feat(vaultwarden): Migrate to its own repo for easier CD management

This commit is contained in:
Tanguy Herbron 2023-04-03 10:19:50 +02:00
parent f0e7189e94
commit 97b22346d9
8 changed files with 42 additions and 149 deletions

View File

@ -1,32 +1,33 @@
# K3s cluster # K3s cluster
| Name | Usage | Accessibility | Host | DB type | Additional data | Backup configuration | Loki integration | Prometheus integration | Secret management | Status | | Name | Usage | Accessibility | Host | DB type | Additional data | Backup configuration | Loki integration | Prometheus integration | Secret management | Status | Standalone migration |
|-------------------------|--------------------------------------|------------------|-------------------------|------------|----------------------|----------------------|------------------|------------------------|-------------------|-----------------------------------| |-------------------------|--------------------------------------|------------------|-------------------------|------------|----------------------|----------------------|------------------|------------------------|------------------------|-----------------------------------|----------------------|
| Traefik | Reverse proxy and load balancer | Public & Private | Socrates & Pythagoras-b | - | - | - | Configured | Configured | - | Completed<sup>5</sup> | | Traefik | Reverse proxy and load balancer | Public & Private | Socrates & Pythagoras-b | - | - | - | Configured | Configured | - | Completed<sup>5</sup> | Backbone |
| Vaultwarden | Password manager | Public | Pythagoras-b | MariaDB | - | 4AM K8s CronJob | Configured | Not available | - | Completed | | ArgoCD | Declarative GitOPS CD | Private | Pythagoras-b | - | - | - | Configured | Not configured | - | Partial | Backbone |
| Gitlab | Version control system | Public | Pythagoras-b | PostgreSQL | User created content | 5AM internal CronJob | Configured | Configured | Configured | Completed<sup>4</sup> | | Vaultwarden | Password manager | Public | Pythagoras-b | PostgreSQL | - | 4AM K8s CronJob | Configured | Not available | Configured | Completed | Completed |
| Radarr | Movie collection manager | Private | Plato | PostgreSQL | - | - | Configured | Configured | Configured | Completed | | Gitlab | Version control system | Public | Pythagoras-b | PostgreSQL | User created content | 5AM internal CronJob | Configured | Configured | Not configured | Partial<sup>4</sup> | Awaiting |
| Flaresolverr | Cloudflare proxy | Private | Plato | - | - | - | - | - | - | Completed | | Radarr | Movie collection manager | Private | Plato | PostgreSQL | - | - | Configured | Configured | Not configured | Partial | Awaiting |
| Prometheus | Metrics aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | - | Partial | | Flaresolverr | Cloudflare proxy | Private | Plato | - | - | - | - | - | - | Completed | Awaiting |
| Loki | Log aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | - | Partial | | Prometheus | Metrics aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | Not configured | Partial | Awaiting |
| Grafana | Graph visualizer | Public | Pythagoras-b | - | - | Not configured | Configured | Configured | Configured | Partial | | Loki | Log aggregator | Private | Pythagoras-b | TBD | - | Not configured | Configured | Configured | Not configured | Partial | Awaiting |
| Sonarr | TV shows collection manager | Private | Plato | SQLite | - | Not configured | Configured | Configured | Configured | Partial | | Grafana | Graph visualizer | Public | Pythagoras-b | - | - | Not configured | Configured | Configured | Configured | Partial | Awaiting |
| Prowlarr | Torrent indexer | Private | Plato | PostgreSQL | - | Not configured | Configured | Not available | Configured | Partial | | Sonarr | TV shows collection manager | Private | Plato | SQLite | - | Not configured | Configured | Configured | Not configured | Partial | Awaiting |
| Jellyfin | Media streaming | Public | Archimedes | SQLite** | - | - | Configured | Not configured | Not configured | Awaiting configuration | | Prowlarr | Torrent indexer | Private | Plato | PostgreSQL | - | Not configured | Configured | Not available | Not configured | Partial | Awaiting |
| Jellyseerr | Media requesting WebUI | Public | Pythagoras-b | - | - | - | Not configured | Not configured | Not configured | Awaiting configuration | | Jellyfin | Media streaming | Public | Archimedes | SQLite** | - | - | Configured | Configured | Configured<sup>6</sup> | Completed | Awaiting |
| Adguard | DNS ad blocker and custom DNS server | Private | Socrates | - | - | - | Not configured | Not configured | Not configured | Pending configuration<sup>1</sup> | | Jellyseerr | Media requesting WebUI | Public | Pythagoras-b | - | - | - | Not configured | Not available | Configured<sup>7</sup> | Awaiting configuration | Awaiting |
| Owncloud Infinity Scale | File hosting webUI | Public | Plato | ? | Drive files | Not configured | Configured | Not available | Not configured | Pending configuration<sup>2</sup> | | Adguard | DNS ad blocker and custom DNS server | Private | Socrates | - | - | - | Not configured | Not configured | Not configured | Pending configuration<sup>1</sup> | Awaiting |
| Synapse | Matrix server - Message centralizer | Public | Pythagoras-b | PostgreSQL | User medias | 4AM K8s CronJob | Configured | Configured | Not configured | Pending configuration<sup>3</sup> | | Owncloud Infinity Scale | File hosting webUI | Public | Plato | ? | Drive files | Not configured | Configured | Not available | Not configured | Pending configuration<sup>2</sup> | Awaiting |
| therbron.com | Personal website | Public | Socrates | - | - | - | Not configured | Not configured | - | Awaiting configuration | | Synapse | Matrix server - Message centralizer | Public | Pythagoras-b | PostgreSQL | User medias | 4AM K8s CronJob | Configured | Configured | Not configured | Pending configuration<sup>3</sup> | Awaiting |
| Home assistant | Home automation and monitoring | Private | Pythagoras-a | MariaDB | - | Not configured | Not configured | Not configured | Not configured | Awaiting configuration | | therbron.com | Personal website | Public | Socrates | - | - | - | Not configured | Not configured | - | Awaiting configuration | Awaiting |
| Vikunja | To-do and Kanban boards | Public | Pythagoras-b | - | - | - | Not configured | Not configured | - | Migrate to Gitlab | | Home assistant | Home automation and monitoring | Private | Pythagoras-a | MariaDB | - | Not configured | Not configured | Not configured | Not configured | Awaiting configuration | Awaiting |
| Wiki | Documentation manager | Public | Pythagoras-b | - | - | - | Not configured | Not configured | - | Migrate to VuePress and Gitlab | | Vikunja | To-do and Kanban boards | Public | Pythagoras-b | - | - | - | Not configured | Not configured | - | Migrate to Gitlab | Awaiting |
| PaperlessNG | PDF viewer and organiser | Public | Pythagoras-b | PostgreSQL | - | - | Not configured | Not configured | - | Research migration into OCIS | | Wiki | Documentation manager | Public | Pythagoras-b | - | - | - | Not configured | Not configured | - | Migrate to VuePress and Gitlab | Awaiting |
| Deluge | Torrent client | Private | Plato | - | <center> ? </center> | - | Not configured | Not configured | Not configured | Awaiting configuration | | PaperlessNG | PDF viewer and organiser | Public | Pythagoras-b | PostgreSQL | - | - | Not configured | Not configured | - | Research migration into OCIS | Awaiting |
| Minecraft | Vanilla minecraft server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | - | Awaiting configuration | | Deluge | Torrent client | Private | Plato | - | <center> ? </center> | - | Not configured | Not configured | Not configured | Awaiting configuration | Awaiting |
| Satisfactory | Satisfactory server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | - | Not needed for v1 | | Minecraft | Vanilla minecraft server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | - | Awaiting configuration | Awaiting |
| Space engineers | Space engineers server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | - | Not needed for v1 | | Satisfactory | Satisfactory server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | - | Not needed for v1 | Awaiting |
| Raspsnir | Bachelor memorial website | Public | Pythagoras-b | PostgreSQL | - | Not configured | Not configured | Not configured | - | Not needed for v1 | | Space engineers | Space engineers server for friends | Public | Archimedes | - | Game map | Not configured | Not configured | Not configured | - | Not needed for v1 | Awaiting |
| Raspsnir | Bachelor memorial website | Public | Pythagoras-b | PostgreSQL | - | Not configured | Not configured | Not configured | - | Not needed for v1 | Awaiting |
\* Configuration panel only available internally<br> \* Configuration panel only available internally<br>
** Current implementation only support SQLite, making manual backups a necessity<br> ** Current implementation only support SQLite, making manual backups a necessity<br>

14
apps/vaultwarden.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: vaultwarden
namespace: argocd
spec:
project: default
source:
repoURL: https://git.halia.dev/athens-school/bitwarden.git
targetRevision: k3s
path: manifests
destination:
server: https://kubernetes.default.svc
namespace: vaultwarden

View File

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: vaultwarden-backup-pvc
namespace: vaultwarden
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: flat-storage-class

View File

@ -1,25 +0,0 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: backup-job
namespace: vaultwarden
spec:
schedule: "0 4 * * *" # Every day at 4AM
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
containers:
- name: maria-backup
image: mariadb
command: ["sh", "-c", "/usr/bin/mysqldump -h vaultwarden-svc.vaultwarden.svc.cluster.local -u root -pexample vaultwarden > /backup/vaultwarden/backup-$(date +'%H_%M-%d_%m_%Y').sql"]
volumeMounts:
- name: vaultwarden-backup
mountPath: /backup/vaultwarden
subPath: vaultwarden
volumes:
- name: vaultwarden-backup
persistentVolumeClaim:
claimName: vaultwarden-backup-pvc
restartPolicy: OnFailure

View File

@ -1,41 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: vaultwarden
namespace: vaultwarden
spec:
replicas: 1
selector:
matchLabels:
app: vaultwarden
template:
metadata:
labels:
app: vaultwarden
spec:
hostname: vaultwarden
subdomain: vaultwarden
containers:
- name: vaultwarden
image: vaultwarden/server
ports:
- containerPort: 80
env:
- name: SIGNUPS_ALLOWED
value: "true"
- name: DATABASE_URL
value: "mysql://root:example@127.0.0.1:3306/vaultwarden"
- name: mariadb
image: mariadb
env:
- name: MARIADB_ROOT_PASSWORD
value: "example"
- name: MARIADB_DATABASE
value: "vaultwarden"
volumeMounts:
- mountPath: "/var/lib/mysql"
name: vaultwarden-pv
volumes:
- name: vaultwarden-pv
hostPath:
path: "/mnt/vaultwarden"

View File

@ -1,23 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: vaultwarden-ingress
namespace: vaultwarden
annotations:
kubernetes.io/ingress.class: "traefik"
spec:
tls:
- secretName: vaultwarden-beta-tls
hosts:
- bitwarden.beta.halia.dev
rules:
- host: bitwarden.beta.halia.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: vaultwarden-svc
port:
number: 80

View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: vaultwarden

View File

@ -1,17 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: vaultwarden-svc
namespace: vaultwarden
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
- name: db
port: 3306
protocol: TCP
targetPort: 3306
selector:
app: vaultwarden