From b63e21587f80fd05a7245ae3d5d112414ab3a73d Mon Sep 17 00:00:00 2001 From: Nathan Rashleigh Date: Sat, 20 Jan 2024 22:17:45 +1100 Subject: [PATCH] spacerace.systems moved --- README.md | 2 + crates/crates.ingress.yaml | 58 +++++++++ crates.yaml => crates/crates.yaml | 70 ++-------- kustomization.yaml | 9 -- mnml/mnml.gg-zone.txt | 13 ++ mnml/mnml.ingress.yaml | 85 ++++++++++++ mnml.yaml => mnml/mnml.yaml | 97 +++----------- nginx-ingress/cert-manager.yaml | 43 +++++++ registry/generate_auth.sh | 42 ++++++ registry/registry.ingress.yaml | 26 ++++ registry/registry.yaml | 142 +++++++++++++++++++++ spacerace/spacerace.ingress.yaml | 27 ++++ spacerace.yaml => spacerace/spacerace.yaml | 6 +- 13 files changed, 470 insertions(+), 150 deletions(-) create mode 100644 crates/crates.ingress.yaml rename crates.yaml => crates/crates.yaml (75%) delete mode 100644 kustomization.yaml create mode 100644 mnml/mnml.gg-zone.txt create mode 100644 mnml/mnml.ingress.yaml rename mnml.yaml => mnml/mnml.yaml (71%) create mode 100644 nginx-ingress/cert-manager.yaml create mode 100755 registry/generate_auth.sh create mode 100644 registry/registry.ingress.yaml create mode 100644 registry/registry.yaml create mode 100644 spacerace/spacerace.ingress.yaml rename spacerace.yaml => spacerace/spacerace.yaml (93%) diff --git a/README.md b/README.md index 5ffa0a0..07326af 100644 --- a/README.md +++ b/README.md @@ -2,5 +2,7 @@ ## TODO +[x] private registry +[ ] secrets [ ] ntr-cv static containers [ ] grafana etc \ No newline at end of file diff --git a/crates/crates.ingress.yaml b/crates/crates.ingress.yaml new file mode 100644 index 0000000..4e052ec --- /dev/null +++ b/crates/crates.ingress.yaml @@ -0,0 +1,58 @@ +--- + +# ----------------------------------------------------------------------- +# INGRESS +# ----------------------------------------------------------------------- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: crates-client + annotations: + cert-manager.io/issuer: "letsencrypt-prod" +spec: + ingressClassName: nginx + tls: + - hosts: + - crates.strix.systems + secretName: crates-strix-systems-tls + rules: + - host: crates.strix.systems + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: crates-client + port: + number: 8080 + +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/issuer: "letsencrypt-prod" + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$2 + name: crates-api + namespace: default +spec: + ingressClassName: nginx + tls: + - hosts: + - crates.strix.systems + secretName: crates-strix-systems-tls + rules: + - host: crates.strix.systems + http: + paths: + - path: /api(/|$)(.*) + pathType: ImplementationSpecific + backend: + service: + name: crates-api + port: + number: 41337 diff --git a/crates.yaml b/crates/crates.yaml similarity index 75% rename from crates.yaml rename to crates/crates.yaml index 877e586..03ecb6e 100644 --- a/crates.yaml +++ b/crates/crates.yaml @@ -2,6 +2,8 @@ # VOLUMES # ----------------------------------------------------------------------- +--- + apiVersion: v1 kind: PersistentVolume metadata: @@ -9,15 +11,16 @@ metadata: spec: storageClassName: "" capacity: - storage: 1Gi + storage: 1Gi accessModes: - - ReadWriteOnce + - ReadWriteOnce persistentVolumeReclaimPolicy: Retain claimRef: - namespace: default - name: crates-postgres-pvc + namespace: default + name: crates-postgres-pvc