From b266053f19548291c43ce513bae176e50a21233c Mon Sep 17 00:00:00 2001 From: az Date: Wed, 1 Dec 2021 17:46:59 +0100 Subject: [PATCH] div fixes --- nc.yaml | 465 ----------------------------------------------- valid-config.edn | 4 +- 2 files changed, 2 insertions(+), 467 deletions(-) delete mode 100644 nc.yaml diff --git a/nc.yaml b/nc.yaml deleted file mode 100644 index 9702451..0000000 --- a/nc.yaml +++ /dev/null @@ -1,465 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: postgres-config - labels: - app: postgres -data: - postgres-db: postgres - postgresql.conf: | - max_connections = 700 - work_mem = 3MB - shared_buffers = 2048MB - ---- -apiVersion: v1 -kind: Secret -metadata: - name: postgres-secret -type: Opaque -data: - postgres-user: bmV4dGNsb3Vk - postgres-password: bmV4dGNsb3VkLWRiLXBhc3N3b3Jk - ---- -kind: PersistentVolume -apiVersion: v1 -metadata: - name: postgres-pv-volume - labels: - type: local -spec: - storageClassName: manual - accessModes: - - ReadWriteOnce - capacity: - storage: 10Gi - hostPath: - path: /var/postgres - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: postgres-claim - labels: - app: postgres -spec: - storageClassName: manual - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: postgresql -spec: - selector: - matchLabels: - app: postgresql - strategy: - type: Recreate - template: - metadata: - labels: - app: postgresql - spec: - containers: - - image: postgres - name: postgresql - env: - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: postgres-secret - key: postgres-user - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: postgres-secret - key: postgres-password - - name: POSTGRES_DB - valueFrom: - configMapKeyRef: - name: postgres-config - key: postgres-db - ports: - - containerPort: 5432 - name: postgresql - volumeMounts: - - name: postgres-config-volume - mountPath: /etc/postgresql/postgresql.conf - subPath: postgresql.conf - readOnly: true - - name: postgre-data-volume - mountPath: /var/lib/postgresql/data - volumes: - - name: postgres-config-volume - configMap: - name: postgres-config - - name: postgre-data-volume - persistentVolumeClaim: - claimName: postgres-claim - ---- -apiVersion: v1 -kind: Service -metadata: - name: postgresql-service -spec: - selector: - app: postgresql - ports: - - port: 5432 - ---- -kind: PersistentVolume -apiVersion: v1 -metadata: - name: cloud-pv-volume - labels: - type: local - app.kubernetes.io/application: cloud -spec: - storageClassName: manual - accessModes: - - ReadWriteOnce - capacity: - storage: 200Gi - hostPath: - path: /var/cloud - ---- -apiVersion: v1 -kind: Secret -metadata: - name: cloud-secret -type: Opaque -data: - nextcloud-admin-user: Y2xvdWRhZG1pbg== - nextcloud-admin-password: Y2xvdWRwYXNzd29yZA== - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: cloud-pvc - labels: - app.kubernetes.io/application: cloud -spec: - storageClassName: manual - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 200Gi - selector: - matchLabels: - app.kubernetes.io/application: cloud - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cloud-deployment -spec: - selector: - matchLabels: - app.kubernetes.io/name: cloud-pod - app.kubernetes.io/application: cloud - strategy: - type: Recreate - template: - metadata: - labels: - app.kubernetes.io/name: cloud-pod - app.kubernetes.io/application: cloud - redeploy: v3 - spec: - containers: - - image: domaindrivenarchitecture/c4k-cloud - name: cloud-app - imagePullPolicy: IfNotPresent - ports: - - containerPort: 80 - livenessProbe: - exec: - command: - - /bin/sh - - -c - - PGPASSWORD=$POSTGRES_PASSWORD psql -h postgresql-service -U $POSTGRES_USER $POSTGRES_DB - initialDelaySeconds: 1 - periodSeconds: 5 - env: - - name: NEXTCLOUD_ADMIN_USER - valueFrom: - secretKeyRef: - name: cloud-secret - key: nextcloud-admin-user - - name: NEXTCLOUD_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: cloud-secret - key: nextcloud-admin-password - - name: NEXTCLOUD_TRUSTED_DOMAINS - value: cloudhost - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: postgres-secret - key: postgres-user - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: postgres-secret - key: postgres-password - - name: POSTGRES_DB - valueFrom: - configMapKeyRef: - name: postgres-config - key: postgres-db - - name: POSTGRES_HOST - value: postgresql-service:5432 - volumeMounts: - - name: cloud-data-volume - mountPath: /var/www/html - volumes: - - name: cloud-data-volume - persistentVolumeClaim: - claimName: cloud-pvc - ---- -apiVersion: v1 -kind: Service -metadata: - name: cloud-service - labels: - app.kubernetes.io/name: cloud-service - app.kubernetes.io/application: cloud -spec: - selector: - app.kubernetes.io/name: cloud-pod - app.kubernetes.io/application: cloud - ports: - - port: 80 - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: cloud-cert - namespace: default -spec: - secretName: cloud-secret - commonName: cloudhost - dnsNames: - - cloudhost - issuerRef: - name: letsencrypt-staging-issuer - kind: ClusterIssuer - ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: ingress-cloud - annotations: - cert-manager.io/cluster-issuer: letsencrypt-staging-issuer - nginx.ingress.kubernetes.io/proxy-body-size: 256m - nginx.ingress.kubernetes.io/ssl-redirect: 'true' - nginx.ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/proxy-connect-timeout: '300' - nginx.ingress.kubernetes.io/proxy-send-timeout: '300' - nginx.ingress.kubernetes.io/proxy-read-timeout: '300' - namespace: default -spec: - tls: - - hosts: - - cloudhost - secretName: cloud-secret - rules: - - host: cloudhost - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: cloud-service - port: - number: 80 - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: backup-config - labels: - app.kubernetes.io/name: backup - app.kubernetes.io/part-of: cloud -data: - restic-repository: s3://k3stesthost:mybucket - ---- -apiVersion: v1 -kind: Secret -metadata: - name: backup-secret -type: Opaque -data: - aws-access-key-id: YXdzLWlk - aws-secret-access-key: YXdzLXNlY3JldA== - restic-password: cmVzdGljLXBhc3N3b3Jk - ---- -apiVersion: batch/v1 -kind: CronJob -metadata: - name: cloud-backup - labels: - app.kubernetes.part-of: cloud -spec: - schedule: 10 23 * * * - successfulJobsHistoryLimit: 0 - failedJobsHistoryLimit: 0 - jobTemplate: - spec: - template: - spec: - containers: - - name: backup-app - image: domaindrivenarchitecture/c4k-cloud-backup - imagePullPolicy: IfNotPresent - command: - - /entrypoint.sh - env: - - name: POSTGRES_USER_FILE - value: /var/run/secrets/cloud-secrets/postgres-user - - name: POSTGRES_DB_FILE - value: /var/run/secrets/cloud-secrets/postgres-db - - name: POSTGRES_PASSWORD_FILE - value: /var/run/secrets/cloud-secrets/postgres-password - - name: POSTGRES_HOST - value: postgresql-service:5432 - - name: POSTGRES_SERVICE - value: postgresql-service - - name: POSTGRES_PORT - value: '5432' - - name: AWS_DEFAULT_REGION - value: eu-central-1 - - name: AWS_ACCESS_KEY_ID_FILE - value: /var/run/secrets/backup-secrets/aws-access-key-id - - name: AWS_SECRET_ACCESS_KEY_FILE - value: /var/run/secrets/backup-secrets/aws-secret-access-key - - name: RESTIC_REPOSITORY - valueFrom: - configMapKeyRef: - name: backup-config - key: restic-repository - - name: RESTIC_PASSWORD_FILE - value: /var/run/secrets/backup-secrets/restic-password - volumeMounts: - - name: cloud-data-volume - mountPath: /var/backups - - name: backup-secret-volume - mountPath: /var/run/secrets/backup-secrets - readOnly: true - - name: cloud-secret-volume - mountPath: /var/run/secrets/cloud-secrets - readOnly: true - volumes: - - name: cloud-data-volume - persistentVolumeClaim: - claimName: cloud-pvc - - name: cloud-secret-volume - secret: - secretName: cloud-secret - - name: backup-secret-volume - secret: - secretName: backup-secret - restartPolicy: OnFailure - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: backup-restore -spec: - replicas: 0 - selector: - matchLabels: - app: backup-restore - strategy: - type: Recreate - template: - metadata: - labels: - app: backup-restore - app.kubernetes.io/name: backup-restore - app.kubernetes.io/part-of: cloud - spec: - containers: - - name: backup-app - image: domaindrivenarchitecture/c4k-cloud-backup - imagePullPolicy: IfNotPresent - command: - - /entrypoint-start-and-wait.sh - env: - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: postgres-secret - key: postgres-user - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: postgres-secret - key: postgres-password - - name: POSTGRES_DB - valueFrom: - configMapKeyRef: - name: postgres-config - key: postgres-db - - name: POSTGRES_HOST - value: postgresql-service:5432 - - name: POSTGRES_SERVICE - value: postgresql-service - - name: POSTGRES_PORT - value: '5432' - - name: AWS_DEFAULT_REGION - value: eu-central-1 - - name: AWS_ACCESS_KEY_ID_FILE - value: /var/run/secrets/backup-secrets/aws-access-key-id - - name: AWS_SECRET_ACCESS_KEY_FILE - value: /var/run/secrets/backup-secrets/aws-secret-access-key - - name: RESTIC_REPOSITORY - valueFrom: - configMapKeyRef: - name: backup-config - key: restic-repository - - name: RESTIC_PASSWORD_FILE - value: /var/run/secrets/backup-secrets/restic-password - volumeMounts: - - name: cloud-data-volume - mountPath: /var/backups - - name: backup-secret-volume - mountPath: /var/run/secrets/backup-secrets - readOnly: true - - name: cloud-secret-volume - mountPath: /var/run/secrets/cloud-secrets - readOnly: true - volumes: - - name: cloud-data-volume - persistentVolumeClaim: - claimName: cloud-pvc - - name: cloud-secret-volume - secret: - secretName: cloud-secret - - name: backup-secret-volume - secret: - secretName: backup-secret - diff --git a/valid-config.edn b/valid-config.edn index 4d95c1c..87ebb80 100644 --- a/valid-config.edn +++ b/valid-config.edn @@ -1,5 +1,5 @@ -{:fqdn "cloudhost" +{:fqdn "cloud.test.meissa-gmbh.de" :issuer :staging :nextcloud-data-volume-path "/var/cloud" :postgres-data-volume-path "/var/postgres" - :restic-repository "s3://k3stesthost:mybucket"} \ No newline at end of file + :restic-repository "s3:s3.amazonaws.com/your-bucket/your-folder"} \ No newline at end of file