From 188f627413f0884e61b047f0f51caa834527684c Mon Sep 17 00:00:00 2001 From: Tanguy Herbron Date: Mon, 24 Feb 2025 23:29:54 +0100 Subject: [PATCH] feat: Initial commit --- README.md | 0 manifests/database-backup.yaml | 10 ++++++ manifests/database.yaml | 53 ++++++++++++++++++++++++++++++++ manifests/deployment.yaml | 56 ++++++++++++++++++++++++++++++++++ manifests/ingress.yaml | 29 ++++++++++++++++++ manifests/kustomization.yaml | 12 ++++++++ manifests/namespace.yaml | 4 +++ manifests/pvc.yaml | 15 +++++++++ manifests/redis-service.yaml | 15 +++++++++ manifests/secrets.yaml | 22 +++++++++++++ manifests/service.yaml | 15 +++++++++ 11 files changed, 231 insertions(+) create mode 100644 README.md create mode 100644 manifests/database-backup.yaml create mode 100644 manifests/database.yaml create mode 100644 manifests/deployment.yaml create mode 100644 manifests/ingress.yaml create mode 100644 manifests/kustomization.yaml create mode 100644 manifests/namespace.yaml create mode 100644 manifests/pvc.yaml create mode 100644 manifests/redis-service.yaml create mode 100644 manifests/secrets.yaml create mode 100644 manifests/service.yaml diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/manifests/database-backup.yaml b/manifests/database-backup.yaml new file mode 100644 index 0000000..b9c7477 --- /dev/null +++ b/manifests/database-backup.yaml @@ -0,0 +1,10 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: ScheduledBackup +metadata: + name: paperless-db-backup + namespace: paperless +spec: + schedule: "0 0 0 * * *" + backupOwnerReference: self + cluster: + name: paperless-db diff --git a/manifests/database.yaml b/manifests/database.yaml new file mode 100644 index 0000000..8cd70b0 --- /dev/null +++ b/manifests/database.yaml @@ -0,0 +1,53 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: paperless-db + namespace: paperless + +spec: + imageName: ghcr.io/cloudnative-pg/postgresql:17.2 + instances: 3 + + storage: + size: 1Gi + storageClass: local-path + + bootstrap: + initdb: + database: paperless + owner: paperless + secret: + name: paperless-db + + postgresql: + pg_hba: + - host all all all md5 + + backup: + barmanObjectStore: + destinationPath: "s3://halis/cloudnativepg" + endpointURL: https://s3.halia.dev + s3Credentials: + accessKeyId: + name: s3-secret + key: AWS_ACCESS_KEY_ID + secretAccessKey: + name: s3-secret + key: AWS_SECRET_ACCESS_KEY + region: + name: s3-secret + key: AWS_REGION + wal: + compression: gzip + maxParallel: 8 + + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + + monitoring: + enablePodMonitor: true diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml new file mode 100644 index 0000000..861696b --- /dev/null +++ b/manifests/deployment.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: paperless + namespace: paperless +spec: + replicas: 1 + selector: + matchLabels: + app: paperless + template: + metadata: + labels: + app: paperless + spec: + containers: + - name: paperless + image: paperlessngx/paperless-ngx:2.14.7 + ports: + - containerPort: 8000 + env: + - name: PAPERLESS_URL + value: "https://paper.halis.io" + - name: PAPERLESS_DBENGINE + value: "postgresql" + - name: PAPERLESS_DBHOST + value: "paperless-db-rw.paperless.svc.cluster.local" + - name: PAPERLESS_DBUSER + valueFrom: + secretKeyRef: + name: paperless-db + key: username + - name: PAPERLESS_DBPASS + valueFrom: + secretKeyRef: + name: paperless-db + key: password + - name: PAPERLESS_REDIS + value: "redis://redis-svc.paperless.svc.cluster.local:6379" + - name: PAPERLESS_DATA_DIR + value: "/volume/data" + - name: PAPERLESS_MEDIA_ROOT + value: "/volume/media" + - name: PAPERLESS_CONSUMPTION_DIR + value: "/volume/consume" + volumeMounts: + - mountPath: "/volume" + name: paperless-data + - name: redis + image: redis:7.4.2 + ports: + - containerPort: 6379 + volumes: + - name: paperless-data + persistentVolumeClaim: + claimName: paperless-pvc diff --git a/manifests/ingress.yaml b/manifests/ingress.yaml new file mode 100644 index 0000000..7272a0b --- /dev/null +++ b/manifests/ingress.yaml @@ -0,0 +1,29 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: paperless-ingress + namespace: paperless + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + kubernetes.io/ingress.class: nginx-external + acme.cert-manager.io/http01-edit-in-place: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" +spec: + tls: + - hosts: + - paper.halis.io + secretName: paper-halis-io-tls + ingressClassName: nginx-external + rules: + - host: paper.halis.io + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: paperless-svc + port: + number: 80 diff --git a/manifests/kustomization.yaml b/manifests/kustomization.yaml new file mode 100644 index 0000000..244bb23 --- /dev/null +++ b/manifests/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - namespace.yaml + - secrets.yaml + - database.yaml + - database-backup.yaml + - service.yaml + - ingress.yaml + - pvc.yaml + - deployment.yaml diff --git a/manifests/namespace.yaml b/manifests/namespace.yaml new file mode 100644 index 0000000..37ad102 --- /dev/null +++ b/manifests/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: paperless diff --git a/manifests/pvc.yaml b/manifests/pvc.yaml new file mode 100644 index 0000000..1a48a50 --- /dev/null +++ b/manifests/pvc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: paperless-pvc + namespace: paperless + labels: + recurring-job.longhorn.io/source: enabled + recurring-job-group.longhorn.io/standard-pvc: enabled +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: redundant-storage-class diff --git a/manifests/redis-service.yaml b/manifests/redis-service.yaml new file mode 100644 index 0000000..b11cd7b --- /dev/null +++ b/manifests/redis-service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: redis-svc + namespace: paperless + labels: + app.kubernetes.io/name: paperless +spec: + ports: + - name: http + port: 6379 + protocol: TCP + targetPort: 6379 + selector: + app: paperless diff --git a/manifests/secrets.yaml b/manifests/secrets.yaml new file mode 100644 index 0000000..e298581 --- /dev/null +++ b/manifests/secrets.yaml @@ -0,0 +1,22 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: paperless-secrets + namespace: argocd +spec: + project: default + source: + repoURL: https://git.halis.io/athens-school/k3s-secrets + targetRevision: prod-migration + path: paperless + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=false + - ApplyOutOfSyncOnly=true + - PruneLast=true + destination: + server: https://kubernetes.default.svc + namespace: paperless diff --git a/manifests/service.yaml b/manifests/service.yaml new file mode 100644 index 0000000..df3402d --- /dev/null +++ b/manifests/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: paperless-svc + namespace: paperless + labels: + app.kubernetes.io/name: paperless +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8000 + selector: + app: paperless