hostPath: - path: "/home/ntr/strix/pvs/crates-postgres" # Specify the local path on your node + path: "/var/lib/rancher/k3s/storage/crates-postgres-pv" + type: DirectoryOrCreate --- @@ -26,6 +29,7 @@ apiVersion: v1 metadata: name: crates-postgres-pvc spec: + volumeName: crates-postgres-pv accessModes: - ReadWriteOnce resources: @@ -91,7 +95,7 @@ spec: spec: containers: - name: crates-api - image: crates-api + image: registry.strix.systems/crates-api imagePullPolicy: IfNotPresent ports: - containerPort: 80 @@ -123,7 +127,7 @@ spec: spec: containers: - name: crates-migrate - image: crates-api + image: registry.strix.systems/crates-api imagePullPolicy: IfNotPresent command: ["npx"] args: ["prisma", "migrate", "deploy"] @@ -149,7 +153,7 @@ spec: spec: containers: - name: crates-client - image: crates-client + image: registry.strix.systems/crates-client imagePullPolicy: IfNotPresent ports: - containerPort: 8080 @@ -193,53 +197,3 @@ spec: app: crates-client ports: - port: 8080 - - ---- - -# ----------------------------------------------------------------------- -# INGRESS -# ----------------------------------------------------------------------- - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: crates-client -spec: - ingressClassName: nginx - rules: - - host: crates.localdev.me - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: crates-client - port: - number: 8080 - ---- - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/use-regex: "true" - nginx.ingress.kubernetes.io/rewrite-target: /$2 - name: crates-api - namespace: default -spec: - ingressClassName: nginx - rules: - - host: crates.localdev.me - http: - paths: - - path: /api(/|$)(.*) - pathType: ImplementationSpecific - backend: - service: - name: crates-api - port: - number: 41337 - diff --git a/kustomization.yaml b/kustomization.yaml deleted file mode 100644 index d384e1f..0000000 --- a/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -resources: - - crates.yaml - -images: - - name: postgres - newName: postgres - newTag: "14" diff --git a/mnml/mnml.gg-zone.txt b/mnml/mnml.gg-zone.txt new file mode 100644 index 0000000..0dba64b --- /dev/null +++ b/mnml/mnml.gg-zone.txt @@ -0,0 +1,13 @@ +$ORIGIN mnml.gg. +$TTL 1800 +mnml.gg. IN SOA ns1.digitalocean.com. hostmaster.mnml.gg. 1572016807 10800 3600 604800 1800 +mnml.gg. 3600 IN A 165.22.108.84 +*.mnml.gg. 3600 IN A 165.22.108.84 +mnml.gg. 3600 IN MX 1 aspmx.l.google.com. +mnml.gg. 3600 IN MX 5 alt1.aspmx.l.google.com. +mnml.gg. 1800 IN NS ns1.digitalocean.com. +mnml.gg. 1800 IN NS ns2.digitalocean.com. +mnml.gg. 1800 IN NS ns3.digitalocean.com. +mnml.gg. 3600 IN TXT google-site-verification=oLCWheQjBhS7aI77fYh3_JXR1cECq4vVHd4dcIC5suU +_acme-challenge.mnml.gg. 30 IN TXT bl4Wx07rWi7TlVgc4wMmzJ2K0-CqSNlAIGXZAyP7_JE +_acme-challenge.mnml.gg. 30 IN TXT qsnnCtP1oJRFa9nicwy96OKEvZMh55AM0lXlW-gWlBE diff --git a/mnml/mnml.ingress.yaml b/mnml/mnml.ingress.yaml new file mode 100644 index 0000000..1035a2b --- /dev/null +++ b/mnml/mnml.ingress.yaml @@ -0,0 +1,85 @@ +--- +# ----------------------------------------------------------------------- +# INGRESS +# ----------------------------------------------------------------------- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: mnml-client + annotations: + cert-manager.io/issuer: "letsencrypt-prod" +spec: + ingressClassName: nginx + tls: + - hosts: + - mnml.strix.systems + secretName: mnml-strix-systems-tls + rules: + - host: mnml.strix.systems + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: mnml-client + port: + number: 8080 + +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: mnml-api + namespace: default + annotations: + cert-manager.io/issuer: "letsencrypt-prod" + nginx.org/websocket-services: "mnml-ws" +spec: + ingressClassName: nginx + tls: + - hosts: + - mnml.strix.systems + secretName: mnml-strix-systems-tls + rules: + - host: mnml.strix.systems + http: + paths: + - path: /api + pathType: Prefix + backend: + service: + name: mnml-api + port: + number: 40000 + +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: mnml-ws + annotations: + cert-manager.io/issuer: "letsencrypt-prod" + nginx.org/proxy-read-timeout: "3600" + nginx.org/proxy-send-timeout: "3600" + nginx.org/websocket-services: mnml-ws +spec: + ingressClassName: nginx + tls: + - hosts: + - mnml.strix.systems + secretName: mnml-strix-systems-tls + rules: + - host: mnml.strix.systems + http: + paths: + - path: /api/ws + pathType: Exact + backend: + service: + name: mnml-ws + port: + number: 40055 \ No newline at end of file diff --git a/mnml.yaml b/mnml/mnml.yaml similarity index 71% rename from mnml.yaml rename to mnml/mnml.yaml index a123b3a..5116478 100644 --- a/mnml.yaml +++ b/mnml/mnml.yaml @@ -9,7 +9,7 @@ kind: PersistentVolume metadata: name: mnml-postgres-pv spec: - storageClassName: "" + storageClassName: local-path capacity: storage: 1Gi accessModes: @@ -19,7 +19,8 @@ spec: namespace: default name: mnml-postgres-pvc hostPath: - path: "/home/ntr/strix/pvs/mnml-postgres" + path: "/var/lib/rancher/k3s/storage/mnml-postgres-pv" + type: DirectoryOrCreate --- @@ -28,6 +29,7 @@ apiVersion: v1 metadata: name: mnml-postgres-pvc spec: + volumeName: mnml-postgres-pv accessModes: - ReadWriteOnce resources: @@ -39,9 +41,9 @@ spec: apiVersion: v1 kind: PersistentVolume metadata: - name: mnml-img-pv + name: mnml-imgs-pv spec: - storageClassName: "" + storageClassName: local-path capacity: storage: 1Gi accessModes: @@ -49,17 +51,20 @@ spec: persistentVolumeReclaimPolicy: Retain claimRef: namespace: default - name: mnml-img-pvc + name: mnml-imgs-pvc hostPath: - path: "/home/ntr/strix/pvs/mnml-img" + path: "/var/lib/rancher/k3s/storage/mnml-imgs-pv" + type: DirectoryOrCreate + --- kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: mnml-img-pvc + name: mnml-imgs-pvc spec: + volumeName: mnml-imgs-pv accessModes: - ReadWriteOnce resources: @@ -126,7 +131,7 @@ spec: spec: containers: - name: mnml-api - image: mnml-api + image: registry.strix.systems/mnml-api imagePullPolicy: IfNotPresent ports: - containerPort: 40000 @@ -153,7 +158,7 @@ spec: volumes: - name: mnml-img-storage persistentVolumeClaim: - claimName: mnml-img-pvc + claimName: mnml-imgs-pvc --- @@ -173,7 +178,7 @@ spec: spec: containers: - name: mnml-client - image: mnml-client + image: registry.strix.systems/mnml-client imagePullPolicy: IfNotPresent ports: - containerPort: 8080 @@ -183,7 +188,7 @@ spec: volumes: - name: mnml-img-storage persistentVolumeClaim: - claimName: mnml-img-pvc + claimName: mnml-imgs-pvc --- @@ -238,73 +243,3 @@ spec: app: mnml-client ports: - port: 8080 - ---- -# ----------------------------------------------------------------------- -# INGRESS -# ----------------------------------------------------------------------- - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: mnml-client -spec: - ingressClassName: nginx - rules: - - host: mnml.localdev.me - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: mnml-client - port: - number: 8080 - ---- - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: mnml-api - namespace: default - annotations: - nginx.org/websocket-services: "mnml-ws" -spec: - ingressClassName: nginx - rules: - - host: mnml.localdev.me - http: - paths: - - path: /api - pathType: Prefix - backend: - service: - name: mnml-api - port: - number: 40000 - ---- - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: mnml-ws - annotations: - nginx.org/proxy-read-timeout: "3600" - nginx.org/proxy-send-timeout: "3600" - nginx.org/websocket-services: mnml-ws -spec: - ingressClassName: nginx - rules: - - host: mnml.localdev.me - http: - paths: - - path: /api/ws - pathType: Exact - backend: - service: - name: mnml-ws - port: - number: 40055 diff --git a/nginx-ingress/cert-manager.yaml b/nginx-ingress/cert-manager.yaml new file mode 100644 index 0000000..13c43ae --- /dev/null +++ b/nginx-ingress/cert-manager.yaml @@ -0,0 +1,43 @@ +# using the same issuer for everything +# ntr@strix is the big boss + +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: letsencrypt-staging +spec: + acme: + # The ACME server URL + server: https://acme-staging-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: ntr@strix.systems + # Name of a secret used to store the ACME account private key + privateKeySecretRef: + name: letsencrypt-staging + # Enable the HTTP-01 challenge provider + solvers: + - http01: + ingress: + ingressClassName: nginx + +--- + +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: letsencrypt-prod +spec: + acme: + # The ACME server URL + server: https://acme-v02.api.letsencrypt.org/directory + # Email address used for ACME registration + email: ntr@strix.systems + # Name of a secret used to store the ACME account private key + privateKeySecretRef: + name: letsencrypt-prod + # Enable the HTTP-01 challenge provider + solvers: + - http01: + ingress: + ingressClassName: nginx diff --git a/registry/generate_auth.sh b/registry/generate_auth.sh new file mode 100755 index 0000000..8cb5e41 --- /dev/null +++ b/registry/generate_auth.sh @@ -0,0 +1,42 @@ +gen_password() { head -c 16 /dev/urandom | sha256sum | cut -d " " -f 1; } + +kube_run() { + eval "kubectl run --quiet -i --rm --tty kube-run-${RANDOM} \ + --image=${1} --restart=Never -- ${@:2}" +} + +htpasswd() { + kube_run alpine /bin/sh -c \""apk add --no-cache apache2-utils \ + &> /dev/null && \ + htpasswd -Bbn ${1} ${2} | head -n 1 2> /dev/null\"" +} + +K3S_HOST=strix.systems +REGISTRY_ADMIN=ntr +REGISTRY_PASSWORD=$(gen_password) +REGISTRY_AUTH=$(htpasswd ${REGISTRY_ADMIN} ${REGISTRY_PASSWORD}) +REGISTRY_HTTP_SECRET=$(gen_password) + +echo "-------------------------------" +echo REGISTRY_ADMIN is ${REGISTRY_ADMIN} +echo REGISTRY_PASSWORD is ${REGISTRY_PASSWORD} +echo REGISTRY_AUTH is ${REGISTRY_AUTH} +echo REGISTRY_HTTP_SECRET is ${REGISTRY_HTTP_SECRET} + +kubectl create secret generic registry \ + --from-literal=REGISTRY_ADMIN=${REGISTRY_ADMIN} \ + --from-literal=REGISTRY_PASSWORD=${REGISTRY_PASSWORD} \ + --from-literal=REGISTRY_HTTP_SECRET=${REGISTRY_HTTP_SECRET} \ + --from-literal=REGISTRY_AUTH=${REGISTRY_AUTH} + +# cat <