more cleanup

README.md

@@ -4,4 +4,8 @@ see `new` for the new infra
 
 ## things that shall not be forgotten
 
-there once was some custom k8s cluster setup in `./k8s-cluster`. it was incomplete and pretty cursed.
+there once was some custom k8s cluster setup in `./k8s-cluster`. it was incomplete and pretty cursed.
+
+also some kubernetes config in `./kube`. why.
+
+gloriously not great docker configs in `./docker`.

docker/compose.sh

@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-
-SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
-
-if [ "$STAGE" = "prod" ] ;
-then
-    export NGINX_CONF_PATH=../nginx/nginx.conf
-    EXTRA_ARGS="-f $SCRIPT_DIR/production.yml"
-else
-    export NGINX_CONF_PATH=../nginx/nginx.local.conf
-fi
-
-export REGISTRY_CONF_DIR=../registry
-
-docker compose -f "$SCRIPT_DIR/docker-compose.yml" $@ up -d

docker/docker-compose.yml

@@ -1,24 +0,0 @@
-version: '3.3'
-services:
-  nginx:
-    container_name: nginx-c
-    restart: always
-    image: nginx:latest
-    ports:
-      - "80:80"
-    volumes:
-      - "${NGINX_CONF_PATH}:/etc/nginx/nginx.conf:ro"
-    networks:
-      - internal
-  registry:
-    container_name: registry-c
-    restart: always
-    image: registry:2
-    volumes:
-      - "${REGISTRY_CONF_DIR}/config.yml:/etc/docker/registry/config.yml"
-      - "/var/lib/docker/registry:/var/lib/registry"
-    networks:
-      - internal
-
-networks:
-  internal:

docker/production.yml

@@ -1,17 +0,0 @@
-version: '3.3'
-services:
-  nginx:
-    volumes:
-      - "/etc/letsencrypt:/etc/nginx/certs:ro"
-    ports:
-      - "443:443"
-  registry:
-    volumes:
-      - "/etc/letsencrypt:/etc/letsencrypt"
-      - "/etc/htpasswd:/htpasswd"
-    environment:
-      - REGISTRY_HTTP_TLS_CERTIFICATE=/etc/letsencrypt/live/nilstrieb.dev/fullchain.pem
-      - REGISTRY_HTTP_TLS_KEY=/etc/letsencrypt/live/nilstrieb.dev/privkey.pem
-      - REGISTRY_AUTH=htpasswd
-      - REGISTRY_AUTH_HTPASSWD_REALM=Realm
-      - REGISTRY_AUTH_HTPASSWD_PATH=/htpasswd

docker/setup_net.sh

@@ -1,9 +0,0 @@
-NET_NAME="internal"
-
-if docker network inspect "$NET_NAME" > /dev/null 2>&1 ;
-then
-    echo "Network $NET_NAME exists already...";
-else
-    echo "Creating network $NET_NAME..."
-    docker network create "$NET_NAME"
-fi

kube/apps/cargo-bisect-rustc.yaml

@@ -1,68 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: cargo-bisect-rustc-config
-data:
-  SQLITE_DB: /app/db/db.sqlite
-  RUST_LOG: debug
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: cargo-bisect-rustc-volume-claim
-spec:
-  resources:
-    requests:
-      storage: "50Mi"
-  volumeMode: Filesystem
-  accessModes:
-    - ReadWriteMany
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: cargo-bisect-rustc
-spec:
-  selector:
-    matchLabels:
-      app: cargo-bisect-rustc
-  template:
-    metadata:
-      labels:
-        app: cargo-bisect-rustc
-    spec:
-      containers:
-        - name: cargo-bisect-rustc
-          image: docker.nilstrieb.dev/cargo-bisect-rustc-service:1.10
-          resources:
-            requests:
-              memory: "256Mi"
-              cpu: "200m"
-            limits:
-              memory: "1000Mi"
-              cpu: "2000m"
-          envFrom:
-            - configMapRef:
-                name: cargo-bisect-rustc-config
-          volumeMounts:
-            - mountPath: /app/db
-              name: sqlitedb
-          ports:
-            - containerPort: 4000
-      imagePullSecrets:
-        - name: docker-nilstrieb-dev-login
-      volumes:
-        - name: sqlitedb
-          persistentVolumeClaim:
-            claimName: cargo-bisect-rustc-volume-claim
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: cargo-bisect-rustc-service
-spec:
-  selector:
-    app: cargo-bisect-rustc
-  ports:
-    - port: 80
-      targetPort: 4000

