Skip to content

Commit

Permalink
feat(hibiscus): test it
Browse files Browse the repository at this point in the history
  • Loading branch information
davralin committed May 8, 2024
1 parent 0d8d20a commit 606da60
Show file tree
Hide file tree
Showing 7 changed files with 175 additions and 1 deletion.
2 changes: 1 addition & 1 deletion cluster/apps/archivebox/helm-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ spec:
#securityContext:
#runAsUser: 1000
#runAsGroup: 1000
#sGroup: 1000
#fsGroup: 1000
#fsGroupChangePolicy: "OnRootMismatch"
controllers:
*name:
Expand Down
82 changes: 82 additions & 0 deletions cluster/apps/hibiscus/helm-release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: &name hibiscus
namespace: hibiscus
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 3.0.4
sourceRef:
kind: HelmRepository
name: bjw-s-charts
namespace: flux-system
interval: 5m
targetNamespace: hibiscus
install:
createNamespace: true
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
fullnameOverride: *name
defaultPodOptions:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: "OnRootMismatch"
controllers:
*name:
containers:
app:
image:
repository: git.a71.su/andrew71/hibiscus
tag: latest@sha256:98d92db07b24c130a9e2c3d31b68cce6f76c7ff3054b23cb23e5afd1e32afa4f
env:
TZ: "${TIMEZONE}"
resources:
requests:
cpu: 50m
memory: 32Mi
service:
app:
controller: *name
ports:
http:
port: 7101
ingress:
app:
annotations:
haproxy.org/allow-list: "${HAPROXY_WHITELIST}"
haproxy.org/response-set-header: |
Strict-Transport-Security "max-age=31536000"
X-Frame-Options "SAMEORIGIN"
X-Content-Type-Options "nosniff"
Referrer-Policy "no-referrer-when-downgrade"
hosts:
- host: &host "hibiscus.${SECRET_DEFAULT_DOMAIN}"
paths:
- path: /
service:
identifier: app
port: http
tls:
- hosts:
- *host
persistence:
config:
enabled: true
existingClaim: hibiscus
advancedMounts:
*name:
app:
- path: /data
subPath: data
- path: /config
subPath: config
8 changes: 8 additions & 0 deletions cluster/apps/hibiscus/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helm-release.yaml
- namespace.yaml
- pvc.yaml
- volsync.yaml
5 changes: 5 additions & 0 deletions cluster/apps/hibiscus/namespace.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: hibiscus
13 changes: 13 additions & 0 deletions cluster/apps/hibiscus/pvc.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: hibiscus
namespace: hibiscus
spec:
storageClassName: "${STORAGE_READWRITEMANY}"
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
65 changes: 65 additions & 0 deletions cluster/apps/hibiscus/volsync.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
---
apiVersion: v1
kind: Secret
metadata:
name: hibiscus-volsync-secret
namespace: hibiscus
type: Opaque
stringData:
RESTIC_REPOSITORY: "s3:${S3_URL}/volsync-${CLUSTER_NAME}/hibiscus"
RESTIC_PASSWORD: "${SECRET_VOLSYNC_RESTIC_PWD}"
AWS_ACCESS_KEY_ID: "${SECRET_VOLSYNC_ACCESS_KEYS}"
AWS_SECRET_ACCESS_KEY: "${SECRET_VOLSYNC_SECRET_KEYS}"
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: hibiscus-volsync
namespace: hibiscus
spec:
interval: 15m
chart:
spec:
chart: raw
version: v0.3.2
sourceRef:
kind: HelmRepository
name: dysnix-charts
namespace: flux-system
targetNamespace: hibiscus
install:
createNamespace: true
remediation:
retries: 5
upgrade:
remediation:
retries: 5
dependsOn:
- name: volsync
namespace: volsync
- name: hibiscus
namespace: hibiscus
values:
resources:
- apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: hibiscus
namespace: hibiscus
spec:
sourcePVC: hibiscus
trigger:
schedule: "04 01 * * *"
restic:
copyMethod: Direct
cacheStorageClassName: "${STORAGE_READWRITEONCE}"
cacheAccessModes: ["ReadWriteOnce"]
pruneIntervalDays: 7
repository: hibiscus-volsync-secret
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
retain:
daily: 7
within: 3d
1 change: 1 addition & 0 deletions cluster/apps/k8s-home/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ resources:
- ../freshrss
- ../gitea
- ../haproxy/haproxy-ingress
- ../hibiscus
- ../intel-gpu
- ../it-tools
- ../jobs
Expand Down

0 comments on commit 606da60

Please sign in to comment.