cmd/future-sight: move to kustomize

Signed-off-by: Xe Iaso <me@xeiaso.net>
author: Xe Iaso <me@xeiaso.net> 2024-06-16 09:24:19 -0400
committer: Xe Iaso <me@xeiaso.net> 2024-06-16 09:24:33 -0400
commit: f8357c132c7457c23ed8e5ce654f3cd48ef0550f (patch)
tree: 69740de47189b4aebe05f7161b36c7b35d338b78 /cmd/future-sight
parent: 58d56c8906241805d161cd1e45f86d20555839d2 (diff)
download: x-f8357c132c7457c23ed8e5ce654f3cd48ef0550f.tar.xz
x-f8357c132c7457c23ed8e5ce654f3cd48ef0550f.zip
12 files changed, 246 insertions, 314 deletions
diff --git a/cmd/future-sight/manifest.yaml b/cmd/future-sight/manifest.yaml
deleted file mode 100644
index e866d0e..0000000
--- a/cmd/future-sight/manifest.yaml
+++ /dev/null
@@ -1,226 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: future-sight
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nats
-  namespace: future-sight
-spec:
-  replicas: 1
-  strategy: {}
-  selector:
-    matchLabels:
-      app: nats
-  template:
-    metadata:
-      labels:
-        app: nats
-    spec:
-      containers:
-        - name: nats
-          image: nats:2-alpine
-          ports:
-            - containerPort: 4222
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: nats
-  namespace: future-sight
-spec:
-  selector:
-    app: nats
-  ports:
-    - port: 4222
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: valkey-secret
-  namespace: future-sight
-  labels:
-    app: valkey
-data:
-  VALKEY_PASSWORD: hunter2
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: valkey
-  namespace: future-sight
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: valkey
-  template:
-    metadata:
-      labels:
-        app: valkey
-    spec:
-      containers:
-        - name: valkey
-          image: 'docker.io/bitnami/valkey:latest'
-          imagePullPolicy: Always
-          ports:
-            - containerPort: 6379
-          envFrom:
-            - configMapRef:
-                name: valkey-secret
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: valkey
-  namespace: future-sight
-  labels:
-    app: valkey
-spec:
-  type: ClusterIP
-  ports:
-    - port: 6379
-  selector:
-    app: valkey
----
-apiVersion: onepassword.com/v1
-kind: OnePasswordItem
-metadata:
-  name: tigris-creds
-  namespace: future-sight
-  labels:
-    app.kubernetes.io/name: future-sight
-spec:
-  itemPath: "vaults/Kubernetes/items/Tigris creds"
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: future-sight
-  namespace: future-sight
-  labels:
-    app.kubernetes.io/name: future-sight
-data:
-  BUCKET_NAME: xesite-preview-versions
-  DATA_DIR: /cache
-  NATS_URL: nats://nats:4222
-  VALKEY_HOST: valkey:6379
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: future-sight
-  namespace: future-sight
-  labels:
-    app.kubernetes.io/name: future-sight
-  annotations:
-    operator.1password.io/auto-restart: "true"
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: future-sight
-  template:
-    metadata:
-      namespace: future-sight
-      labels:
-        app.kubernetes.io/name: future-sight
-    spec:
-      volumes:
-        - name: tigris
-          secret:
-            secretName: tigris-creds
-        - name: cache
-          emptyDir: {}
-      securityContext:
-        fsGroup: 1000
-      containers:
-        - name: main
-          image: ghcr.io/xe/x/future-sight:latest
-          imagePullPolicy: Always
-          resources:
-            limits:
-              cpu: "250m"
-              memory: "512Mi"
-            requests:
-              cpu: "100m"
-              memory: "256Mi"
-          securityContext:
-            runAsUser: 1000
-            runAsGroup: 1000
-            runAsNonRoot: true
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-                - ALL
-            seccompProfile:
-              type: RuntimeDefault
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: 8080
-              httpHeaders:
-                - name: X-Kubernetes
-                  value: "is kinda okay"
-            initialDelaySeconds: 3
-            periodSeconds: 3
-          volumeMounts:
-            - name: tigris
-              mountPath: /run/secrets/tigris
-            - name: cache
-              mountPath: /cache
-          envFrom:
-            - configMapRef:
-                name: valkey-secret
-            - configMapRef:
-                name: future-sight
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: future-sight
-  namespace: future-sight
-  labels:
-    app.kubernetes.io/name: future-sight
-spec:
-  selector:
-    app.kubernetes.io/name: future-sight
-  ports:
-    - protocol: TCP
-      port: 80
-      targetPort: 8081
-      name: web
-    - protocol: TCP
-      port: 8080
-      targetPort: 8080
-      name: api
-  type: ClusterIP
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: future-sight
-  namespace: future-sight
-  labels:
-    app.kubernetes.io/name: future-sight
-  annotations:
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-spec:
