gitea_admin/kube
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Cocopops16 2025-03-23 12:39:28 +01:00
commit 7deb49d32d
16 changed files with 356 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
sealed-secrets
closed_projects
registry

20
contact-form/contact-form-deployment.yaml Normal file
View File

@ -0,0 +1,20 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: contact-form-deployment
labels:
app: contact-form
spec:
replicas: 2
selector:
matchLabels:
app: contact-form
template:
metadata:
labels:
app: contact-form
spec:
containers:
- name: contact-form
image: localhost:30100/contact-form:v0.0.5

11
contact-form/contact-form-service.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: contact-form
spec:
type: ClusterIP
selector:
app: contact-form
ports:
- protocol: TCP
port: 80

13
gitea/values.yaml Normal file
View File

@ -0,0 +1,13 @@
postgresql:
enabled: true
storageClass: csi-cinder-high-speed-gen2
postgresql-ha:
enabled: false
redis:
enabled: true
redis-cluster:
enabled: false
persistence:
enabled: true
storageClass: csi-cinder-high-speed-gen2

37
haproxy/ingress.yaml Normal file
View File

@ -0,0 +1,37 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-controller
annotations:
haproxy.org/rate-limit-period: "1m"
haproxy.org/rate-limit-requests: "200"
haproxy.org/rate-limit-status-code: "429"
# add an annotation indicating the issuer to use
cert-manager.io/cluster-issuer: letsencrypt
spec:
ingressClassName: haproxy
rules:
- host: "reault.tech"
http: &http_rules
paths:
- path: /contact
pathType: Prefix
backend:
service:
name: contact-form
port:
number: 80
- path: /
pathType: Prefix
backend:
service:
name: mywebsite
port:
number: 80
- host: "www.reault.tech"
http: *http_rules
tls:
- secretName: reault-tech-cert # cert-manager will store the certificate and key in this secret
hosts:
- www.reault.tech
- reault.tech

18
haproxy/issuer.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: corentin.reault@protonmail.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: issuer-account-key
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
ingressClassName: haproxy

28
haproxy/sticky-ingress.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: sticky-ingress-controller
annotations:
haproxy.org/rate-limit-period: "1m"
haproxy.org/rate-limit-requests: "200"
haproxy.org/rate-limit-status-code: "429"
# add an annotation indicating the issuer to use
cert-manager.io/cluster-issuer: letsencrypt
cookie-persistence: "example-session-persistence-cookie"
spec:
ingressClassName: haproxy
rules:
- host: "iam.reault.tech"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: keycloak-service
port:
number: 8080
tls:
- secretName: reault-tech-cert # cert-manager will store the certificate and key in this secret
hosts:
- iam.reault.tech

32
keycloak/keycloak-crd.yaml Normal file
View File

@ -0,0 +1,32 @@
apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
name: keycloak
spec:
instances: 1
db:
vendor: postgres
host: keycloak-postgresdb
port: 5432
usernameSecret:
name: keycloak-postgresdb-creds
key: POSTGRES_USER
passwordSecret:
name: keycloak-postgresdb-creds
key: POSTGRES_PASSWORD
http:
httpEnabled: true
httpPort: 8080
httpsPort: 8443
tlsSecret: reault-tech-cert
hostname:
hostname: iam.reault.tech
proxy:
headers: xforwarded # double check your reverse proxy sets and overwrites the X-Forwarded-* headers
resources:
requests:
cpu: 1
memory: 300Mi
limits:
cpu: 2
memory: 500Mi

37
keycloak/keycloak-deployment.yaml Normal file
View File

@ -0,0 +1,37 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:26.1.3
args: ["start-dev"]
env:
- name: KEYCLOAK_ADMIN
value: "admin"
- name: KEYCLOAK_ADMIN_PASSWORD
value: "admin"
- name: KC_PROXY
value: "edge"
- name: KC_HEALTH_ENABLED
value: "true"
ports:
- name: http
containerPort: 8080
readinessProbe:
httpGet:
path: /health/ready
port: 9000

12
keycloak/keycloak-service.yaml Normal file
View File

@ -0,0 +1,12 @@
---
apiVersion: v1
kind: Service
metadata:
name: keycloak
spec:
type: ClusterIP
selector:
app: keycloak
ports:
- protocol: TCP
port: 8080

59
keycloak/postgres/db-backup-cron.yaml Normal file
View File

@ -0,0 +1,59 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: keycloak-postgres-backup
spec:
schedule: "0 0 * * *"
jobTemplate:
spec:
template:
spec:
initContainers:
- name: dump
image: postgres:14
imagePullPolicy: IfNotPresent
volumeMounts:
- name: data
mountPath: /backup
args:
- pg_dump
- "-Fc"
- "-f"
- "/backup/keycloak-postgres.pgdump"
- "-Z"
- "9"
- "-v"
- "-h"
- "keycloak-postgresdb"
- "-U"
- "keycloak"
- "-d"
- "keycloak"
env:
- name: PGPASSWORD
valueFrom:
secretKeyRef:
# Retrieve postgres password from a secret
name: keycloak-postgresdb-creds
key: POSTGRES_PASSWORD
containers:
- name: save
image: amazon/aws-cli
volumeMounts:
- name: data
mountPath: /backup
args:
- s3
- cp
- "/backup/keycloak-postgres.pgdump"
- "s3://media-object-storage/keycloak-postgres.pgdump"
- "--endpoint"
- "https://s3.gra.io.cloud.ovh.net"
envFrom:
- secretRef:
# Must contain AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION
name: media-object-storage-creds
restartPolicy: Never
volumes:
- name: data
emptyDir: {}

32
keycloak/postgres/db-deployment.yaml Normal file
View File

@ -0,0 +1,32 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak-postgresdb
spec:
replicas: 1
selector:
matchLabels:
app: keycloak-postgresdb
template:
metadata:
labels:
app: keycloak-postgresdb
spec:
containers:
- name: keycloak-postgresdb
image: 'postgres:14'
imagePullPolicy: IfNotPresent
ports:
- containerPort: 5432
envFrom:
- secretRef:
# Must contain POSTGRES_DB, POSTGRES_USER, POSTGRES_PASSWORD
name: keycloak-postgresdb-creds
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: db-data
subPath: postgres
volumes:
- name: db-data
persistentVolumeClaim:
claimName: keycloak-db-persistent-volume-claim

12
keycloak/postgres/db-service.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: keycloak-postgresdb
labels:
app: keycloak-postgresdb
spec:
type: NodePort
ports:
- port: 5432
selector:
app: keycloak-postgresdb

11
keycloak/postgres/db-volume-claim.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: keycloak-db-persistent-volume-claim
spec:
storageClassName: csi-cinder-high-speed-gen2
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

20
nginx/mywebsite-deployment.yaml Normal file
View File

@ -0,0 +1,20 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mywebsite-deployment
labels:
app: mywebsite
spec:
replicas: 2
selector:
matchLabels:
app: mywebsite
template:
metadata:
labels:
app: mywebsite
spec:
containers:
- name: mywebsite
image: localhost:30100/mywebsite:v1.5

11
nginx/mywebsite-service.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: mywebsite
spec:
type: ClusterIP
selector:
app: mywebsite
ports:
- protocol: TCP
port: 80