kube/apps/hugo-chat-db.yaml

@@ -1,65 +0,0 @@
-# https://www.containiq.com/post/deploy-postgres-on-kubernetes
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: hugo-chat-db-config
-data:
-  POSTGRES_PASSWORD: huGO123.corsBOSS
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: hugo-chat-db-volume-claim
-spec:
-  storageClassName: local-storage
-  resources:
-    requests:
-      storage: 100Mi
-  volumeMode: Filesystem
-  accessModes:
-    - ReadWriteMany
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: hugo-chat-db
-spec:
-  selector:
-    matchLabels:
-      app: hugo-chat-db
-  template:
-    metadata:
-      labels:
-        app: hugo-chat-db
-    spec:
-      containers:
-        - name: hugo-chat-db
-          image: docker.io/postgres:latest
-          resources:
-            limits:
-              memory: "256Mi"
-              cpu: "500m"
-          envFrom:
-            - configMapRef:
-                name: hugo-chat-db-config
-          volumeMounts:
-            - mountPath: /var/lib/postgresql/data
-              name: postgredb
-          ports:
-            - containerPort: 5432
-      volumes:
-        - name: postgredb
-          persistentVolumeClaim:
-            claimName: hugo-chat-db-volume-claim
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: hugo-chat-db-service
-spec:
-  selector:
-    app: hugo-chat-db
-  ports:
-  - port: 5432
-    targetPort: 5432

kube/apps/hugo-chat-frontend.yaml

@@ -1,38 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: hugo-chat-frontend
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: hugo-chat-frontend
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: hugo-chat-frontend
-    spec:
-      containers:
-        - name: hugo-chat-frontend
-          image: docker.nilstrieb.dev/hugo-chat-frontend:1.1
-          ports:
-            - containerPort: 80
-              name: http-web-svc
-          resources:
-            limits:
-              cpu: 200m
-              memory: 300M
-      imagePullSecrets:
-        - name: docker-nilstrieb-dev-login
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: hugo-chat-frontend-service
-spec:
-  selector:
-    app.kubernetes.io/name: hugo-chat-frontend
-  ports:
-    - protocol: TCP
-      port: 8080
-      targetPort: http-web-svc

kube/cert.yaml

@@ -1,17 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: nilstriev-dev-cert
-spec:
-  secretName: nilstrieb-dev-cert-tls
-  dnsNames:
-    - nilstrieb.dev
-    - docker.nilstrieb.dev
-    - cors-school.nilstrieb.dev
-    - api.cors-school.nilstrieb.dev
-    - hugo-chat.nilstrieb.dev
-    - api.hugo-chat.nilstrieb.dev
-    - bisect-rustc.nilstrieb.dev
-  issuerRef:
-    name: letsencrypt-staging
-    kind: ClusterIssuer

kube/default-volume.yaml

@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: default-volume
-  labels:
-    type: local
-spec:
-  storageClassName: local-storage
-  capacity:
-    storage: 500Mi
-  volumeMode: Filesystem
-  accessModes:
-    - ReadWriteMany
-  local:
-    path: /mnt/kube-default-volume
-  nodeAffinity:
-    required:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: kubernetes.io/hostname
-          operator: In
-          values:
-          - minikube

kube/docker-nilstrieb-dev-image-pull-secret.yaml

@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: docker-nilstrieb-dev-login
-type: kubernetes.io/dockerconfigjson
-data:
-  .dockerconfigjson: <fill me>

kube/letsencrypt-cluster-issuer-production.yaml

@@ -1,14 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-production
-spec:
-  acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
-    email: nilstrieb@gmail.com
-    privateKeySecretRef:
-      name: letsencrypt-production
-    solvers:
-      - http01:
-          ingress:
-            class: nginx

kube/letsencrypt-cluster-issuer-staging.yaml

@@ -1,14 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-staging
-spec:
-  acme:
-    server: https://acme-staging-v02.api.letsencrypt.org/directory
-    email: nilstrieb@gmail.com
-    privateKeySecretRef:
-      name: letsencrypt-staging
-    solvers:
-      - http01:
-          ingress:
-            class: nginx

kube/local-ingress.yaml

@@ -1,28 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: main-ingress
-  annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
-spec:
-  rules:
-    - host: hugo-chat.nilstrieb.dev
-      http:
-        paths:
-          - pathType: Prefix
-            path: /
-            backend:
-              service:
-                name: hugo-chat-frontend-service
-                port:
-                  number: 8080
-    - host: bisect-rustc.nilstrieb.dev
-      http:
-        paths:
-          - pathType: Prefix
-            path: /
-            backend:
-              service:
-                name: cargo-bisect-rustc-service
-                port:
-                  number: 80

kube/registry/README.md

@@ -1,5 +0,0 @@
-# Private Docker registry
-
-https://medium.com/swlh/deploy-your-private-docker-registry-as-a-pod-in-kubernetes-f6a489bf0180
-
-You need a `htaccess` file created using `htpasswd`. Use that as the secret.

