diff options
| author | Xe Iaso <me@xeiaso.net> | 2024-11-09 10:50:59 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-11-09 10:50:59 -0500 |
| commit | 20d07c7005665f8e2001b4cbd24e15ec589d9882 (patch) | |
| tree | 8b98d1446c6d9e42bc2621e633543e0420f43541 /manifest/xesite | |
| parent | 2b349f56cb20420dd153f40f22b3654b5079100f (diff) | |
| download | xesite-20d07c7005665f8e2001b4cbd24e15ec589d9882.tar.xz xesite-20d07c7005665f8e2001b4cbd24e15ec589d9882.zip | |
Move to Kubernetes (#853)
* start to lift-and-shift to k8s
Signed-off-by: Xe Iaso <me@xeiaso.net>
* manifest/xesite: properly configure pod disruption budget, hostmount for xesite as a hack
Signed-off-by: Xe Iaso <me@xeiaso.net>
* properly slonk readiness
Signed-off-by: Xe Iaso <me@xeiaso.net>
* manifest: move to aeacus
Signed-off-by: Xe Iaso <me@xeiaso.net>
* internal: add OnionLocation middleware
Signed-off-by: Xe Iaso <me@xeiaso.net>
* internal/lume: jettison serving from the zipfile
Signed-off-by: Xe Iaso <me@xeiaso.net>
* yolo deploy to prod
Signed-off-by: Xe Iaso <me@xeiaso.net>
* okay use a machineproxy here
Signed-off-by: Xe Iaso <me@xeiaso.net>
* test CI/CD
Signed-off-by: Xe Iaso <me@xeiaso.net>
* try civo route
Signed-off-by: Xe Iaso <me@xeiaso.net>
* lol
Signed-off-by: Xe Iaso <me@xeiaso.net>
* plan c?
Signed-off-by: Xe Iaso <me@xeiaso.net>
* specify the region
Signed-off-by: Xe Iaso <me@xeiaso.net>
* lol
Signed-off-by: Xe Iaso <me@xeiaso.net>
* blog: hello again kubernetes!
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Diffstat (limited to 'manifest/xesite')
| -rw-r--r-- | manifest/xesite/1password.yaml | 6 | ||||
| -rw-r--r-- | manifest/xesite/cache-pvc.yaml | 13 | ||||
| -rw-r--r-- | manifest/xesite/deployment.yaml | 70 | ||||
| -rw-r--r-- | manifest/xesite/ingress.yaml | 35 | ||||
| -rw-r--r-- | manifest/xesite/kustomization.yaml | 9 | ||||
| -rw-r--r-- | manifest/xesite/machineproxy.yaml | 9 | ||||
| -rw-r--r-- | manifest/xesite/onionservice.yaml | 17 | ||||
| -rw-r--r-- | manifest/xesite/pod-disruption-budget.yaml | 9 | ||||
| -rw-r--r-- | manifest/xesite/service.yaml | 18 |
9 files changed, 186 insertions, 0 deletions
diff --git a/manifest/xesite/1password.yaml b/manifest/xesite/1password.yaml new file mode 100644 index 0000000..199c526 --- /dev/null +++ b/manifest/xesite/1password.yaml @@ -0,0 +1,6 @@ +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: xesite +spec: + itemPath: "vaults/lc5zo4zjz3if3mkeuhufjmgmui/items/ry2arlgm66sbms3po5s5tbuace"
\ No newline at end of file diff --git a/manifest/xesite/cache-pvc.yaml b/manifest/xesite/cache-pvc.yaml new file mode 100644 index 0000000..eb4792b --- /dev/null +++ b/manifest/xesite/cache-pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: xesite-cache +spec: + storageClassName: tigris + resources: + requests: + storage: 40Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + - ReadWriteMany diff --git a/manifest/xesite/deployment.yaml b/manifest/xesite/deployment.yaml new file mode 100644 index 0000000..6b44707 --- /dev/null +++ b/manifest/xesite/deployment.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: xesite +spec: + selector: + matchLabels: + app.kubernetes.io/name: xesite + template: + metadata: + labels: + app.kubernetes.io/name: xesite + spec: + volumes: + - name: cache + persistentVolumeClaim: + claimName: xesite-cache + - name: data + hostPath: + path: /data/xesite + type: DirectoryOrCreate + containers: + - name: web + image: ghcr.io/xe/site/bin:latest + imagePullPolicy: Always + env: + - name: "BIND" + value: ":3000" + - name: "INTERNAL_API_BIND" + value: ":3001" + - name: "DATA_DIR" + value: "/xe/data" + - name: "SITE_URL" + value: "https://xeiaso.net" + - name: "ONION_DOMAIN" + value: "gi3bsuc5ci2dr4xbh5b3kja5c6p5zk226ymgszzx7ngmjpc25tmnhaqd.onion" + - name: "REDIRECT_DOMAIN" + value: "xeiaso.net" + - name: "PATREON_SAASPROXY_URL" + value: "http://xesite-patreon-saasproxy.default.svc" + envFrom: + - secretRef: + name: xesite + ports: + - containerPort: 3000 + name: http + volumeMounts: + - mountPath: "/xe/data" + name: data + #- mountPath: "/root/.cache" + # name: cache + readinessProbe: + httpGet: + path: /healthz + port: 3001 + httpHeaders: + - name: X-Kubernetes + value: "Is alright, I guess" + initialDelaySeconds: 60 + periodSeconds: 5 + failureThreshold: 69 + livenessProbe: + httpGet: + path: /healthz + port: 3001 + httpHeaders: + - name: X-Kubernetes + value: "Is alright, I guess" + initialDelaySeconds: 30 + periodSeconds: 30 diff --git a/manifest/xesite/ingress.yaml b/manifest/xesite/ingress.yaml new file mode 100644 index 0000000..7075631 --- /dev/null +++ b/manifest/xesite/ingress.yaml @@ -0,0 +1,35 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: xesite + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" + nginx.ingress.kubernetes.io/ssl-redirect: "true" +spec: + ingressClassName: nginx + tls: + - hosts: + - xeiaso.net + - christine.website + secretName: xeiaso-net-tls + rules: + - host: christine.website + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: xesite + port: + number: 80 + - host: xeiaso.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: xesite + port: + number: 80 diff --git a/manifest/xesite/kustomization.yaml b/manifest/xesite/kustomization.yaml new file mode 100644 index 0000000..58a3f8a --- /dev/null +++ b/manifest/xesite/kustomization.yaml @@ -0,0 +1,9 @@ +resources: + - 1password.yaml + - cache-pvc.yaml + - deployment.yaml + - ingress.yaml + - machineproxy.yaml + - onionservice.yaml + - pod-disruption-budget.yaml + - service.yaml
\ No newline at end of file diff --git a/manifest/xesite/machineproxy.yaml b/manifest/xesite/machineproxy.yaml new file mode 100644 index 0000000..f530cb2 --- /dev/null +++ b/manifest/xesite/machineproxy.yaml @@ -0,0 +1,9 @@ +apiVersion: glaceon.friendshipcastle.zip/v1alpha1 +kind: MachineProxy +metadata: + name: xesite-patreon-saasproxy +spec: + org: personal + region: sjc + target: http://xesite-patreon-saasproxy.flycast + port: 80
\ No newline at end of file diff --git a/manifest/xesite/onionservice.yaml b/manifest/xesite/onionservice.yaml new file mode 100644 index 0000000..6331887 --- /dev/null +++ b/manifest/xesite/onionservice.yaml @@ -0,0 +1,17 @@ +apiVersion: tor.k8s.torproject.org/v1alpha2 +kind: OnionService +metadata: + name: xesite +spec: + version: 3 + extraConfig: | + HiddenServiceNonAnonymousMode 1 + HiddenServiceSingleHopMode 1 + rules: + - port: + number: 80 + backend: + service: + name: xesite + port: + number: 80
\ No newline at end of file diff --git a/manifest/xesite/pod-disruption-budget.yaml b/manifest/xesite/pod-disruption-budget.yaml new file mode 100644 index 0000000..e6caa0f --- /dev/null +++ b/manifest/xesite/pod-disruption-budget.yaml @@ -0,0 +1,9 @@ +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: xesite +spec: + minAvailable: 1 + selector: + matchLabels: + app.kubernetes.io/name: xesite
\ No newline at end of file diff --git a/manifest/xesite/service.yaml b/manifest/xesite/service.yaml new file mode 100644 index 0000000..86b6217 --- /dev/null +++ b/manifest/xesite/service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: xesite + labels: + app.kubernetes.io/name: xesite +spec: + selector: + app.kubernetes.io/name: xesite + ports: + - port: 80 + targetPort: 3000 + protocol: TCP + name: http + - port: 8080 + targetPort: 3001 + protocol: TCP + name: internalapi |