kube/alrest: add static sites

Signed-off-by: Xe Iaso <me@xeiaso.net>
author: Xe Iaso <me@xeiaso.net> 2024-09-08 10:36:58 -0400
committer: Xe Iaso <me@xeiaso.net> 2024-09-08 10:36:58 -0400
commit: d1f4cb439f3ef7ac5cee30b54282afdae1bc34ef (patch)
tree: 651511e3e7a5f1ec767f4548674038abf90f7303
parent: 1390f431adc4c50df6de43450a31aa2d9f8b42b5 (diff)
download: x-d1f4cb439f3ef7ac5cee30b54282afdae1bc34ef.tar.xz
x-d1f4cb439f3ef7ac5cee30b54282afdae1bc34ef.zip
16 files changed, 333 insertions, 16 deletions
diff --git a/kube/alrest/core/external-dns/1password.yaml b/kube/alrest/core/external-dns/1password.yaml
index ead83ea..edf8e0e 100644
--- a/kube/alrest/core/external-dns/1password.yaml
+++ b/kube/alrest/core/external-dns/1password.yaml
@@ -4,4 +4,12 @@ metadata:
   name: aws-creds
   namespace: external-dns
 spec:
+  itemPath: "vaults/lc5zo4zjz3if3mkeuhufjmgmui/items/3xn7uf73xnzholrfk6tla5rhpa"
+---
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: aws-creds
+  namespace: cert-manager
+spec:
   itemPath: "vaults/lc5zo4zjz3if3mkeuhufjmgmui/items/3xn7uf73xnzholrfk6tla5rhpa"
 \ No newline at end of file
diff --git a/kube/alrest/core/external-dns/prod-issuer.yaml b/kube/alrest/core/external-dns/prod-issuer.yaml
index d8eeaf9..29572f5 100644
--- a/kube/alrest/core/external-dns/prod-issuer.yaml
+++ b/kube/alrest/core/external-dns/prod-issuer.yaml
@@ -13,6 +13,12 @@ spec:
       name: letsencrypt-prod
     # Enable the HTTP-01 challenge provider
     solvers:
-      - http01:
-          ingress:
-            ingressClassName: nginx
-\ No newline at end of file
+      - dns01:
+          route53:
+            region: ca-central-1
+            accessKeyIDSecretRef:
+              name: aws-creds
+              key: AWS_ACCESS_KEY_ID
+            secretAccessKeySecretRef:
+              name: aws-creds
+              key: AWS_SECRET_ACCESS_KEY
+\ No newline at end of file
diff --git a/kube/alrest/gitea/pvc.yaml b/kube/alrest/gitea/pvc.yaml
index 78c3a60..7c7515e 100644
--- a/kube/alrest/gitea/pvc.yaml
+++ b/kube/alrest/gitea/pvc.yaml
@@ -5,6 +5,7 @@ metadata:
 spec:
   accessModes:
     - ReadWriteOnce
+    - ReadWriteMany
   storageClassName: longhorn
   resources:
     requests:
diff --git a/kube/alrest/gitea/runner.yaml b/kube/alrest/gitea/runner.yaml
index 12b5ba2..005840b 100644
--- a/kube/alrest/gitea/runner.yaml
+++ b/kube/alrest/gitea/runner.yaml
@@ -1,14 +1,3 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: act-runner-vol
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
----
 apiVersion: v1
 kind: Secret
 metadata:
@@ -31,7 +20,6 @@ spec:
   strategy: {}
   template:
     metadata:
-      creationTimestamp: null
       labels:
         app.kubernetes.io/name: act-runner
     spec:
@@ -41,7 +29,7 @@ spec:
         emptyDir: {}
       - name: runner-data
         persistentVolumeClaim:
-          claimName: act-runner-vol
+          claimName: gitea
       containers:
       - name: runner
         image: gitea/act_runner:nightly
@@ -65,6 +53,7 @@ spec:
           mountPath: /certs
         - name: runner-data
           mountPath: /data
+          subPath: "actions"
       - name: dockerd
         image: docker:27.0.2-dind
         env:
diff --git a/kube/alrest/kustomization.yaml b/kube/alrest/kustomization.yaml
index c22f3af..e2f8a8e 100644
--- a/kube/alrest/kustomization.yaml
+++ b/kube/alrest/kustomization.yaml
@@ -2,5 +2,6 @@ resources:
   - core
   - ollama
   - pvfm
+  - staticsites
   - vms
   - x
 \ No newline at end of file
diff --git a/kube/alrest/minio/deployment.yaml b/kube/alrest/minio/deployment.yaml
new file mode 100644
index 0000000..a67d508
--- /dev/null
+++ b/kube/alrest/minio/deployment.yaml
@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: minio
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: minio
+  template:
+    metadata:
+      labels:
+        app: minio
+    spec:
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: minio
+      containers:
+      - name: minio
+        volumeMounts:
+        - name: data 
+          mountPath: /data
+        image: minio/minio
+        args:
+        - server
+        - /data
+        - --console-address=:9001
+        env:
+        - name: MINIO_ROOT_USER
+          value: root
+        - name: MINIO_ROOT_PASSWORD
+          value: hunter22
+        ports:
+        - containerPort: 9000
+          hostPort: 9000
+          name: http
+        - containerPort: 9001
+          hostPort: 9001
+          name: webui
+\ No newline at end of file
diff --git a/kube/alrest/minio/kustomization.yaml b/kube/alrest/minio/kustomization.yaml
new file mode 100644
index 0000000..14dd267
--- /dev/null
+++ b/kube/alrest/minio/kustomization.yaml
@@ -0,0 +1,4 @@
+resources:
+- ./deployment.yaml
+- ./pvc.yaml
+- ./service.yaml
+\ No newline at end of file
diff --git a/kube/alrest/minio/pvc.yaml b/kube/alrest/minio/pvc.yaml
new file mode 100644
index 0000000..249e993
--- /dev/null
+++ b/kube/alrest/minio/pvc.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: minio
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: itsuki
+  resources:
+    requests:
+      storage: 100Gi
+\ No newline at end of file
diff --git a/kube/alrest/minio/service.yaml b/kube/alrest/minio/service.yaml
new file mode 100644
index 0000000..9d888ab
--- /dev/null
+++ b/kube/alrest/minio/service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: minio
+spec:
+  type: ClusterIP
+  ports:
+    - name: http
+      port: 80
+      targetPort: 9000
+      protocol: TCP
+    - name: webui
+      port: 8080
+      targetPort: 9001
+      protocol: TCP
+  selector:
+    app: minio
+\ No newline at end of file
diff --git a/kube/alrest/staticsites/caddy1/Dockerfile b/kube/alrest/staticsites/caddy1/Dockerfile
new file mode 100644
index 0000000..92f9443
--- /dev/null
+++ b/kube/alrest/staticsites/caddy1/Dockerfile
@@ -0,0 +1,13 @@
+FROM debian:bookworm AS build
+
+WORKDIR /app
+RUN mkdir -p /app
+ADD https://github.com/caddyserver/caddy/releases/download/v1.0.4/caddy_v1.0.4_linux_amd64.tar.gz /app/caddy1.tgz
+RUN tar xf /app/caddy1.tgz
+
+FROM debian:bookworm
+LABEL org.opencontainers.image.source="https://github.com/Xe/x"
+WORKDIR /app
+RUN mkdir -p /app/bin
+COPY --from=build /app/caddy /app/bin/caddy
+CMD ["/app/bin/caddy", "-port", "8080", "-agree", "-conf", "/app/etc/Caddyfile"]
+\ No newline at end of file
diff --git a/kube/alrest/staticsites/caddy1/caddy.yaml b/kube/alrest/staticsites/caddy1/caddy.yaml
new file mode 100644
index 0000000..58c25d0
--- /dev/null
+++ b/kube/alrest/staticsites/caddy1/caddy.yaml
@@ -0,0 +1,112 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: caddy
+data:
+  Caddyfile: |
+    lewa.within.website:8080 {
+      tls off
+      errors stdout
+
+      root /srv/http/lewa
+    }
+
+    xena.greedo.xeserv.us:8080 {
+      tls off
+      errors stdout
+
+      header / X-Clacks-Overhead "GNU Ashlynn"
+
+      root /srv/http/xena.greedo.xeserv.us
+      markdown / {
+        template blog templates/blog.html
+        template index templates/index.html
+      }
+
+      browse
+    }
+
+    xn--u7hz981o.ws:8080 {
+      tls off
+      errors stdout
+
+      header / X-Clacks-Overhead "GNU Ashlynn"
+
+      internal /templates
+
+      root /srv/http/xn--u7hz981o.ws
+      markdown / {
+        template index templates/index.html
+        template page templates/page.html
+      }
+    }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: caddy
+  labels:
+    app: caddy
+spec:
+  selector:
+    matchLabels:
+      app: caddy
+  template:
+    metadata:
+      labels:
+        app: caddy
+    spec:
+      volumes:
+        - name: config
+          configMap:
+            name: caddy
+        - name: lewa
+          persistentVolumeClaim:
+            claimName: lewa
+        - name: greedo
+          persistentVolumeClaim:
+            claimName: xena-greedo-xeserv-us
+        - name: xn--u7hz981o
+          persistentVolumeClaim:
+            claimName: xn--u7hz981o
+      containers:
+        - name: caddy
+          image: ghcr.io/xe/x/caddy1
+          resources:
+            limits:
+              memory: "128Mi"
+              cpu: "500m"
+          ports:
+            - containerPort: 8080
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
+          volumeMounts:
+            - mountPath: "/app/etc"
+              name: config
+            - mountPath: "/srv/http/lewa"
+              name: lewa
+            - mountPath: "/srv/http/xn--u7hz981o.ws"
+              name: xn--u7hz981o
+            - mountPath: "/srv/http/xena.greedo.xeserv.us"
+              name: greedo
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: caddy
+spec:
+  selector:
+    app: caddy
+  ports:
+    - port: 80
+      targetPort: 8080
+      name: http
+---
diff --git a/kube/alrest/staticsites/caddy1/kustomization.yaml b/kube/alrest/staticsites/caddy1/kustomization.yaml
new file mode 100644
index 0000000..8c6c4a8
--- /dev/null
+++ b/kube/alrest/staticsites/caddy1/kustomization.yaml
@@ -0,0 +1,5 @@
+resources:
+  - caddy.yaml
+  - lewa.yaml
+  - xena-greedo.yaml
+  - xn--u7hz981o.yaml
+\ No newline at end of file
diff --git a/kube/alrest/staticsites/caddy1/lewa.yaml b/kube/alrest/staticsites/caddy1/lewa.yaml
new file mode 100644
index 0000000..62a5df3
--- /dev/null
+++ b/kube/alrest/staticsites/caddy1/lewa.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: lewa
+spec:
+  storageClassName: "tigris"
+  resources:
+    requests:
+      storage: 512Mi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: lewa-within-website
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - lewa.within.website
+      secretName: lewa-within-website-public-tls
+  rules:
+    - host: lewa.within.website
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: caddy
+                port:
+                  name: http
+\ No newline at end of file
diff --git a/kube/alrest/staticsites/caddy1/xena-greedo.yaml b/kube/alrest/staticsites/caddy1/xena-greedo.yaml
new file mode 100644
index 0000000..c5e66cf
--- /dev/null
+++ b/kube/alrest/staticsites/caddy1/xena-greedo.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: xena-greedo-xeserv-us
+spec:
+  storageClassName: "itsuki"
+  resources:
+    requests:
+      storage: 512Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: xena-greedo-xeserv-us
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - xena.greedo.xeserv.us
+      secretName: xena-greedo-xeserv-us-public-tls
+  rules:
+    - host: xena.greedo.xeserv.us
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: caddy
+                port:
+                  name: http
+\ No newline at end of file
diff --git a/kube/alrest/staticsites/caddy1/xn--u7hz981o.yaml b/kube/alrest/staticsites/caddy1/xn--u7hz981o.yaml
new file mode 100644
index 0000000..30b0bd2
--- /dev/null
+++ b/kube/alrest/staticsites/caddy1/xn--u7hz981o.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: xn--u7hz981o
+spec:
+  storageClassName: "itsuki"
+  resources:
+    requests:
+      storage: 512Mi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: xn--u7hz981o
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - xn--u7hz981o.ws
+      secretName: xn--u7hz981o-ws-public-tls
+  rules:
+    - host: xn--u7hz981o.ws
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: caddy
+                port:
+                  name: http
diff --git a/kube/alrest/staticsites/kustomization.yaml b/kube/alrest/staticsites/kustomization.yaml
new file mode 100644
index 0000000..a8aa3cb
--- /dev/null
+++ b/kube/alrest/staticsites/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+  - caddy1
+\ No newline at end of file
author	Xe Iaso <me@xeiaso.net>	2024-09-08 10:36:58 -0400
committer	Xe Iaso <me@xeiaso.net>	2024-09-08 10:36:58 -0400
commit	d1f4cb439f3ef7ac5cee30b54282afdae1bc34ef (patch)
tree	651511e3e7a5f1ec767f4548674038abf90f7303
parent	1390f431adc4c50df6de43450a31aa2d9f8b42b5 (diff)
download	x-d1f4cb439f3ef7ac5cee30b54282afdae1bc34ef.tar.xz x-d1f4cb439f3ef7ac5cee30b54282afdae1bc34ef.zip