ntr/ntwl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

spacerace.systems moved

Browse Source
This commit is contained in:
Nathan Rashleigh 2024-01-20 22:17:45 +11:00
parent fa11315a0c
commit b63e21587f
13 changed files with 470 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -2,5 +2,7 @@
## TODO ## TODO
[x] private registry
[ ] secrets
[ ] ntr-cv static containers [ ] ntr-cv static containers
[ ] grafana etc [ ] grafana etc

58
crates/crates.ingress.yaml Normal file
View File

@ -0,0 +1,58 @@
---
# -----------------------------------------------------------------------
# INGRESS
# -----------------------------------------------------------------------
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: crates-client
annotations:
cert-manager.io/issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
tls:
- hosts:
- crates.strix.systems
secretName: crates-strix-systems-tls
rules:
- host: crates.strix.systems
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: crates-client
port:
number: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2
name: crates-api
namespace: default
spec:
ingressClassName: nginx
tls:
- hosts:
- crates.strix.systems
secretName: crates-strix-systems-tls
rules:
- host: crates.strix.systems
http:
paths:
- path: /api(/|$)(.*)
pathType: ImplementationSpecific
backend:
service:
name: crates-api
port:
number: 41337

70
crates.yaml → crates/crates.yaml
View File

@ -2,6 +2,8 @@
# VOLUMES # VOLUMES
# ----------------------------------------------------------------------- # -----------------------------------------------------------------------
---
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
@ -9,15 +11,16 @@ metadata:
spec: spec:
storageClassName: "" storageClassName: ""
capacity: capacity:
storage: 1Gi storage: 1Gi
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
claimRef: claimRef:
namespace: default namespace: default
name: crates-postgres-pvc name: crates-postgres-pvc
hostPath: hostPath:
path: "/home/ntr/strix/pvs/crates-postgres" # Specify the local path on your node path: "/var/lib/rancher/k3s/storage/crates-postgres-pv"
type: DirectoryOrCreate
--- ---
@ -26,6 +29,7 @@ apiVersion: v1
metadata: metadata:
name: crates-postgres-pvc name: crates-postgres-pvc
spec: spec:
volumeName: crates-postgres-pv
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
@ -91,7 +95,7 @@ spec:
spec: spec:
containers: containers:
- name: crates-api - name: crates-api
image: crates-api image: registry.strix.systems/crates-api
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- containerPort: 80 - containerPort: 80
@ -123,7 +127,7 @@ spec:
spec: spec:
containers: containers:
- name: crates-migrate - name: crates-migrate
image: crates-api image: registry.strix.systems/crates-api
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["npx"] command: ["npx"]
args: ["prisma", "migrate", "deploy"] args: ["prisma", "migrate", "deploy"]
@ -149,7 +153,7 @@ spec:
spec: spec:
containers: containers:
- name: crates-client - name: crates-client
image: crates-client image: registry.strix.systems/crates-client
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- containerPort: 8080 - containerPort: 8080
@ -193,53 +197,3 @@ spec:
app: crates-client app: crates-client
ports: ports:
- port: 8080 - port: 8080
---
# -----------------------------------------------------------------------
# INGRESS
# -----------------------------------------------------------------------
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: crates-client
spec:
ingressClassName: nginx
rules:
- host: crates.localdev.me
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: crates-client
port:
number: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2
name: crates-api
namespace: default
spec:
ingressClassName: nginx
rules:
- host: crates.localdev.me
http:
paths:
- path: /api(/|$)(.*)
pathType: ImplementationSpecific
backend:
service:
name: crates-api
port:
number: 41337

9
kustomization.yaml
View File

@ -1,9 +0,0 @@
---
resources:
- crates.yaml
images:
- name: postgres
newName: postgres
newTag: "14"

