diff --git a/k8s/nginx/default.conf b/k8s/nginx/default.conf deleted file mode 100644 index e03a576..0000000 --- a/k8s/nginx/default.conf +++ /dev/null @@ -1,38 +0,0 @@ -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name {{ tpl .Values.fqdn . }}; - - # Use Mozilla's guidelines for SSL/TLS settings - # https://mozilla.github.io/server-side-tls/ssl-config-generator/ - ssl_certificate /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/privkey.pem; - - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - error_log /dev/stdout info; - access_log /dev/stdout; - - root /opt/zammad/public; - - location / { - # proxy_set_header Host $http_host; - # proxy_set_header CLIENT_IP $remote_addr; - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # proxy_set_header X-Forwarded-Proto $scheme; - - # # Change this line in an SSO setup - # proxy_set_header X-Forwarded-User ""; - - # proxy_read_timeout 300; - proxy_pass http://localhost:8000; - - # gzip on; - # gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml; - # gzip_proxied any; - } -} diff --git a/k8s/templates/deployment.yaml b/k8s/templates/deployment.yaml index 11b98ef..531ec9a 100644 --- a/k8s/templates/deployment.yaml +++ b/k8s/templates/deployment.yaml @@ -1,64 +1,6 @@ --- apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ .Release.Name }}-postgres -spec: - selector: - matchLabels: - instance: {{ .Release.Name }}-postgres - replicas: 1 - strategy: - type: Recreate - template: - metadata: - labels: - app: postgres - instance: {{ .Release.Name }}-postgres - hosting: {{ .Release.Name }} - spec: - containers: - - name: postgres - image: postgres:14 - ports: - - containerPort: 5432 - envFrom: - - secretRef: - name: {{ .Release.Name }}-postgres-config - volumeMounts: - - name: postgres-data - mountPath: "/var/lib/postgresql/data" - subPath: postgres - resources: - requests: - memory: "64Mi" - cpu: "100m" - limits: - memory: "256Mi" - cpu: "400m" - volumes: - - name: postgres-data - persistentVolumeClaim: - claimName: {{ .Release.Name }}-postgres-data ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Release.Name }}-postgres - labels: - instance: {{ .Release.Name }}-postgres - app: postgres - hosting: {{ .Release.Name }} -spec: - type: ClusterIP - ports: - - port: 5432 - name: postgres - selector: - instance: {{ .Release.Name }}-postgres ---- -apiVersion: apps/v1 -kind: Deployment metadata: name: {{ .Release.Name }}-uncloud spec: @@ -77,49 +19,11 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/nginxconf.yaml") . | sha256sum }} spec: containers: - - name: nginx - image: ungleich/ungleich-certbot:0.3.2 - ports: - - containerPort: 443 - name: https - - containerPort: 80 - name: http - env: - - name: DOMAIN - value: "{{ tpl .Values.fqdn . }}" - - name: EMAIL - value: "{{ .Values.email }}" - - name: NGINX - value: "yes" - {{ if eq .Values.letsencryptStaging "no" }} - - name: STAGING - value: "no" - {{ end }} - volumeMounts: - - name: nginx-config - mountPath: "/etc/nginx/conf.d/" - - name: etcletsencrypt - mountPath: "/etc/letsencrypt" - name: uncloud image: harbor.ungleich.svc.p10.k8s.ooo/ungleich-public/uncloud:{{ .Chart.AppVersion }} ports: - containerPort: 3000 - securityContext: - capabilities: - add: - - SYS_CHROOT env: - - name: USER_UID - value: "1000" - - name: USER_GID - value: "1000" - - name: UNCLOUD__server__DOMAIN - value: "{{ tpl .Values.fqdn . }}" - # Require, otherwise the port :3000 is included - - name: UNCLOUD__server__ROOT_URL - value: "https://{{ tpl .Values.fqdn . }}" - - name: UNCLOUD__database__DB_TYPE - value: "postgres" - name: UNCLOUD__database__HOST value: {{ .Release.Name }}-postgres - name: UNCLOUD__database__NAME @@ -144,12 +48,6 @@ spec: - name: data persistentVolumeClaim: claimName: {{ .Release.Name }}-data - - name: etcletsencrypt - persistentVolumeClaim: - claimName: {{ .Release.Name }}-letsencrypt-certs - - name: nginx-config - configMap: - name: {{ .Release.Name }}-nginx-config --- apiVersion: v1 kind: Service @@ -160,12 +58,8 @@ metadata: spec: type: ClusterIP ports: - - port: 22 - name: ssh - - port: 80 - name: http - - port: 443 - name: https + - port: 8000 + name: django selector: use-as-service: {{ .Release.Name }} --- diff --git a/k8s/templates/nginxconf.yaml b/k8s/templates/nginxconf.yaml deleted file mode 100644 index 49f9969..0000000 --- a/k8s/templates/nginxconf.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-nginx-config -data: -{{ tpl (.Files.Glob "nginx/*").AsConfig . | indent 2 }} diff --git a/k8s/templates/postgres.yaml b/k8s/templates/postgres.yaml new file mode 100644 index 0000000..451fb37 --- /dev/null +++ b/k8s/templates/postgres.yaml @@ -0,0 +1,76 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-postgres + labels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: postgres +spec: + selector: + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: postgres + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: postgres + spec: + containers: + - name: postgres + image: postgres:14 + ports: + - containerPort: 5432 + envFrom: + - secretRef: + name: {{ .Release.Name }}-postgres-config + volumeMounts: + - name: postgres-data + mountPath: "/var/lib/postgresql/data" + subPath: postgres + resources: + requests: + memory: "64Mi" + cpu: "100m" + limits: + memory: "256Mi" + cpu: "400m" + volumes: + - name: postgres-data + persistentVolumeClaim: + claimName: {{ .Release.Name }}-postgres-data +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-postgres + labels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: postgres +spec: + type: ClusterIP + ports: + - port: 5432 + name: postgres + selector: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: postgres +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-postgres-config + annotations: + secret-generator.v1.mittwald.de/autogenerate: POSTGRES_PASSWORD + hosting: {{ .Release.Name }} + labels: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: postgres +stringData: + POSTGRES_USER: "{{ .Values.postgresUser }}" + POSTGRES_DB: "{{ .Values.postgresDBName }}" + POSTGRES_INITDB_ARGS: "--no-locale --encoding=UTF8" diff --git a/k8s/templates/pvc.yaml b/k8s/templates/pvc.yaml index cac24f4..f2dbd85 100644 --- a/k8s/templates/pvc.yaml +++ b/k8s/templates/pvc.yaml @@ -22,15 +22,3 @@ spec: requests: storage: {{ .Values.storage.db.size }} storageClassName: {{ .Values.storage.db.storageClass }} ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ .Release.Name }}-letsencrypt-certs -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.storage.letsencrypt.size }} - storageClassName: {{ .Values.storage.letsencrypt.storageClass }}