diff --git a/.gitignore b/.gitignore index 6c96ecc..c853555 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,10 @@ crash.log crash.*.log +*.tfvars +*.tfvars.json +!*terraform.tfvars + # Ignore override files as they are usually used to override resources locally and so # are not checked in override.tf diff --git a/k8s/apps/pasarguard/app.yaml b/k8s/apps/pasarguard/app.yaml new file mode 100644 index 0000000..e383ddc --- /dev/null +++ b/k8s/apps/pasarguard/app.yaml @@ -0,0 +1,21 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: pasarguard + namespace: argocd +spec: + project: apps + destination: + namespace: pasarguard + server: https://kubernetes.default.svc + source: + repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git + targetRevision: HEAD + path: k8s/apps/pasarguard + syncPolicy: + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true + diff --git a/k8s/apps/pasarguard/deployment.yaml b/k8s/apps/pasarguard/deployment.yaml new file mode 100644 index 0000000..2ff61b9 --- /dev/null +++ b/k8s/apps/pasarguard/deployment.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pasarguard + labels: + app: pasarguard + annotations: + reloader.stakater.com/auto: "true" +spec: + selector: + matchLabels: + app: pasarguard + replicas: 1 + strategy: + type: RollingUpdate + template: + metadata: + labels: + app: pasarguard + spec: + hostname: ps.hexor.cy + nodeSelector: + kubernetes.io/hostname: master.tail2fe2d.ts.net + containers: + - name: pasarguard-web + image: 'pasarguard/panel:v1.4.1' + imagePullPolicy: Always + envFrom: + - secretRef: + name: pasarguard-secrets + env: + - name: UVICORN_HOST + value: "0.0.0.0" + - name: UVICORN_PORT + value: "8000" + ports: + - name: http + containerPort: 8000 + protocol: TCP +--- +apiVersion: v1 +kind: Service +metadata: + name: pasarguard +spec: + selector: + app: pasarguard + ports: + - protocol: TCP + port: 80 + targetPort: 8000 diff --git a/k8s/apps/pasarguard/external-secrets.yaml b/k8s/apps/pasarguard/external-secrets.yaml new file mode 100644 index 0000000..8e40581 --- /dev/null +++ b/k8s/apps/pasarguard/external-secrets.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: pasarguard-secrets +spec: + target: + name: pasarguard-secrets + deletionPolicy: Delete + template: + type: Opaque + data: + SUDO_PASSWORD: |- + {{ .admin_password }} + SUDO_USERNAME: |- + {{ .admin_username }} + SQLALCHEMY_DATABASE_URL : |- + "postgresql+asyncpg://pasarguard:{{ .pg_pass }}@psql.psql.svc/pasarguard" + + data: + - secretKey: pg_pass + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + key: 2a9deb39-ef22-433e-a1be-df1555625e22 + property: fields[9].value + - secretKey: admin_password + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + key: 35ec5880-2576-401b-a89a-3c9d56b9c1de + property: login.password + - secretKey: admin_username + sourceRef: + storeRef: + name: vaultwarden-login + kind: ClusterSecretStore + remoteRef: + key: 35ec5880-2576-401b-a89a-3c9d56b9c1de + property: login.username \ No newline at end of file diff --git a/k8s/apps/pasarguard/kustomization.yaml b/k8s/apps/pasarguard/kustomization.yaml new file mode 100644 index 0000000..a7186e5 --- /dev/null +++ b/k8s/apps/pasarguard/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ./app.yaml + - ./external-secrets.yaml + - ./deployment.yaml + + diff --git a/k8s/core/argocd/app.yaml b/k8s/core/argocd/app.yaml index c9472b9..ec32b6d 100644 --- a/k8s/core/argocd/app.yaml +++ b/k8s/core/argocd/app.yaml @@ -13,6 +13,9 @@ spec: targetRevision: HEAD path: k8s/core/argocd syncPolicy: + automated: + selfHeal: true + prune: true syncOptions: - CreateNamespace=true