From ce6fdb87b2fedf72f9c52f3339c6edc83bdaf866 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Sun, 21 Jul 2024 01:36:08 +1000 Subject: [PATCH 1/2] add infra app mongodb --- .sops.pub.asc | 63 ------------------- .sops.yaml | 5 -- .../mongodb/env/k3s-cluster/config.json | 12 ++++ .../env/k3s-cluster/kustomization.yaml | 8 +++ .../mongodb/env/k3s-cluster/values.yaml | 34 ++++++++++ renovate.json | 40 ------------ .../env/k3s-cluster/templates/mongodb.yaml | 14 +++++ .../env/k3s-cluster/templates/mongodb-pv.yaml | 30 +++++++++ .../k3s-cluster/templates/mongodb-pvc.yaml | 15 +++++ 9 files changed, 113 insertions(+), 108 deletions(-) delete mode 100644 .sops.pub.asc delete mode 100644 .sops.yaml create mode 100644 infrastructures/mongodb/env/k3s-cluster/config.json create mode 100644 infrastructures/mongodb/env/k3s-cluster/kustomization.yaml create mode 100644 infrastructures/mongodb/env/k3s-cluster/values.yaml delete mode 100644 renovate.json create mode 100644 resources/app-secrets/env/k3s-cluster/templates/mongodb.yaml create mode 100644 resources/app-volumes/env/k3s-cluster/templates/mongodb-pv.yaml create mode 100644 resources/app-volumes/env/k3s-cluster/templates/mongodb-pvc.yaml diff --git a/.sops.pub.asc b/.sops.pub.asc deleted file mode 100644 index e2617a7..0000000 --- a/.sops.pub.asc +++ /dev/null @@ -1,63 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBGZlM+cBEADb3FqX+ZswYKVKx7kUGSvvBT0+Pe/6BZIQYDt8DE+gXTAwNDlq -4Yy1XyPN5ispHo1/huUkUOaFUpkolfjzuciEIWaw2qHhTn9a7rPTx7DGCni9epic -SuQYykC7MgQtAOkxUlx5R9XTL30JksICqlVLz8SMDHAzraLZU+4Pde+Cqgzx4x0K -EfBzoAfjQtRe1RtikQ0ShklbbrbfETG9oGYh28RCI/ic22pgVV3EN1K1RDJDx9O+ -+CWW/dahKBCrKl8BUAd7dblOkIT1iwBtteyAfvYgcaGL2O0pHKIx2XmM2OWvjbPR -TJvYtDQXpLHEYValuDWSF3TxxlYw05MFK3TRK0bSp8f7RN8Y12bZ/yGI3HpTfF2u -B/ZGP++v5SwzuOEJw/7VrCqihLPuq/yeCi7xUGYpuhW0vjE5GVH3R7BBpP3B1Svg -gCrdZOP0KoMVNM0SHzVvUzf4okWo1ctHU1zhmBPmW+LAyugYvq8di7q7rRDelELW -IBnIqEfxXCKdqD2YylUJYXRuHhSvfGw8ABt873xBYfLTQSJmadaQevB58nTCooCe -kt9AaOpdjCjfaArajbhUQx+56GdSLh5OUabu/zG75SF3kGJJ69G3BFZH5vZSwkt9 -22O75IBBN0A+d7xt/NsPNAfckwmPHFNiKxSPMXzrdGbfHTZTiYykarqVwwARAQAB -tClycGk1LWNsdXN0ZXIuZWR3YXJkLnN5ZG5leSAoZmx1eCBzZWNyZXRzKYkCTgQT -AQoAOBYhBGzqkd2xlkhpyU3Ox69uO7G0T2abBQJmZTPnAhsvBQsJCAcCBhUKCQgL -AgQWAgMBAh4BAheAAAoJEK9uO7G0T2ab2gIQAI/MhtpzyIqAto0O9erPG74HNqsB -B4Fi/DssU+WHYOiLR8COXNYV1Hzb7VWaucyKku0OB58AN8fMfTEE5b/K2kvhAyAW -oK+FWgLWQXrLIwZuz+rlwIZEEWJrUYOle3tosmOyE8vlvPwv9hzS1q6ueEanvT1K -2UrtRWCdfDRVJciUTI78v88XNYD7CpOfJqlS62tk2su6NGjBg4T5N9j0u0ddZ1pU -eH28L4jvaCiAQkKZbKSBr5LFKJio4LIkCOsYyraQrv6PxuPd5c2E2GbMOMLF2iLO -25hlr2o34UnjDMV0bHFHUw2ujULYCzp83A5oNce6vjY/ZL0LrrjVqVn+gcnpR9MF -K3ArlkUkp0oNuVnZ1o/zObfcv6XEG/LoQGc7nuYLMooQEEeNEP2RwvlRTAhpKPZW -ZPthGwe7RzWwPWjmkPvBVQy4njk7rDu0Ob0NkJKOBOc28Su5iOIwzKRyzvDV6g1o -2yYWuKmZSkjBvP909LSccoFW8I55bUg3tUH5n7BCkdeOAmsq4cGPMviJeVRByOxt -oK4wS63g/R8h916eLwygMxutDeIEnrAcGrpCXDRzH7kOq533LbuMk1p2giY4VAIK -S26C0zzhjF0vJwls7BoP55XZfJf/WGQdRtfH6QvKfJwk1n/2OTeeY3McSEg7JoCf -cmPZtQG/mGAhpomjuQINBGZlM+cBEADh4OFFjCOjbPn/5B0FwZ4wqjND/ARSD6iu -CUNAEEex+WNkEt8h2lZdUq0CAmNPqQIJQ2QE68TdueVl9X+is5uqDGgEyGo2ZccE -RkpM89l883Pvfd/fiJSHCo/lBGSMhJQLzE/AWu4FKxkCmqFFQ9aK6XJhV/knsJ4Z -Nis0n4weCF0YETE0vq2bPPMl2xvpMy4VKvG4t7Dhl0wJRakgtZYApOlBVpupzHh4 -bx27jkh7K2lEmJIoWc7xBtMYonvys66tQyHy86kPfQXw+gzzkUpf2XYCHRzvjPZ9 -YiZqV370LCkjLMg0zfLaINXUsw6xrHXfbnutTb3qW9YIp7xyQS64wFbKM9d+y7XL -ZUXsAQbn9cNoEBP5pXoJSvrrkGRAZDwFW0ax2XveuAlfBRv5tiXpHyD7M7Arrjb0 -yc6ijU/ZBv0vaQZMtSt28M10Z5Tn1A93nHff2xdM0njZc3KImM/QpGXlY8pct18Q -zUqoYu69po7j7mH78a8h2tI5X7AmU1T1JOcQQ4bp46ik3uBKCVxLSyesAeGE1Au8 -QksLqELZ/jVlV/+WQ54NDLt3bc24V8MIj57xPDumejsJnY8cJLOW7Rrsn3WJCBkw -AKM4BlrR/HigX7sjZ57N9ZsRTuaxpvCJwlRdK4YPsEBhO2UvQNGVWLEj8dogq2+v -a31vc/kyrwARAQABiQRsBBgBCgAgFiEEbOqR3bGWSGnJTc7Hr247sbRPZpsFAmZl -M+cCGy4CQAkQr247sbRPZpvBdCAEGQEKAB0WIQTvmsGobbjnhWp6fYQ2D2kqSUqH -CgUCZmUz5wAKCRA2D2kqSUqHClj8D/4pHqnYlIcJpDOhGxYlQtrk6GRSfq1g3suh -5Lhc+eHFpVQtQM85qJTSIhS3w/XAf3GwekYuiKjGAdhrWJcglphxCPX5IMg9ofMX -ICbOxyjdEeOwgfEMvuyPgLUet6reK8rSTefhR5L2FRuU+qibs08LKMAtRoooZ3I1 -W7q38hWBcrrQXnBxtb7YLQ6Kzwd7mEq0KXnJxV8UBUj9x90j7R5+YEs3ZIAUh6sV -jR23RpRuBQmgGXsjv3LsYyeDCglUNmWZKWfVhhmLcIbJ5/Dej4Eg79qY6DrmyXLM -0Sw1ZhGAj/xRGw3GMrLXoj1gjEI1etUbiCKLUud2llUk4d15NP5CfhQ6s4Gh9p60 -x1eL8+hNuoSDRuQWzn/8MWglWKeUnalXF7krjLuOVtpMR+Uh9YwufUXDiQRmx6Iy -/k7yOKg9V6IBm+6+xxKXKPZeBuVucKPegyI00gbM9F2ql9z30/WGVRtt6vIowuPi -5p5e3mmeL83FUv7tpVnNR50ulfVEflTBHbfgop1THJIYgNT6OODCUQFw/GPzzMNi -8jz3a1GB+OTYNF+x7OzrgBx1AvtryNQz+8lvkWVSfhJx0kgeUwwghIPw5zV4fypf -8XQiP67BcarnB4RiWSgUjs7uQ25ZBxRbZ+D3StvP9+5QEBIh9q7yaj2gxo6fcaNk -ZxKPd2thGiIZD/9H27JXAz7r/U+wtycteXKXogcAdu4i5Zlpqd5c3p2K3XO+sc6Y -cA+uFNWBrz2RsKwIAX2djfYDi8Vp6uACRkE8Vzyo5WoIk0LF6upCCD44DIZGWlzH -t59dGr8HQFvk/6RTuWoMnbtbK1k6qV5CK6q3jVZo2Do4v4uY2D/eXjzaIew+3kDG -v+HDAOVZuTiW2V8XQSrXUr3duCK4Lch+EE8Cw8RyPy1Um6jSUbUGXFryqiLuaqub -72JON1QDH6sLci7xGEccKGyk9xsTLthxFTWkPEjPXNPTAlvbPwdL/eOFmmOOLUqH -HomXDoKITUOJ5ytUQ6WgIpfdOSkRmamMtzfvs6kkogzL53vwNXJMRm05HYgjm1bD -moLpcoFhxEDj8Cd3sY+e+J6rKOgWq8f3+cKNi4qIzpv7JyAUW2gM2sfPPJ6PViPB -MV1CnKli8ZRLEoHXcakjq5ScJi0UyG+rT3vodUdKbVQKxeohry1gX6QO27lDSn2d -6KQy5mueEy9eZh3WsCWXTp/oILRlrgOrxQWySv2M6b15lxFjRvHc1j2/4szaqNWr -fPUQZsDUwl84VrjzoQpXmt+Nn8xgAGEEWpXAc5P6tkm4Nk8lkUErRkbdSWEAjOOF -8cVKCymSVdmFE2RPvZdK9vYCCckjFNBArbT6xQwDjAo4srdaMtxJWb+3kA== -=8DLE ------END PGP PUBLIC KEY BLOCK----- diff --git a/.sops.yaml b/.sops.yaml deleted file mode 100644 index 90bded3..0000000 --- a/.sops.yaml +++ /dev/null @@ -1,5 +0,0 @@ -creation_rules: - - path_regex: \.ya?ml$ - encrypted_regex: ^(data|stringData)$ - pgp: 6CEA91DDB1964869C94DCEC7AF6E3BB1B44F669B - age: age1d47q8mlty404pxx378q49hr93aqexca4mkeqtdm00w4gjd09xd0qhxcdcz \ No newline at end of file diff --git a/infrastructures/mongodb/env/k3s-cluster/config.json