13
mnml/mnml.gg-zone.txt Normal file
View File

@ -0,0 +1,13 @@
$ORIGIN mnml.gg.
$TTL 1800
mnml.gg. IN SOA ns1.digitalocean.com. hostmaster.mnml.gg. 1572016807 10800 3600 604800 1800
mnml.gg. 3600 IN A 165.22.108.84
*.mnml.gg. 3600 IN A 165.22.108.84
mnml.gg. 3600 IN MX 1 aspmx.l.google.com.
mnml.gg. 3600 IN MX 5 alt1.aspmx.l.google.com.
mnml.gg. 1800 IN NS ns1.digitalocean.com.
mnml.gg. 1800 IN NS ns2.digitalocean.com.
mnml.gg. 1800 IN NS ns3.digitalocean.com.
mnml.gg. 3600 IN TXT google-site-verification=oLCWheQjBhS7aI77fYh3_JXR1cECq4vVHd4dcIC5suU
_acme-challenge.mnml.gg. 30 IN TXT bl4Wx07rWi7TlVgc4wMmzJ2K0-CqSNlAIGXZAyP7_JE
_acme-challenge.mnml.gg. 30 IN TXT qsnnCtP1oJRFa9nicwy96OKEvZMh55AM0lXlW-gWlBE

85
mnml/mnml.ingress.yaml Normal file
View File

@ -0,0 +1,85 @@
---
# -----------------------------------------------------------------------
# INGRESS
# -----------------------------------------------------------------------
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mnml-client
annotations:
cert-manager.io/issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
tls:
- hosts:
- mnml.strix.systems
secretName: mnml-strix-systems-tls
rules:
- host: mnml.strix.systems
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: mnml-client
port:
number: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mnml-api
namespace: default
annotations:
cert-manager.io/issuer: "letsencrypt-prod"
nginx.org/websocket-services: "mnml-ws"
spec:
ingressClassName: nginx
tls:
- hosts:
- mnml.strix.systems
secretName: mnml-strix-systems-tls
rules:
- host: mnml.strix.systems
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: mnml-api
port:
number: 40000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mnml-ws
annotations:
cert-manager.io/issuer: "letsencrypt-prod"
nginx.org/proxy-read-timeout: "3600"
nginx.org/proxy-send-timeout: "3600"
nginx.org/websocket-services: mnml-ws
spec:
ingressClassName: nginx
tls:
- hosts:
- mnml.strix.systems
secretName: mnml-strix-systems-tls
rules:
- host: mnml.strix.systems
http:
paths:
- path: /api/ws
pathType: Exact
backend:
service:
name: mnml-ws
port:
number: 40055

97
mnml.yaml → mnml/mnml.yaml
View File

@ -9,7 +9,7 @@ kind: PersistentVolume
metadata: metadata:
name: mnml-postgres-pv name: mnml-postgres-pv
spec: spec:
storageClassName: "" storageClassName: local-path
capacity: capacity:
storage: 1Gi storage: 1Gi
accessModes: accessModes:
@ -19,7 +19,8 @@ spec:
namespace: default namespace: default
name: mnml-postgres-pvc name: mnml-postgres-pvc
hostPath: hostPath:
path: "/home/ntr/strix/pvs/mnml-postgres" path: "/var/lib/rancher/k3s/storage/mnml-postgres-pv"
type: DirectoryOrCreate
--- ---
@ -28,6 +29,7 @@ apiVersion: v1
metadata: metadata:
name: mnml-postgres-pvc name: mnml-postgres-pvc
spec: spec:
volumeName: mnml-postgres-pv
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
@ -39,9 +41,9 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: mnml-img-pv name: mnml-imgs-pv
spec: spec:
storageClassName: "" storageClassName: local-path
capacity: capacity:
storage: 1Gi storage: 1Gi
accessModes: accessModes:
@ -49,17 +51,20 @@ spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
claimRef: claimRef:
namespace: default namespace: default
name: mnml-img-pvc name: mnml-imgs-pvc
hostPath: hostPath:
path: "/home/ntr/strix/pvs/mnml-img" path: "/var/lib/rancher/k3s/storage/mnml-imgs-pv"
type: DirectoryOrCreate
--- ---
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: mnml-img-pvc name: mnml-imgs-pvc
spec: spec:
volumeName: mnml-imgs-pv
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
@ -126,7 +131,7 @@ spec:
spec: spec:
containers: containers:
- name: mnml-api - name: mnml-api
image: mnml-api image: registry.strix.systems/mnml-api
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- containerPort: 40000 - containerPort: 40000
@ -153,7 +158,7 @@ spec:
volumes: volumes:
- name: mnml-img-storage - name: mnml-img-storage
persistentVolumeClaim: persistentVolumeClaim:
claimName: mnml-img-pvc claimName: mnml-imgs-pvc
--- ---
@ -173,7 +178,7 @@ spec:
spec: spec:
containers: containers:
- name: mnml-client - name: mnml-client
image: mnml-client image: registry.strix.systems/mnml-client
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- containerPort: 8080 - containerPort: 8080
@ -183,7 +188,7 @@ spec:
volumes: volumes:
- name: mnml-img-storage - name: mnml-img-storage
persistentVolumeClaim: persistentVolumeClaim:
claimName: mnml-img-pvc claimName: mnml-imgs-pvc
--- ---
@ -238,73 +243,3 @@ spec:
app: mnml-client app: mnml-client
ports: ports:
- port: 8080 - port: 8080
---
# -----------------------------------------------------------------------
# INGRESS
# -----------------------------------------------------------------------
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mnml-client
spec:
ingressClassName: nginx
rules:
- host: mnml.localdev.me
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: mnml-client
port:
number: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mnml-api
namespace: default
annotations:
nginx.org/websocket-services: "mnml-ws"
spec:
ingressClassName: nginx
rules:
- host: mnml.localdev.me
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: mnml-api
port:
number: 40000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mnml-ws
annotations:
nginx.org/proxy-read-timeout: "3600"
nginx.org/proxy-send-timeout: "3600"
nginx.org/websocket-services: mnml-ws
spec:
ingressClassName: nginx
rules:
- host: mnml.localdev.me
http:
paths:
- path: /api/ws
pathType: Exact
backend:
service:
name: mnml-ws
port:
number: 40055

43
nginx-ingress/cert-manager.yaml Normal file
View File

@ -0,0 +1,43 @@
# using the same issuer for everything
# ntr@strix is the big boss
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-staging
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: ntr@strix.systems
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-staging
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
ingressClassName: nginx
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-prod
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: ntr@strix.systems
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-prod
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
ingressClassName: nginx

42
registry/generate_auth.sh Executable file
View File

@ -0,0 +1,42 @@
gen_password() { head -c 16 /dev/urandom | sha256sum | cut -d " " -f 1; }
kube_run() {
eval "kubectl run --quiet -i --rm --tty kube-run-${RANDOM} \
--image=${1} --restart=Never -- ${@:2}"
}
htpasswd() {
kube_run alpine /bin/sh -c \""apk add --no-cache apache2-utils \
&> /dev/null && \
htpasswd -Bbn ${1} ${2} | head -n 1 2> /dev/null\""
}
K3S_HOST=strix.systems
REGISTRY_ADMIN=ntr
REGISTRY_PASSWORD=$(gen_password)
REGISTRY_AUTH=$(htpasswd ${REGISTRY_ADMIN} ${REGISTRY_PASSWORD})
REGISTRY_HTTP_SECRET=$(gen_password)
echo "-------------------------------"
echo REGISTRY_ADMIN is ${REGISTRY_ADMIN}
echo REGISTRY_PASSWORD is ${REGISTRY_PASSWORD}
echo REGISTRY_AUTH is ${REGISTRY_AUTH}
echo REGISTRY_HTTP_SECRET is ${REGISTRY_HTTP_SECRET}
kubectl create secret generic registry \
--from-literal=REGISTRY_ADMIN=${REGISTRY_ADMIN} \
--from-literal=REGISTRY_PASSWORD=${REGISTRY_PASSWORD} \
--from-literal=REGISTRY_HTTP_SECRET=${REGISTRY_HTTP_SECRET} \
--from-literal=REGISTRY_AUTH=${REGISTRY_AUTH}
# cat <<EOF | ssh root@strix tee /etc/rancher/k3s/registries.yaml
# mirrors:
# registry.strix.systems:
# endpoint:
# - "https://registry.strix.systems"
# configs:
# "registry.strix.systems":
# auth:
# username: ntr
# password: pw
# EOF

26
registry/registry.ingress.yaml Normal file
View File

@ -0,0 +1,26 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: registry
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 2g
cert-manager.io/issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
tls:
- hosts:
- registry.strix.systems
secretName: registry-strix-systems-tls
rules:
- host: registry.strix.systems
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: registry
port:
number: 5000

142
registry/registry.yaml Normal file
View File

@ -0,0 +1,142 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: registry-pv
spec:
storageClassName: local-path
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
claimRef:
namespace: default
name: registry-pvc
hostPath:
path: "/var/lib/rancher/k3s/storage/registry-pv"
type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: registry-pvc
spec:
volumeName: registry-pv
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: local-path
---
apiVersion: v1
kind: Service
metadata:
name: registry
spec:
ports:
- name: web
port: 5000
protocol: TCP
selector:
app: registry
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: registry
labels:
app: registry
spec:
selector:
matchLabels:
app: registry
replicas: 1
minReadySeconds: 5
template:
metadata:
labels:
app: registry
annotations:
spec:
containers:
- name: registry
image: registry:2
ports:
- containerPort: 5000
livenessProbe:
httpGet:
path: /
port: 5000
readinessProbe:
httpGet:
path: /
port: 5000
resources:
env:
- name: REGISTRY_HTTP_SECRET
valueFrom:
secretKeyRef:
name: registry
key: REGISTRY_HTTP_SECRET
volumeMounts:
- name: registry-pvc
mountPath: /var/lib/registry
- name: registry-auth
mountPath: /auth
readOnly: true
- name: registry-config
mountPath: "/etc/docker/registry"
volumes:
- name: registry-auth
secret:
secretName: registry
items:
- key: REGISTRY_AUTH
path: htpasswd
- name: registry-config
configMap:
name: registry
- name: registry-pvc
persistentVolumeClaim:
claimName: registry-pvc
---
apiVersion: v1
kind: ConfigMap
metadata:
name: registry
# namespace: registry
data:
config.yml: |
version: 0.1
log:
fields:
service: registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
auth:
htpasswd:
realm: registry
path: /auth/htpasswd
storage:
filesystem:
rootdirectory: /var/lib/registry
delete:
enabled: true
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3

27
spacerace/spacerace.ingress.yaml Normal file
View File

@ -0,0 +1,27 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: spacerace-api
annotations:
cert-manager.io/issuer: "letsencrypt-prod"
# don't do this again
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
ingressClassName: nginx
tls:
- hosts:
- spacerace.systems
secretName: spacerace-systems-tls
rules:
- host: spacerace.systems
http:
paths:
- path: /api(/|$)(.*)
pathType: ImplementationSpecific
backend:
service:
name: spacerace-api
port:
number: 80

6
spacerace.yaml → spacerace/spacerace.yaml
View File

@ -19,7 +19,8 @@ spec:
namespace: default namespace: default
name: spacerace-postgres-pvc name: spacerace-postgres-pvc
hostPath: hostPath:
path: "/home/ntr/strix/pvs/spacerace-postgres" path: "/var/lib/rancher/k3s/storage/spacerace-postgres-pv"
type: DirectoryOrCreate
--- ---
@ -28,6 +29,7 @@ apiVersion: v1
metadata: metadata:
name: spacerace-postgres-pvc name: spacerace-postgres-pvc
spec: spec:
volumeName: spacerace-postgres-pv
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
@ -93,7 +95,7 @@ spec:
spec: spec:
containers: containers:
- name: spacerace-api - name: spacerace-api
image: spacerace-api image: registry.strix.systems/spacerace-api
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- containerPort: 80 - containerPort: 80