feat: Initial commit

docker-compose.yml

@@ -0,0 +1,42 @@
+version: "3.7"
+services:
+  mealie:
+    image: ghcr.io/mealie-recipes/mealie:v1.2.0 # 
+    container_name: mealie
+    ports:
+        - "9000:9000"
+    deploy:
+      resources:
+        limits:
+          memory: 1000M
+    depends_on:
+      - postgres
+    volumes:
+      - ./data/mealie:/app/data/
+    environment:
+    # Set Backend ENV Variables Here
+      - ALLOW_SIGNUP=false
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Copenhagen
+      - MAX_WORKERS=1
+      - WEB_CONCURRENCY=1
+      - BASE_URL=https://recipes.halis.io
+    # Database Settings
+      - DB_ENGINE=postgres
+      - POSTGRES_USER=mealie
+      - POSTGRES_PASSWORD=password
+      - POSTGRES_SERVER=postgres
+      - POSTGRES_PORT=5432
+      - POSTGRES_DB=mealie
+    restart: unless-stopped
+
+  postgres:
+    container_name: postgres
+    image: postgres:15
+    restart: unless-stopped
+    volumes:
+      - ./data/db:/var/lib/postgresql/data
+    environment:
+      POSTGRES_PASSWORD: password
+      POSTGRES_USER: mealie

manifests/database-backup.yaml

@@ -0,0 +1,10 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: ScheduledBackup
+metadata:
+  name: mealie-db-backup
+  namespace: mealie
+spec:
+  schedule: "0 0 0 * * *"
+  backupOwnerReference: self
+  cluster:
+    name: mealie-db

manifests/database.yaml

@@ -0,0 +1,53 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: mealie-db
+  namespace: mealie
+
+spec:
+  imageName: ghcr.io/cloudnative-pg/postgresql:15.3
+  instances: 3
+
+  storage:
+    size: 1Gi
+    storageClass: local-path
+
+  bootstrap:
+    initdb:
+      database: mealie
+      owner: mealie
+      secret:
+        name: mealie-db
+
+  postgresql:
+    pg_hba:
+      - host all all all md5
+
+  backup:
+    barmanObjectStore:
+      destinationPath: "s3://halis/cloudnativepg"
+      endpointURL: https://s3.halia.dev
+      s3Credentials:
+        accessKeyId:
+          name: s3-secret
+          key: AWS_ACCESS_KEY_ID
+        secretAccessKey:
+          name: s3-secret
+          key: AWS_SECRET_ACCESS_KEY
+        region:
+          name: s3-secret
+          key: AWS_REGION
+      wal:
+        compression: gzip
+        maxParallel: 8
+
+  resources:
+    requests:
+      cpu: 100m
+      memory: 100Mi
+    limits:
+      cpu: 500m
+      memory: 500Mi
+
+  monitoring:
+    enablePodMonitor: true

manifests/deployment.yaml

@@ -0,0 +1,58 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+    name: mealie
+    namespace: mealie
+spec:
+    replicas: 1
+    selector:
+        matchLabels:
+            app: mealie
+    template:
+        metadata:
+            labels:
+                app: mealie
+        spec:
+            containers:
+              - name: mealie
+                image: ghcr.io/mealie-recipes/mealie:v1.2.0
+                ports:
+                  - containerPort: 9000
+                env:
+                  - name: ALLOW_SIGNUP
+                    value: "false"
+                  - name: PUID
+                    value: "1000"
+                  - name: PGID
+                    value: "1000"
+                  - name: TZ
+                    value: "Europe/Copenhagen"
+                  - name: MAX_WORKERS
+                    value: "1"
+                  - name: WEB_CONCURRENCY
+                    value: "1"
+                  - name: BASE_URL
+                    value: "https://recipes.halis.io"
+                  - name: DB_ENGINE
+                    value: "postgres"
+                  - name: POSTGRES_SERVER
+                    value: "mealie-db-rw.mealie.svc.cluster.local"
+                  - name: POSTGRES_DB
+                    value: "mealie"
+                  - name: POSTGRES_USER
+                    valueFrom:
+                      secretKeyRef:
+                        name: mealie-db
+                        key: username
+                  - name: POSTGRES_PASSWORD
+                    valueFrom:
+                      secretKeyRef:
+                        name: mealie-db
+                        key: password
+                volumeMounts:
+                  - mountPath: "/app/data"
+                    name: mealie-data
+            volumes:
+              - name: mealie-data
+                persistentVolumeClaim:
+                  claimName: mealie-pvc

manifests/ingress.yaml

@@ -0,0 +1,29 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: mealie-ingress
+  namespace: mealie
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+    kubernetes.io/ingress.class: nginx-external
+    acme.cert-manager.io/http01-edit-in-place: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+spec:
+  tls:
+  - hosts:
+    - recipes.halis.io
+    secretName: recipes-halis-io-tls
+  ingressClassName: nginx-external
+  rules:
+  - host: recipes.halis.io
+    http:
+      paths:
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: mealie-svc
+              port:
+                number: 80

manifests/kustomization.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+  - secrets.yaml
+  - database.yaml
+  - database-backup.yaml
+  - service.yaml
+  - ingress.yaml
+  - pvc.yaml
+  - deployment.yaml

manifests/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: mealie

manifests/pvc.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mealie-pvc
+  namespace: mealie
+  labels:
+    recurring-job.longhorn.io/source: enabled
+    recurring-job-group.longhorn.io/standard-pvc: enabled
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: redundant-storage-class

manifests/secrets.yaml

@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: mealie-secrets
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://git.halis.io/athens-school/k3s-secrets
+    targetRevision: prod-migration
+    path: mealie
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=false
+      - ApplyOutOfSyncOnly=true
+      - PruneLast=true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: mealie

manifests/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+    name: mealie-svc
+    namespace: mealie
+    labels:
+      app.kubernetes.io/name: mealie
+spec:
+    ports:
+        - name: http
+          port: 80
+          protocol: TCP
+          targetPort: 9000
+    selector:
+        app: mealie