b/infrastructures/mongodb/env/k3s-cluster/config.json new file mode 100644 index 0000000..ffce034 --- /dev/null +++ b/infrastructures/mongodb/env/k3s-cluster/config.json @@ -0,0 +1,12 @@ +{ + "appName": "mongodb", + "userGivenName": "mongodb", + "namespace": "mongodb", + "destNamespace": "mongodb", + "destServer": "https://kubernetes.default.svc", + "srcPath": "infrastructures/mongodb/env/k3s-cluster", + "srcRepoURL": "https://github.com/3dwardch3ng/home-cluster-ops.git", + "srcTargetRevision": "", + "labels": null, + "annotations": null +} \ No newline at end of file diff --git a/infrastructures/mongodb/env/k3s-cluster/kustomization.yaml b/infrastructures/mongodb/env/k3s-cluster/kustomization.yaml new file mode 100644 index 0000000..73cc84f --- /dev/null +++ b/infrastructures/mongodb/env/k3s-cluster/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +helmCharts: + - name: mongodb + repo: oci://registry-1.docker.io/bitnamicharts + version: 15.6.14 + releaseName: mongodb + valuesFile: values.yaml \ No newline at end of file diff --git a/infrastructures/mongodb/env/k3s-cluster/values.yaml b/infrastructures/mongodb/env/k3s-cluster/values.yaml new file mode 100644 index 0000000..66ff3bd --- /dev/null +++ b/infrastructures/mongodb/env/k3s-cluster/values.yaml @@ -0,0 +1,34 @@ +namespaceOverride: "mongodb" +auth: + usernames: + - edward + - anysync + databases: + - edward + - anysync + existingSecret: "mongodb-secrets" +automountServiceAccountToken: true +nodeSelector: + kubernetes.io/arch: amd64 +containerSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 +podSecurityContext: + fsGroup: 1000 +startupProbe: + enabled: true +externalAccess: + enabled: true + service: + type: LoadBalancer + autoDiscovery: + enabled: true +persistence: + existingClaim: "mongodb-pvc" +persistentVolumeClaimRetentionPolicy: + enabled: true +serviceAccount: + create: true + name: mongodb +rbac: + create: true \ No newline at end of file diff --git a/renovate.json b/renovate.json deleted file mode 100644 index 5efe2bd..0000000 --- a/renovate.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": [ - "local>3dwardch3ng/renovate-config" - ], - "kubernetes": { - "fileMatch": ["\\.yaml$"] - }, - "helm-values": { - "fileMatch": ["\\.yaml$"] - }, - "flux": { - "fileMatch": ["\\.yaml$"] - }, - "packageRules": [ - { - "matchDatasources": ["helm"], - "commitMessageTopic": "{{depName}} Helm release" - }, - { - "matchDatasources": ["github-releases"], - "matchPackageNames": ["k3s-io/k3s"], - "separateMinorPatch": true - }, - { - "matchPackagePrefixes": ["ghcr.io/immich-app/"], - "groupName": "Immich" - }, - { - "matchDatasources": ["github-tags"], - "matchPackageNames": ["bjw-s/helm-charts"], - "versioning": "regex:^(?.+)-(?\\d+)\\.(?\\d+)\\.(?