec: - containers: - - name: maria-backup - image: mariadb - command: ["sh", "-c", "/usr/bin/mysqldump -h vaultwarden-svc.vaultwarden.svc.cluster.local -u root -pexample vaultwarden > /backup/vaultwarden/backup-$(date +'%H_%M-%d_%m_%Y').sql"] - volumeMounts: - - name: vaultwarden-backup - mountPath: /backup/vaultwarden - subPath: vaultwarden - volumes: - - name: vaultwarden-backup - persistentVolumeClaim: - claimName: vaultwarden-backup-pvc - restartPolicy: OnFailure diff --git a/vaultwarden/deployment.yaml b/vaultwarden/deployment.yaml deleted file mode 100644 index 22f6773..0000000 --- a/vaultwarden/deployment.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: vaultwarden - namespace: vaultwarden -spec: - replicas: 1 - selector: - matchLabels: - app: vaultwarden - template: - metadata: - labels: - app: vaultwarden - spec: - hostname: vaultwarden - subdomain: vaultwarden - containers: - - name: vaultwarden - image: vaultwarden/server - ports: - - containerPort: 80 - env: - - name: SIGNUPS_ALLOWED - value: "true" - - name: DATABASE_URL - value: "mysql://root:example@127.0.0.1:3306/vaultwarden" - - name: mariadb - image: mariadb - env: - - name: MARIADB_ROOT_PASSWORD - value: "example" - - name: MARIADB_DATABASE - value: "vaultwarden" - volumeMounts: - - mountPath: "/var/lib/mysql" - name: vaultwarden-pv - volumes: - - name: vaultwarden-pv - hostPath: - path: "/mnt/vaultwarden" diff --git a/vaultwarden/ingress.yaml b/vaultwarden/ingress.yaml deleted file mode 100644 index 65b24f3..0000000 --- a/vaultwarden/ingress.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: vaultwarden-ingress - namespace: vaultwarden - annotations: - kubernetes.io/ingress.class: "traefik" -spec: - tls: - - secretName: vaultwarden-beta-tls - hosts: - - bitwarden.beta.halia.dev - rules: - - host: bitwarden.beta.halia.dev - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: vaultwarden-svc - port: - number: 80 diff --git a/vaultwarden/namespace.yaml b/vaultwarden/namespace.yaml deleted file mode 100644 index 6fc17a5..0000000 --- a/vaultwarden/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: vaultwarden diff --git a/vaultwarden/service.yaml b/vaultwarden/service.yaml deleted file mode 100644 index a651a30..0000000 --- a/vaultwarden/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: vaultwarden-svc - namespace: vaultwarden -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 80 - - name: db - port: 3306 - protocol: TCP - targetPort: 3306 - selector: - app: vaultwarden