-  ingressClassName: nginx
-  tls:
-    - hosts:
-      - preview.xeiaso.net
-      secretName: preview-xeiaso-net-tls
-  rules:
-  - host: preview.xeiaso.net
-    http:
-      paths:
-      - pathType: Prefix
-        path: "/"
-        backend:
-          service:
-            name: future-sight
-            port: 
-              name: web
-\ No newline at end of file
diff --git a/cmd/future-sight/manifest.dev.yaml b/cmd/future-sight/manifest/dev/minio.yaml
index 49a71f6..7581f5a 100644
--- a/cmd/future-sight/manifest.dev.yaml
+++ b/cmd/future-sight/manifest/dev/minio.yaml
@@ -1,91 +1,4 @@
 apiVersion: v1
-kind: Namespace
-metadata:
-  name: future-sight
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nats
-  namespace: future-sight
-spec:
-  replicas: 1
-  strategy: {}
-  selector:
-    matchLabels:
-      app: nats
-  template:
-    metadata:
-      labels:
-        app: nats
-    spec:
-      containers:
-        - name: nats
-          image: nats:2-alpine
-          ports:
-            - containerPort: 4222
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: nats
-  namespace: future-sight
-spec:
-  selector:
-    app: nats
-  ports:
-    - port: 4222
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: valkey-secret
-  namespace: future-sight
-  labels:
-    app: valkey
-data:
-  VALKEY_PASSWORD: hunter2
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: valkey
-  namespace: future-sight
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: valkey
-  template:
-    metadata:
-      labels:
-        app: valkey
-    spec:
-      containers:
-        - name: valkey
-          image: 'docker.io/bitnami/valkey:latest'
-          imagePullPolicy: Always
-          ports:
-            - containerPort: 6379
-          envFrom:
-            - configMapRef:
-                name: valkey-secret
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: valkey
-  namespace: future-sight
-  labels:
-    app: valkey
-spec:
-  type: ClusterIP
-  ports:
-    - port: 6379
-  selector:
-    app: valkey
----
-apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: minio
diff --git a/cmd/future-sight/manifest/kustomization.yaml b/cmd/future-sight/manifest/kustomization.yaml
new file mode 100644
index 0000000..5d7ee96
--- /dev/null
+++ b/cmd/future-sight/manifest/kustomization.yaml
@@ -0,0 +1,8 @@
+resources:
+  - ./prod/namespace.yaml
+  - ./prod/nats.yaml
+  - ./prod/valkey.yaml
+  - ./dev/minio.yaml
+namespace: future-sight
+commonLabels:
+  app.kubernetes.io/name: future-sight
diff --git a/cmd/future-sight/manifest/prod/1password.yaml b/cmd/future-sight/manifest/prod/1password.yaml
new file mode 100644
index 0000000..393ecfa
--- /dev/null
+++ b/cmd/future-sight/manifest/prod/1password.yaml
@@ -0,0 +1,9 @@
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: tigris-creds
+  namespace: future-sight
+  labels:
+    app.kubernetes.io/name: future-sight
+spec:
+  itemPath: "vaults/Kubernetes/items/Tigris creds"
+\ No newline at end of file
diff --git a/cmd/future-sight/manifest/prod/deployment.yaml b/cmd/future-sight/manifest/prod/deployment.yaml
new file mode 100644
index 0000000..1294c52
--- /dev/null
+++ b/cmd/future-sight/manifest/prod/deployment.yaml
@@ -0,0 +1,81 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: future-sight
+  namespace: future-sight
+  labels:
+    app.kubernetes.io/name: future-sight
+data:
+  BUCKET_NAME: xesite-preview-versions
+  DATA_DIR: /cache
+  NATS_URL: nats://nats:4222
+  VALKEY_HOST: valkey:6379
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: future-sight
+  namespace: future-sight
+  labels:
+    app.kubernetes.io/name: future-sight
+  annotations:
+    operator.1password.io/auto-restart: "true"
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: future-sight
+  template:
+    metadata:
+      namespace: future-sight
+      labels:
+        app.kubernetes.io/name: future-sight
+    spec:
+      volumes:
+        - name: tigris
+          secret:
+            secretName: tigris-creds
+        - name: cache
+          emptyDir: {}
+      securityContext:
+        fsGroup: 1000
+      containers:
+        - name: main
+          image: ghcr.io/xe/x/future-sight:latest
+          imagePullPolicy: Always
+          resources:
+            limits:
+              cpu: "250m"
+              memory: "512Mi"
+            requests:
+              cpu: "100m"
+              memory: "256Mi"
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8080
+              httpHeaders:
+                - name: X-Kubernetes
+                  value: "is kinda okay"
+            initialDelaySeconds: 3
+            periodSeconds: 3
+          volumeMounts:
+            - name: tigris
+              mountPath: /run/secrets/tigris
+            - name: cache
+              mountPath: /cache
+          envFrom:
+            - configMapRef:
+                name: valkey-secret
+            - configMapRef:
+                name: future-sight
+\ No newline at end of file
