From 2992a1bd89af81b0f7374ce18f0cd5e03d11c03a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6ren=20Schneider?= <56670304+soerenschneider@users.noreply.github.com> Date: Mon, 11 Nov 2024 22:23:06 +0100 Subject: [PATCH] add ghostfolio --- .../postgres/postgres-deployment.yaml | 4 +-- .../external-secret-ghostfolio.yaml | 35 +++++++++++++++++++ .../ghostfolio/external-secret-postgres.yaml | 22 ++++++++++++ .../ghostfolio/kustomization.yaml | 24 +++++++++++++ .../ghostfolio/namespace.yaml | 7 ++++ .../ghostfolio/postgres-data-pv.yaml | 24 +++++++++++++ 6 files changed, 114 insertions(+), 2 deletions(-) create mode 100644 clusters/svc.ez.soeren.cloud/ghostfolio/external-secret-ghostfolio.yaml create mode 100644 clusters/svc.ez.soeren.cloud/ghostfolio/external-secret-postgres.yaml create mode 100644 clusters/svc.ez.soeren.cloud/ghostfolio/kustomization.yaml create mode 100644 clusters/svc.ez.soeren.cloud/ghostfolio/namespace.yaml create mode 100644 clusters/svc.ez.soeren.cloud/ghostfolio/postgres-data-pv.yaml diff --git a/apps/ghostfolio/components/postgres/postgres-deployment.yaml b/apps/ghostfolio/components/postgres/postgres-deployment.yaml index 4e97c50f..c9812d10 100644 --- a/apps/ghostfolio/components/postgres/postgres-deployment.yaml +++ b/apps/ghostfolio/components/postgres/postgres-deployment.yaml @@ -62,12 +62,12 @@ spec: - name: "POSTGRES_USER" valueFrom: secretKeyRef: - name: "ghostfolio" + name: "ghostfolio-postgres" key: "POSTGRES_USER" - name: "POSTGRES_PASSWORD" valueFrom: secretKeyRef: - name: "ghostfolio" + name: "ghostfolio-postgres" key: "POSTGRES_PASSWORD" - name: "PGDATA" value: "/data/pgdata" diff --git a/clusters/svc.ez.soeren.cloud/ghostfolio/external-secret-ghostfolio.yaml b/clusters/svc.ez.soeren.cloud/ghostfolio/external-secret-ghostfolio.yaml new file mode 100644 index 00000000..a7fc7a3d --- /dev/null +++ b/clusters/svc.ez.soeren.cloud/ghostfolio/external-secret-ghostfolio.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: "ghostfolio" +spec: + refreshInterval: 12h + secretStoreRef: + name: "vault" + kind: "ClusterSecretStore" + target: + name: "ghostfolio" + template: + engineVersion: v2 + data: + DATABASE_URL: "postgresql://{{ .postgres_user }}:{{ .postgres_password }}@postgres:5432/ghostfolio?connect_timeout=300" + JWT_SECRET_KEY: "{{ .jwt_secret_key }}" + ACCESS_TOKEN_SALT: "{{ .access_token_salt }}" + data: + - secretKey: "postgres_user" + remoteRef: + key: "secret/soeren.cloud/env/prod/ghostfolio" + property: "POSTGRES_USER" + - secretKey: "postgres_password" + remoteRef: + key: "secret/soeren.cloud/env/prod/ghostfolio" + property: "POSTGRES_PASSWORD" + - secretKey: "jwt_secret_key" + remoteRef: + key: "secret/soeren.cloud/env/prod/ghostfolio" + property: "JWT_SECRET" + - secretKey: "access_token_salt" + remoteRef: + key: "secret/soeren.cloud/env/prod/ghostfolio" + property: "ACCESS_TOKEN_SALT" diff --git a/clusters/svc.ez.soeren.cloud/ghostfolio/external-secret-postgres.yaml b/clusters/svc.ez.soeren.cloud/ghostfolio/external-secret-postgres.yaml new file mode 100644 index 00000000..025389d6 --- /dev/null +++ b/clusters/svc.ez.soeren.cloud/ghostfolio/external-secret-postgres.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: "ghostfolio-postgres" +spec: + refreshInterval: 12h + secretStoreRef: + name: "vault" + kind: "ClusterSecretStore" + target: + name: "ghostfolio-postgres" + creationPolicy: "Owner" + data: + - secretKey: "POSTGRES_USER" + remoteRef: + key: "secret/soeren.cloud/env/prod/ghostfolio" + property: "POSTGRES_USER" + - secretKey: "POSTGRES_PASSWORD" + remoteRef: + key: "secret/soeren.cloud/env/prod/ghostfolio" + property: "POSTGRES_PASSWORD" diff --git a/clusters/svc.ez.soeren.cloud/ghostfolio/kustomization.yaml b/clusters/svc.ez.soeren.cloud/ghostfolio/kustomization.yaml new file mode 100644 index 00000000..14cdf06e --- /dev/null +++ b/clusters/svc.ez.soeren.cloud/ghostfolio/kustomization.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: "ghostfolio" +resources: + - "../../../apps/ghostfolio" + - "namespace.yaml" + - "postgres-data-pv.yaml" + - "external-secret-ghostfolio.yaml" + - "external-secret-postgres.yaml" +components: + - ../../../apps/ghostfolio/components/istio + - ../../../apps/ghostfolio/components/postgres + - ../../../apps/ghostfolio/components/postgres-pvc + - ../../../apps/ghostfolio/components/redis +patches: + - target: + kind: "VirtualService" + name: "ghostfolio" + patch: | + - op: "replace" + path: "/spec/hosts" + value: + - "ghostfolio.svc.ez.soeren.cloud" diff --git a/clusters/svc.ez.soeren.cloud/ghostfolio/namespace.yaml b/clusters/svc.ez.soeren.cloud/ghostfolio/namespace.yaml new file mode 100644 index 00000000..9717ddd5 --- /dev/null +++ b/clusters/svc.ez.soeren.cloud/ghostfolio/namespace.yaml @@ -0,0 +1,7 @@ +--- +kind: Namespace +apiVersion: v1 +metadata: + name: ghostfolio + labels: + name: ghostfolio diff --git a/clusters/svc.ez.soeren.cloud/ghostfolio/postgres-data-pv.yaml b/clusters/svc.ez.soeren.cloud/ghostfolio/postgres-data-pv.yaml new file mode 100644 index 00000000..b39f6e58 --- /dev/null +++ b/clusters/svc.ez.soeren.cloud/ghostfolio/postgres-data-pv.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: ghostfolio-postgres +spec: + accessModes: + - ReadWriteOnce + capacity: + storage: 1Gi + storageClassName: local-storage + local: + path: "/mnt/k8s/ghostfolio-postgres" + claimRef: + namespace: "ghostfolio" + name: "ghostfolio-postgres" + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - k8s.ez.soeren.cloud