From ced5a7b4a1b64090810f03da4d55dc4c929c6938 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Thu, 4 Jan 2024 08:56:12 -0600 Subject: [PATCH] websites: Host darkchestofwonders.us in k8s The *darkchestofwonders.us* website is a legacy Python/mod_wsgi application. It was down for a while after updating the main web server to Fedora 38. Although we don't upload as many screenshots anymore, we do still enjoy looking at the old ones. Until I get a chance to either update the site to use a more modern deplyoment mechansim, or move the screenshots to some other photo hosting system, the easiest way to keep it online is to run it in a container. --- websites/darkchestofwonders.us/ingress.yaml | 25 +++++ .../darkchestofwonders.us/kustomization.yaml | 12 +++ websites/darkchestofwonders.us/server.yaml | 94 +++++++++++++++++++ websites/darkchestofwonders.us/storage.yaml | 14 +++ websites/kustomization.yaml | 9 ++ websites/namespace.yaml | 12 +++ websites/secrets.yaml | 14 +++ 7 files changed, 180 insertions(+) create mode 100644 websites/darkchestofwonders.us/ingress.yaml create mode 100644 websites/darkchestofwonders.us/kustomization.yaml create mode 100644 websites/darkchestofwonders.us/server.yaml create mode 100644 websites/darkchestofwonders.us/storage.yaml create mode 100644 websites/kustomization.yaml create mode 100644 websites/namespace.yaml create mode 100644 websites/secrets.yaml diff --git a/websites/darkchestofwonders.us/ingress.yaml b/websites/darkchestofwonders.us/ingress.yaml new file mode 100644 index 0000000..f50fdfe --- /dev/null +++ b/websites/darkchestofwonders.us/ingress.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: darkchestofwonders.us + labels: + app.kubernetes.io/name: darkchestofwonders.us + app.kubernetes.io/component: darkchestofwonders.us + app.kubernetes.io/part-of: darkchestofwonders.us + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/proxy-body-size: 100m +spec: + ingressClassName: nginx + rules: + - host: darkchestofwonders.us + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: darkchestofwonders + port: + name: http diff --git a/websites/darkchestofwonders.us/kustomization.yaml b/websites/darkchestofwonders.us/kustomization.yaml new file mode 100644 index 0000000..c26d36d --- /dev/null +++ b/websites/darkchestofwonders.us/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +labels: +- pairs: + app.kubernetes.io/instance: darkchestofwonders.us + includeSelectors: true + +resources: +- storage.yaml +- server.yaml +- ingress.yaml diff --git a/websites/darkchestofwonders.us/server.yaml b/websites/darkchestofwonders.us/server.yaml new file mode 100644 index 0000000..619f7e5 --- /dev/null +++ b/websites/darkchestofwonders.us/server.yaml @@ -0,0 +1,94 @@ +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: darkchestofwonders.us + app.kubernetes.io/name: darkchestofwonders.us + app.kubernetes.io/part-of: darkchestofwonders.us + name: darkchestofwonders +spec: + ports: + - port: 8204 + name: http + selector: + app.kubernetes.io/component: darkchestofwonders.us + app.kubernetes.io/name: darkchestofwonders.us + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: darkchestofwonders.us + app.kubernetes.io/name: darkchestofwonders.us + app.kubernetes.io/part-of: darkchestofwonders.us + name: darkchestofwonders +spec: + selector: + matchLabels: + app.kubernetes.io/component: darkchestofwonders.us + app.kubernetes.io/name: darkchestofwonders.us + template: + metadata: + labels: + app.kubernetes.io/component: darkchestofwonders.us + app.kubernetes.io/name: darkchestofwonders.us + app.kubernetes.io/part-of: darkchestofwonders.us + spec: + containers: + - name: darkchestofwonders + image: git.pyrocufflink.net/packages/darkchestofwonders:5 + envFrom: + - configMapRef: + name: darkchestofwonders.us + optional: true + ports: + - containerPort: 8204 + name: http + readinessProbe: &probe + httpGet: + port: 8204 + path: / + failureThreshold: 3 + periodSeconds: 60 + successThreshold: 1 + timeoutSeconds: 1 + startupProbe: + <<: *probe + failureThreshold: 30 + periodSeconds: 1 + initialDelaySeconds: 1 + securityContext: + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /data + name: data + subPath: data + - mountPath: /data/screenshots + name: data + subPath: data/screenshots + - mountPath: /data/thumbnails + name: data + subPath: data/thumbnails + - mountPath: /run + name: tmp + subPath: run + - mountPath: /run/httpd + name: tmp + subPath: run/httpd + - mountPath: /tmp + name: tmp + subPath: tmp + securityContext: + fsGroup: 48 + runAsGroup: 48 + runAsNonRoot: true + runAsUser: 48 + volumes: + - name: data + persistentVolumeClaim: + claimName: darkchestofwonders.us + - name: tmp + emptyDir: + medium: Memory diff --git a/websites/darkchestofwonders.us/storage.yaml b/websites/darkchestofwonders.us/storage.yaml new file mode 100644 index 0000000..4024b66 --- /dev/null +++ b/websites/darkchestofwonders.us/storage.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: darkchestofwonders.us + app.kubernetes.io/name: darkchestofwonders.us + app.kubernetes.io/part-of: darkchestofwonders.us + name: darkchestofwonders.us +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 8Gi diff --git a/websites/kustomization.yaml b/websites/kustomization.yaml new file mode 100644 index 0000000..572e679 --- /dev/null +++ b/websites/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: websites + +resources: +- namespace.yaml +- secrets.yaml +- darkchestofwonders.us diff --git a/websites/namespace.yaml b/websites/namespace.yaml new file mode 100644 index 0000000..7487b73 --- /dev/null +++ b/websites/namespace.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: websites + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: default +imagePullSecrets: +- name: imagepull-gitea diff --git a/websites/secrets.yaml b/websites/secrets.yaml new file mode 100644 index 0000000..025a08b --- /dev/null +++ b/websites/secrets.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: imagepull-gitea + namespace: websites +spec: + encryptedData: + .dockerconfigjson: AgA70FuJy4rnu87LIhpwAUnGgmR4jes9fW5HcIcyEfFcRqFdQDXJMGhChDiTgSTHJH47MBhKpVDFudOSt6B9islVTOcIz7VsI5AO1CtAOlKNUqSyS8EXzGzGwc0Yley4ID0jcJP6+DbzqQ7PBSsXcTo79i/eLp+cUwtpqRGLBjTgS4377apVyY+s8SePuo8r/zByeJvxxEN5iQ3prArsNEIIdYQmTzbcFXIQUkNBE/JN9sG5lxAKjtFZdp1yQLI6uuvHI+9uvbzDGjD+0mis8+qu0CWIHDF70aEvZXVnVcDcR1fRPnia0hGeI1QT2XINHsCqZBALR54RsmNbFY4K8JDHyaBmbqiEWMnqj+cvBD2k1pddeepd0UqdHHiKAg5RW/HIrc7IRZGlioC6gz8N/++p6LiFyzWfOInJdnSfVUnPQ1QD3dcHvGYNrrax+zxUPs/jaXeuRP4NZmrSyO+nhB4BMkek0P7Jcu1wMrxyBIfwSdFY9wbVLEag4srF3Z2s8YJyghv0bSaHD+IFoQPBzk6TC6KO1iYgQIJ1UFnxqDD4TU+y8/XEz2O1GHtij1oko9D9kkyi/WxJtZ0/1AE7zYrD6z4KelH1uR5E7S4bH5gpWzqyjgrHiV0SaPfgVBl/CXrY8pudeVa8noPOnMjFAhX8GDhePTyUtqTN4nH4nAoNlCJwjDZ+9c1Qz40AJ44cGQe5eSWqpsVvlPMyT7PxlQcRG9/ifIy3/7CC1Zt47qtIVKQF/peC5B7bfgOojNVNy2Zmldg4DpyCJUvHn0GLyiXDeWSZbRBrHPrE2vB0EiwGMXtxiL4omZU7pqSEaVGEkpbevgcBLvxpJjuSv6IKWkEnwF68ZqQdNJjJc0EbYTahlyt8elB425JlOBeL/0QDYaLRtCv4ANgHrywuX2wVFuhP933ZqdBCpmA4KsVR4+jQ4hvgUDrwMQrhumpY5VK9BAr45USWw4st2Bn0T41iqz2n2nSF22/c3/eoMzxU3N0VEMdowxtuU14srpZoNWg= + template: + metadata: + name: imagepull-gitea + namespace: websites + type: kubernetes.io/dockerconfigjson