diff --git a/cmd/future-sight/manifest/prod/ingress.yaml b/cmd/future-sight/manifest/prod/ingress.yaml
new file mode 100644
index 0000000..5b31f35
--- /dev/null
+++ b/cmd/future-sight/manifest/prod/ingress.yaml
@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: future-sight
+  namespace: future-sight
+  labels:
+    app.kubernetes.io/name: future-sight
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+      - preview.xeiaso.net
+      secretName: preview-xeiaso-net-tls
+  rules:
+  - host: preview.xeiaso.net
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: future-sight
+            port: 
+              name: web
+\ No newline at end of file
diff --git a/cmd/future-sight/manifest/prod/kustomization.yaml b/cmd/future-sight/manifest/prod/kustomization.yaml
new file mode 100644
index 0000000..026e648
--- /dev/null
+++ b/cmd/future-sight/manifest/prod/kustomization.yaml
@@ -0,0 +1,11 @@
+resources:
+  - namespace.yaml
+  - 1password.yaml
+  - deployment.yaml
+  - service.yaml
+  - ingress.yaml
+  - nats.yaml
+  - valkey.yaml
+namespace: future-sight
+commonLabels:
+  app.kubernetes.io/name: future-sight
diff --git a/cmd/future-sight/manifest/prod/namespace.yaml b/cmd/future-sight/manifest/prod/namespace.yaml
new file mode 100644
index 0000000..240ee6b
--- /dev/null
+++ b/cmd/future-sight/manifest/prod/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: future-sight
+\ No newline at end of file
diff --git a/cmd/future-sight/manifest/prod/nats.yaml b/cmd/future-sight/manifest/prod/nats.yaml
new file mode 100644
index 0000000..93c3b4b
--- /dev/null
+++ b/cmd/future-sight/manifest/prod/nats.yaml
@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nats
+  namespace: future-sight
+  labels:
+    xeiaso.net/role: nats
+spec:
+  replicas: 1
+  strategy: {}
+  selector:
+    matchLabels:
+      xeiaso.net/role: nats
+  template:
+    metadata:
+      labels:
+        xeiaso.net/role: nats
+    spec:
+      containers:
+        - name: nats
+          image: nats:2-alpine
+          ports:
+            - containerPort: 4222
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nats
+  namespace: future-sight
+  labels:
+    xeiaso.net/role: valkey
+spec:
+  selector:
+    xeiaso.net/role: nats
+  ports:
+    - port: 4222
+\ No newline at end of file
diff --git a/cmd/future-sight/manifest/prod/service.yaml b/cmd/future-sight/manifest/prod/service.yaml
new file mode 100644
index 0000000..4c518ae
--- /dev/null
+++ b/cmd/future-sight/manifest/prod/service.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: future-sight
+  namespace: future-sight
+  labels:
+    app.kubernetes.io/name: future-sight
+spec:
+  selector:
+    app.kubernetes.io/name: future-sight
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8081
+      name: web
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080
+      name: api
+  type: ClusterIP
+\ No newline at end of file
diff --git a/cmd/future-sight/manifest/prod/valkey.yaml b/cmd/future-sight/manifest/prod/valkey.yaml
new file mode 100644
index 0000000..fda0872
--- /dev/null
+++ b/cmd/future-sight/manifest/prod/valkey.yaml
@@ -0,0 +1,50 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: valkey-secret
+  namespace: future-sight
+  labels:
+    xeiaso.net/role: valkey
+data:
+  VALKEY_PASSWORD: hunter2
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: valkey
+  namespace: future-sight
+  labels:
+    xeiaso.net/role: valkey
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      xeiaso.net/role: valkey
+  template:
+    metadata:
+      labels:
+        xeiaso.net/role: valkey
+    spec:
+      containers:
+        - name: valkey
+          image: 'docker.io/bitnami/valkey:latest'
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 6379
+          envFrom:
+            - configMapRef:
+                name: valkey-secret
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: valkey
+  namespace: future-sight
+  labels:
+    xeiaso.net/role: valkey
+spec:
+  type: ClusterIP
+  ports:
+    - port: 6379
+  selector:
+    xeiaso.net/role: valkey
+\ No newline at end of file
diff --git a/cmd/future-sight/yeetfile.js b/cmd/future-sight/yeetfile.js
index 1b31c6c..1355cd6 100644
--- a/cmd/future-sight/yeetfile.js
+++ b/cmd/future-sight/yeetfile.js
@@ -1,5 +1,5 @@
 nix.build(".#docker.future-sight");
 docker.load("./result");
 docker.push(`ghcr.io/xe/x/future-sight`);
-yeet.run("kubectl", "apply", "-f=manifest.yaml");
+yeet.run("kubectl", "apply", "-k=manifest/prod");
 yeet.run("sh", "-c", "kubectl rollout restart -n future-sight deployments/future-sight");
author	Xe Iaso <me@xeiaso.net>	2024-06-16 09:24:19 -0400
committer	Xe Iaso <me@xeiaso.net>	2024-06-16 09:24:33 -0400
commit	f8357c132c7457c23ed8e5ce654f3cd48ef0550f (patch)
tree	69740de47189b4aebe05f7161b36c7b35d338b78 /cmd/future-sight
parent	58d56c8906241805d161cd1e45f86d20555839d2 (diff)
download	x-f8357c132c7457c23ed8e5ce654f3cd48ef0550f.tar.xz x-f8357c132c7457c23ed8e5ce654f3cd48ef0550f.zip