kube/registry/docker-registry-auth-secret.yaml

@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: docker-registry-auth-secret
-type: Opaque
-data:
-  htpasswd: SECRET

kube/registry/docker-registry-volume.yaml

@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: docker-registry-volume
-spec:
-  capacity:
-    storage: 2Gi
-  volumeMode: Filesystem
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Recycle
-  local:
-    path: /mnt/kube-registry-volume
-  nodeAffinity:
-    required:
-      nodeSelectorTerms:
-      - matchExpressions:
-        - key: kubernetes.io/hostname
-          operator: In
-          values:
-          - minikube
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: docker-registry-pvc
-spec:
-  resources:
-    requests:
-      storage: 2Gi
-  volumeMode: Filesystem
-  accessModes:
-    - ReadWriteOnce

kube/registry/docker-registry.yaml

@@ -1,61 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: docker-registry
-spec:
-  selector:
-    matchLabels:
-      app: docker-registry
-  template:
-    metadata:
-      labels:
-        app: docker-registry
-    spec:
-      containers:
-        - name: docker-registry
-          image: registry:latest
-          resources:
-            limits:
-              memory: "128Mi"
-              cpu: "500m"
-          env:
-            - name: REGISTRY_AUTH
-              value: "htpasswd"
-            - name: REGISTRY_AUTH_HTPASSWD_REALM
-              value: "docker.nilstriev.dev"
-            - name: REGISTRY_AUTH_HTPASSWD_PATH
-              value: "/auth/htpasswd"
-            - name: REGISTRY_HTTP_TLS_CERTIFICATE
-              value: "/certs/tls.crt"
-            - name: REGISTRY_HTTP_TLS_KEY
-              value: "/certs/tls.key"
-          volumeMounts:
-            - name: repo-vol
-              mountPath: "/var/lib/registry"
-            - name: certs-vol
-              mountPath: "/certs"
-              readOnly: true
-            - name: auth-vol
-              mountPath: "/auth"
-              readOnly: true
-      volumes:
-        - name: repo-vol
-          persistentVolumeClaim:
-            claimName: docker-registry-pvc
-        - name: certs-vol
-          secret:
-            secretName: nilstriev-dev-cert
-        - name: auth-vol
-          secret:
-            secretName: docker-registry-auth-secret
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: docker-registry-service
-spec:
-  selector:
-    app: docker-registry
-  ports:
-    - port: 5000
-      targetPort: 5000

kube/server-ingress.yaml

@@ -1,38 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: main-ingress
-  annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: letsencrypt-staging
-spec:
-  rules:
-    - host: hugo-chat.nilstrieb.dev
-      http:
-        paths:
-          - pathType: Prefix
-            path: /
-            backend:
-              service:
-                name: hugo-chat-frontend-service
-                port:
-                  number: 8080
-    - host: bisect-rustc.nilstrieb.dev
-      http:
-        paths:
-          - pathType: Prefix
-            path: /
-            backend:
-              service:
-                name: cargo-bisect-rustc-service
-                port:
-                  number: 80
-  tls:
-    - hosts:
-        - nilstrieb.dev
-        - docker.nilstrieb.dev
-        - cors-school.nilstrieb.dev
-        - api.cors-school.nilstrieb.dev
-        - hugo-chat.nilstrieb.dev
-        - api.hugo-chat.nilstrieb.dev
-        - bisect-rustc.nilstrieb.dev

kube/ubuntu-debugger.yaml

@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: ubuntu-debugger
-  labels:
-    name: ubuntu-debugger
-spec:
-  containers:
-    - name: ubuntu-debugger
-      image: docker.io/ubuntu:latest
-      resources:
-        limits:
-          memory: "128Mi"
-          cpu: "500m"
-      command: ["/bin/bash", "-c", "--"]
-      args: ["while true; do sleep 30; done;"]

run_scripts/hugo-chat.sh

@@ -1,8 +0,0 @@
-docker run --net internal --name hugo-chat-frontend \
-    -d --restart=always docker.nilstrieb.dev/hugo-chat-frontend:1.0
-
-docker run --net internal --name hugo-chat-db \
-    -d -e POSTGRES_PASSWORD=huGO123.corsBOSS postgres
-
-docker run --net internal --name hugo-chat-backend \
-    -d docker.nilstrieb.dev/hugo-chat-backend:1.0