\\d+)$" - }, - { - "matchDatasources": ["docker", "github-tags"], - "matchPackageNames": ["ghcr.io/fluxcd/flux-manifests", "fluxcd/flux2"], - "groupName": "fluxcd/flux2" - } - ] -} diff --git a/resources/app-secrets/env/k3s-cluster/templates/mongodb.yaml b/resources/app-secrets/env/k3s-cluster/templates/mongodb.yaml new file mode 100644 index 0000000..b45b3bb --- /dev/null +++ b/resources/app-secrets/env/k3s-cluster/templates/mongodb.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + annotations: + argocd.argoproj.io/sync-options: Prune=false + sealedsecrets.bitnami.com/cluster-wide: "true" + sealedsecrets.bitnami.com/managed: "true" + creationTimestamp: null + name: mongodb-secrets + namespace: mongodb +type: Opaque +stringData: + mongodb-root-password: "ic.e6oeHefy983ZC8YpQDfg8" + mongodb-passwords: "VeQ@NGX*W3qrDBQmbVihHTXh,auDJjPpV_y_9-Dt*!dsMovFb" \ No newline at end of file diff --git a/resources/app-volumes/env/k3s-cluster/templates/mongodb-pv.yaml b/resources/app-volumes/env/k3s-cluster/templates/mongodb-pv.yaml new file mode 100644 index 0000000..5a2c168 --- /dev/null +++ b/resources/app-volumes/env/k3s-cluster/templates/mongodb-pv.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: mongodb-pv + namespace: mongodb + labels: + type: local +spec: + storageClassName: local-path + volumeMode: Filesystem + capacity: + storage: 32Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + local: + path: "/mnt/nfs/AppData/mongodb" + claimRef: + apiVersion: v1 + kind: PersistentVolumeClaim + name: mongodb-pvc + namespace: mongodb + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 \ No newline at end of file diff --git a/resources/app-volumes/env/k3s-cluster/templates/mongodb-pvc.yaml b/resources/app-volumes/env/k3s-cluster/templates/mongodb-pvc.yaml new file mode 100644 index 0000000..07b386d --- /dev/null +++ b/resources/app-volumes/env/k3s-cluster/templates/mongodb-pvc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mongodb-pvc + namespace: mongodb + labels: + name: mongodb-pvc +spec: + storageClassName: local-path + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 32Gi \ No newline at end of file From ad234e5a68d1f383487cb1c383f1e356a3e11bcd Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Sun, 21 Jul 2024 01:41:44 +1000 Subject: [PATCH 2/2] add infra app mongodb --- infrastructures/mongodb/env/k3s-cluster/values.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/infrastructures/mongodb/env/k3s-cluster/values.yaml b/infrastructures/mongodb/env/k3s-cluster/values.yaml index 66ff3bd..c4dba16 100644 --- a/infrastructures/mongodb/env/k3s-cluster/values.yaml +++ b/infrastructures/mongodb/env/k3s-cluster/values.yaml @@ -17,12 +17,8 @@ podSecurityContext: fsGroup: 1000 startupProbe: enabled: true -externalAccess: - enabled: true - service: - type: LoadBalancer - autoDiscovery: - enabled: true +service: + type: LoadBalancer persistence: existingClaim: "mongodb-pvc" persistentVolumeClaimRetentionPolicy: