Noratrieb/vps
1
0
Fork 0
mirror of https://github.com/Noratrieb/vps.git synced 2026-01-14 08:45:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

more cleanup

Browse source
This commit is contained in:
nora 2023-08-26 23:49:24 +02:00
parent ee0c5f9cec
commit 6702351df4
21 changed files with 5 additions and 508 deletions
Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -4,4 +4,8 @@ see `new` for the new infra
## things that shall not be forgotten ## things that shall not be forgotten
there once was some custom k8s cluster setup in `./k8s-cluster`. it was incomplete and pretty cursed. there once was some custom k8s cluster setup in `./k8s-cluster`. it was incomplete and pretty cursed.
also some kubernetes config in `./kube`. why.
gloriously not great docker configs in `./docker`.

15
docker/compose.sh
View file

@ -1,15 +0,0 @@
#!/usr/bin/env bash
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
if [ "$STAGE" = "prod" ] ;
then
export NGINX_CONF_PATH=../nginx/nginx.conf
EXTRA_ARGS="-f $SCRIPT_DIR/production.yml"
else
export NGINX_CONF_PATH=../nginx/nginx.local.conf
fi
export REGISTRY_CONF_DIR=../registry
docker compose -f "$SCRIPT_DIR/docker-compose.yml" $@ up -d

24
docker/docker-compose.yml
View file

@ -1,24 +0,0 @@
version: '3.3'
services:
nginx:
container_name: nginx-c
restart: always
image: nginx:latest
ports:
- "80:80"
volumes:
- "${NGINX_CONF_PATH}:/etc/nginx/nginx.conf:ro"
networks:
- internal
registry:
container_name: registry-c
restart: always
image: registry:2
volumes:
- "${REGISTRY_CONF_DIR}/config.yml:/etc/docker/registry/config.yml"
- "/var/lib/docker/registry:/var/lib/registry"
networks:
- internal
networks:
internal:

17
docker/production.yml
View file

@ -1,17 +0,0 @@
version: '3.3'
services:
nginx:
volumes:
- "/etc/letsencrypt:/etc/nginx/certs:ro"
ports:
- "443:443"
registry:
volumes:
- "/etc/letsencrypt:/etc/letsencrypt"
- "/etc/htpasswd:/htpasswd"
environment:
- REGISTRY_HTTP_TLS_CERTIFICATE=/etc/letsencrypt/live/nilstrieb.dev/fullchain.pem
- REGISTRY_HTTP_TLS_KEY=/etc/letsencrypt/live/nilstrieb.dev/privkey.pem
- REGISTRY_AUTH=htpasswd
- REGISTRY_AUTH_HTPASSWD_REALM=Realm
- REGISTRY_AUTH_HTPASSWD_PATH=/htpasswd

9
docker/setup_net.sh
View file

@ -1,9 +0,0 @@
NET_NAME="internal"
if docker network inspect "$NET_NAME" > /dev/null 2>&1 ;
then
echo "Network $NET_NAME exists already...";
else
echo "Creating network $NET_NAME..."
docker network create "$NET_NAME"
fi

68
kube/apps/cargo-bisect-rustc.yaml
View file

@ -1,68 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cargo-bisect-rustc-config
data:
SQLITE_DB: /app/db/db.sqlite
RUST_LOG: debug
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: cargo-bisect-rustc-volume-claim
spec:
resources:
requests:
storage: "50Mi"
volumeMode: Filesystem
accessModes:
- ReadWriteMany
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cargo-bisect-rustc
spec:
selector:
matchLabels:
app: cargo-bisect-rustc
template:
metadata:
labels:
app: cargo-bisect-rustc
spec:
containers:
- name: cargo-bisect-rustc
image: docker.nilstrieb.dev/cargo-bisect-rustc-service:1.10
resources:
requests:
memory: "256Mi"
cpu: "200m"
limits:
memory: "1000Mi"
cpu: "2000m"
envFrom:
- configMapRef:
name: cargo-bisect-rustc-config
volumeMounts:
- mountPath: /app/db
name: sqlitedb
ports:
- containerPort: 4000
imagePullSecrets:
- name: docker-nilstrieb-dev-login
volumes:
- name: sqlitedb
persistentVolumeClaim:
claimName: cargo-bisect-rustc-volume-claim
---
apiVersion: v1
kind: Service
metadata:
name: cargo-bisect-rustc-service
spec:
selector:
app: cargo-bisect-rustc
ports:
- port: 80
targetPort: 4000

65
kube/apps/hugo-chat-db.yaml
View file

@ -1,65 +0,0 @@
# https://www.containiq.com/post/deploy-postgres-on-kubernetes
apiVersion: v1
kind: ConfigMap
metadata:
name: hugo-chat-db-config
data:
POSTGRES_PASSWORD: huGO123.corsBOSS
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: hugo-chat-db-volume-claim
spec:
storageClassName: local-storage
resources:
requests:
storage: 100Mi
volumeMode: Filesystem
accessModes:
- ReadWriteMany
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: hugo-chat-db
spec:
selector:
matchLabels:
app: hugo-chat-db
template:
metadata:
labels:
app: hugo-chat-db
spec:
containers:
- name: hugo-chat-db
image: docker.io/postgres:latest
resources:
limits:
memory: "256Mi"
cpu: "500m"
envFrom:
- configMapRef:
name: hugo-chat-db-config
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: postgredb
ports:
- containerPort: 5432
volumes:
- name: postgredb
persistentVolumeClaim:
claimName: hugo-chat-db-volume-claim
---
apiVersion: v1
kind: Service
metadata:
name: hugo-chat-db-service
spec:
selector:
app: hugo-chat-db
ports:
- port: 5432
targetPort: 5432

38
kube/apps/hugo-chat-frontend.yaml
View file

@ -1,38 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: hugo-chat-frontend
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: hugo-chat-frontend
template:
metadata:
labels:
app.kubernetes.io/name: hugo-chat-frontend
spec:
containers:
- name: hugo-chat-frontend
image: docker.nilstrieb.dev/hugo-chat-frontend:1.1
ports:
- containerPort: 80
name: http-web-svc
resources:
limits:
cpu: 200m
memory: 300M
imagePullSecrets:
- name: docker-nilstrieb-dev-login
---
apiVersion: v1
kind: Service
metadata:
name: hugo-chat-frontend-service
spec:
selector:
app.kubernetes.io/name: hugo-chat-frontend
ports:
- protocol: TCP
port: 8080
targetPort: http-web-svc

17
kube/cert.yaml
View file

@ -1,17 +0,0 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nilstriev-dev-cert
spec:
secretName: nilstrieb-dev-cert-tls
dnsNames:
- nilstrieb.dev
- docker.nilstrieb.dev
- cors-school.nilstrieb.dev
- api.cors-school.nilstrieb.dev
- hugo-chat.nilstrieb.dev
- api.hugo-chat.nilstrieb.dev
- bisect-rustc.nilstrieb.dev
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer

23
kube/default-volume.yaml
View file

@ -1,23 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: default-volume
labels:
type: local
spec:
storageClassName: local-storage
capacity:
storage: 500Mi
volumeMode: Filesystem
accessModes:
- ReadWriteMany
local:
path: /mnt/kube-default-volume
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- minikube

7
kube/docker-nilstrieb-dev-image-pull-secret.yaml
View file

@ -1,7 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: docker-nilstrieb-dev-login
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: <fill me>

14
kube/letsencrypt-cluster-issuer-production.yaml
View file

@ -1,14 +0,0 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: nilstrieb@gmail.com
privateKeySecretRef:
name: letsencrypt-production
solvers:
- http01:
ingress:
class: nginx

14
kube/letsencrypt-cluster-issuer-staging.yaml
View file

@ -1,14 +0,0 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: nilstrieb@gmail.com
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- http01:
ingress:
class: nginx

28
kube/local-ingress.yaml
View file

@ -1,28 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: main-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: hugo-chat.nilstrieb.dev
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: hugo-chat-frontend-service
port:
number: 8080
- host: bisect-rustc.nilstrieb.dev
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: cargo-bisect-rustc-service
port:
number: 80

5
kube/registry/README.md
View file

@ -1,5 +0,0 @@
# Private Docker registry
https://medium.com/swlh/deploy-your-private-docker-registry-as-a-pod-in-kubernetes-f6a489bf0180
You need a `htaccess` file created using `htpasswd`. Use that as the secret.

7
kube/registry/docker-registry-auth-secret.yaml
View file

@ -1,7 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: docker-registry-auth-secret
type: Opaque
data:
htpasswd: SECRET

33
kube/registry/docker-registry-volume.yaml
View file

@ -1,33 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: docker-registry-volume
spec:
capacity:
storage: 2Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Recycle
local:
path: /mnt/kube-registry-volume
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- minikube
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: docker-registry-pvc
spec:
resources:
requests:
storage: 2Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce

61
kube/registry/docker-registry.yaml
View file

@ -1,61 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: docker-registry
spec:
selector:
matchLabels:
app: docker-registry
template:
metadata:
labels:
app: docker-registry
spec:
containers:
- name: docker-registry
image: registry:latest
resources:
limits:
memory: "128Mi"
cpu: "500m"
env:
- name: REGISTRY_AUTH
value: "htpasswd"
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: "docker.nilstriev.dev"
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: "/auth/htpasswd"
- name: REGISTRY_HTTP_TLS_CERTIFICATE
value: "/certs/tls.crt"
- name: REGISTRY_HTTP_TLS_KEY
value: "/certs/tls.key"
volumeMounts:
- name: repo-vol
mountPath: "/var/lib/registry"
- name: certs-vol
mountPath: "/certs"
readOnly: true
- name: auth-vol
mountPath: "/auth"
readOnly: true
volumes:
- name: repo-vol
persistentVolumeClaim:
claimName: docker-registry-pvc
- name: certs-vol
secret:
secretName: nilstriev-dev-cert
- name: auth-vol
secret:
secretName: docker-registry-auth-secret
---
apiVersion: v1
kind: Service
metadata:
name: docker-registry-service
spec:
selector:
app: docker-registry
ports:
- port: 5000
targetPort: 5000

38
kube/server-ingress.yaml
View file

@ -1,38 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: main-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: letsencrypt-staging
spec:
rules:
- host: hugo-chat.nilstrieb.dev
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: hugo-chat-frontend-service
port:
number: 8080
- host: bisect-rustc.nilstrieb.dev
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: cargo-bisect-rustc-service
port:
number: 80
tls:
- hosts:
- nilstrieb.dev
- docker.nilstrieb.dev
- cors-school.nilstrieb.dev
- api.cors-school.nilstrieb.dev
- hugo-chat.nilstrieb.dev
- api.hugo-chat.nilstrieb.dev
- bisect-rustc.nilstrieb.dev

16
kube/ubuntu-debugger.yaml
View file

@ -1,16 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: ubuntu-debugger
labels:
name: ubuntu-debugger
spec:
containers:
- name: ubuntu-debugger
image: docker.io/ubuntu:latest
resources:
limits:
memory: "128Mi"
cpu: "500m"
command: ["/bin/bash", "-c", "--"]
args: ["while true; do sleep 30; done;"]

8
run_scripts/hugo-chat.sh
View file

@ -1,8 +0,0 @@
docker run --net internal --name hugo-chat-frontend \
-d --restart=always docker.nilstrieb.dev/hugo-chat-frontend:1.0
docker run --net internal --name hugo-chat-db \
-d -e POSTGRES_PASSWORD=huGO123.corsBOSS postgres
docker run --net internal --name hugo-chat-backend \
-d docker.nilstrieb.dev/hugo-chat-backend:1.0