From 7deb49d32d83da82ddcf5dba2f3273db360f62bd Mon Sep 17 00:00:00 2001 From: Cocopops16 Date: Sun, 23 Mar 2025 12:39:28 +0100 Subject: [PATCH] first commit --- .gitignore | 3 ++ contact-form/contact-form-deployment.yaml | 20 ++++++++ contact-form/contact-form-service.yaml | 11 +++++ gitea/values.yaml | 13 +++++ haproxy/ingress.yaml | 37 ++++++++++++++ haproxy/issuer.yaml | 18 +++++++ haproxy/sticky-ingress.yaml | 28 +++++++++++ keycloak/keycloak-crd.yaml | 32 ++++++++++++ keycloak/keycloak-deployment.yaml | 37 ++++++++++++++ keycloak/keycloak-service.yaml | 12 +++++ keycloak/postgres/db-backup-cron.yaml | 59 +++++++++++++++++++++++ keycloak/postgres/db-deployment.yaml | 32 ++++++++++++ keycloak/postgres/db-service.yaml | 12 +++++ keycloak/postgres/db-volume-claim.yaml | 11 +++++ nginx/mywebsite-deployment.yaml | 20 ++++++++ nginx/mywebsite-service.yaml | 11 +++++ 16 files changed, 356 insertions(+) create mode 100644 .gitignore create mode 100644 contact-form/contact-form-deployment.yaml create mode 100644 contact-form/contact-form-service.yaml create mode 100644 gitea/values.yaml create mode 100644 haproxy/ingress.yaml create mode 100644 haproxy/issuer.yaml create mode 100644 haproxy/sticky-ingress.yaml create mode 100644 keycloak/keycloak-crd.yaml create mode 100644 keycloak/keycloak-deployment.yaml create mode 100644 keycloak/keycloak-service.yaml create mode 100644 keycloak/postgres/db-backup-cron.yaml create mode 100644 keycloak/postgres/db-deployment.yaml create mode 100644 keycloak/postgres/db-service.yaml create mode 100644 keycloak/postgres/db-volume-claim.yaml create mode 100644 nginx/mywebsite-deployment.yaml create mode 100644 nginx/mywebsite-service.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..13f1c6a --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +sealed-secrets +closed_projects +registry \ No newline at end of file diff --git a/contact-form/contact-form-deployment.yaml b/contact-form/contact-form-deployment.yaml new file mode 100644 index 0000000..697692e --- /dev/null +++ b/contact-form/contact-form-deployment.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: contact-form-deployment + labels: + app: contact-form +spec: + replicas: 2 + selector: + matchLabels: + app: contact-form + template: + metadata: + labels: + app: contact-form + spec: + containers: + - name: contact-form + image: localhost:30100/contact-form:v0.0.5 diff --git a/contact-form/contact-form-service.yaml b/contact-form/contact-form-service.yaml new file mode 100644 index 0000000..7835c93 --- /dev/null +++ b/contact-form/contact-form-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: contact-form +spec: + type: ClusterIP + selector: + app: contact-form + ports: + - protocol: TCP + port: 80 diff --git a/gitea/values.yaml b/gitea/values.yaml new file mode 100644 index 0000000..3f76779 --- /dev/null +++ b/gitea/values.yaml @@ -0,0 +1,13 @@ +postgresql: + enabled: true + storageClass: csi-cinder-high-speed-gen2 +postgresql-ha: + enabled: false +redis: + enabled: true +redis-cluster: + enabled: false + +persistence: + enabled: true + storageClass: csi-cinder-high-speed-gen2 \ No newline at end of file diff --git a/haproxy/ingress.yaml b/haproxy/ingress.yaml new file mode 100644 index 0000000..1bdb19b --- /dev/null +++ b/haproxy/ingress.yaml @@ -0,0 +1,37 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-controller + annotations: + haproxy.org/rate-limit-period: "1m" + haproxy.org/rate-limit-requests: "200" + haproxy.org/rate-limit-status-code: "429" + # add an annotation indicating the issuer to use + cert-manager.io/cluster-issuer: letsencrypt +spec: + ingressClassName: haproxy + rules: + - host: "reault.tech" + http: &http_rules + paths: + - path: /contact + pathType: Prefix + backend: + service: + name: contact-form + port: + number: 80 + - path: / + pathType: Prefix + backend: + service: + name: mywebsite + port: + number: 80 + - host: "www.reault.tech" + http: *http_rules + tls: + - secretName: reault-tech-cert # cert-manager will store the certificate and key in this secret + hosts: + - www.reault.tech + - reault.tech diff --git a/haproxy/issuer.yaml b/haproxy/issuer.yaml new file mode 100644 index 0000000..0fe3a07 --- /dev/null +++ b/haproxy/issuer.yaml @@ -0,0 +1,18 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt +spec: + acme: + # The ACME server URL + server: https://acme-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: corentin.reault@protonmail.com + # Name of a secret used to store the ACME account private key + privateKeySecretRef: + name: issuer-account-key + # Enable the HTTP-01 challenge provider + solvers: + - http01: + ingress: + ingressClassName: haproxy \ No newline at end of file diff --git a/haproxy/sticky-ingress.yaml b/haproxy/sticky-ingress.yaml new file mode 100644 index 0000000..d02f228 --- /dev/null +++ b/haproxy/sticky-ingress.yaml @@ -0,0 +1,28 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: sticky-ingress-controller + annotations: + haproxy.org/rate-limit-period: "1m" + haproxy.org/rate-limit-requests: "200" + haproxy.org/rate-limit-status-code: "429" + # add an annotation indicating the issuer to use + cert-manager.io/cluster-issuer: letsencrypt + cookie-persistence: "example-session-persistence-cookie" +spec: + ingressClassName: haproxy + rules: + - host: "iam.reault.tech" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: keycloak-service + port: + number: 8080 + tls: + - secretName: reault-tech-cert # cert-manager will store the certificate and key in this secret + hosts: + - iam.reault.tech \ No newline at end of file diff --git a/keycloak/keycloak-crd.yaml b/keycloak/keycloak-crd.yaml new file mode 100644 index 0000000..366667c --- /dev/null +++ b/keycloak/keycloak-crd.yaml @@ -0,0 +1,32 @@ +apiVersion: k8s.keycloak.org/v2alpha1 +kind: Keycloak +metadata: + name: keycloak +spec: + instances: 1 + db: + vendor: postgres + host: keycloak-postgresdb + port: 5432 + usernameSecret: + name: keycloak-postgresdb-creds + key: POSTGRES_USER + passwordSecret: + name: keycloak-postgresdb-creds + key: POSTGRES_PASSWORD + http: + httpEnabled: true + httpPort: 8080 + httpsPort: 8443 + tlsSecret: reault-tech-cert + hostname: + hostname: iam.reault.tech + proxy: + headers: xforwarded # double check your reverse proxy sets and overwrites the X-Forwarded-* headers + resources: + requests: + cpu: 1 + memory: 300Mi + limits: + cpu: 2 + memory: 500Mi diff --git a/keycloak/keycloak-deployment.yaml b/keycloak/keycloak-deployment.yaml new file mode 100644 index 0000000..8989443 --- /dev/null +++ b/keycloak/keycloak-deployment.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: keycloak + labels: + app: keycloak +spec: + replicas: 1 + selector: + matchLabels: + app: keycloak + template: + metadata: + labels: + app: keycloak + spec: + containers: + - name: keycloak + image: quay.io/keycloak/keycloak:26.1.3 + args: ["start-dev"] + env: + - name: KEYCLOAK_ADMIN + value: "admin" + - name: KEYCLOAK_ADMIN_PASSWORD + value: "admin" + - name: KC_PROXY + value: "edge" + - name: KC_HEALTH_ENABLED + value: "true" + ports: + - name: http + containerPort: 8080 + readinessProbe: + httpGet: + path: /health/ready + port: 9000 \ No newline at end of file diff --git a/keycloak/keycloak-service.yaml b/keycloak/keycloak-service.yaml new file mode 100644 index 0000000..c36eba6 --- /dev/null +++ b/keycloak/keycloak-service.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: keycloak +spec: + type: ClusterIP + selector: + app: keycloak + ports: + - protocol: TCP + port: 8080 diff --git a/keycloak/postgres/db-backup-cron.yaml b/keycloak/postgres/db-backup-cron.yaml new file mode 100644 index 0000000..912fae7 --- /dev/null +++ b/keycloak/postgres/db-backup-cron.yaml @@ -0,0 +1,59 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: keycloak-postgres-backup +spec: + schedule: "0 0 * * *" + jobTemplate: + spec: + template: + spec: + initContainers: + - name: dump + image: postgres:14 + imagePullPolicy: IfNotPresent + volumeMounts: + - name: data + mountPath: /backup + args: + - pg_dump + - "-Fc" + - "-f" + - "/backup/keycloak-postgres.pgdump" + - "-Z" + - "9" + - "-v" + - "-h" + - "keycloak-postgresdb" + - "-U" + - "keycloak" + - "-d" + - "keycloak" + env: + - name: PGPASSWORD + valueFrom: + secretKeyRef: + # Retrieve postgres password from a secret + name: keycloak-postgresdb-creds + key: POSTGRES_PASSWORD + containers: + - name: save + image: amazon/aws-cli + volumeMounts: + - name: data + mountPath: /backup + args: + - s3 + - cp + - "/backup/keycloak-postgres.pgdump" + - "s3://media-object-storage/keycloak-postgres.pgdump" + - "--endpoint" + - "https://s3.gra.io.cloud.ovh.net" + envFrom: + - secretRef: + # Must contain AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION + name: media-object-storage-creds + restartPolicy: Never + volumes: + - name: data + emptyDir: {} \ No newline at end of file diff --git a/keycloak/postgres/db-deployment.yaml b/keycloak/postgres/db-deployment.yaml new file mode 100644 index 0000000..194f9b4 --- /dev/null +++ b/keycloak/postgres/db-deployment.yaml @@ -0,0 +1,32 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: keycloak-postgresdb +spec: + replicas: 1 + selector: + matchLabels: + app: keycloak-postgresdb + template: + metadata: + labels: + app: keycloak-postgresdb + spec: + containers: + - name: keycloak-postgresdb + image: 'postgres:14' + imagePullPolicy: IfNotPresent + ports: + - containerPort: 5432 + envFrom: + - secretRef: + # Must contain POSTGRES_DB, POSTGRES_USER, POSTGRES_PASSWORD + name: keycloak-postgresdb-creds + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: db-data + subPath: postgres + volumes: + - name: db-data + persistentVolumeClaim: + claimName: keycloak-db-persistent-volume-claim diff --git a/keycloak/postgres/db-service.yaml b/keycloak/postgres/db-service.yaml new file mode 100644 index 0000000..ac47a44 --- /dev/null +++ b/keycloak/postgres/db-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: keycloak-postgresdb + labels: + app: keycloak-postgresdb +spec: + type: NodePort + ports: + - port: 5432 + selector: + app: keycloak-postgresdb \ No newline at end of file diff --git a/keycloak/postgres/db-volume-claim.yaml b/keycloak/postgres/db-volume-claim.yaml new file mode 100644 index 0000000..4ce4024 --- /dev/null +++ b/keycloak/postgres/db-volume-claim.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: keycloak-db-persistent-volume-claim +spec: + storageClassName: csi-cinder-high-speed-gen2 + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi \ No newline at end of file diff --git a/nginx/mywebsite-deployment.yaml b/nginx/mywebsite-deployment.yaml new file mode 100644 index 0000000..f554a5b --- /dev/null +++ b/nginx/mywebsite-deployment.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mywebsite-deployment + labels: + app: mywebsite +spec: + replicas: 2 + selector: + matchLabels: + app: mywebsite + template: + metadata: + labels: + app: mywebsite + spec: + containers: + - name: mywebsite + image: localhost:30100/mywebsite:v1.5 diff --git a/nginx/mywebsite-service.yaml b/nginx/mywebsite-service.yaml new file mode 100644 index 0000000..2751107 --- /dev/null +++ b/nginx/mywebsite-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: mywebsite +spec: + type: ClusterIP + selector: + app: mywebsite + ports: + - protocol: TCP + port: 80