diff --git a/.woodpecker/deploy.yaml b/.woodpecker/deploy.yaml index f9fc24d..2e580d3 100644 --- a/.woodpecker/deploy.yaml +++ b/.woodpecker/deploy.yaml @@ -91,16 +91,4 @@ steps: - pwd - kubectl apply -Rf manifests/pleroma # TODO: fix this - - envsubst < manifests/pleroma/templates/deployment.yaml | kubectl apply -f - - prometheus: - image: cr.forge.lan/alk8s/alk8s - pull: true - environment: - KUBECONFIG_BASE64: - from_secret: kubeconfig_base64 - CI_COMMIT_SHA: ${CI_COMMIT_SHA} - commands: - - mkdir -p ~/.kube - - echo $KUBECONFIG_BASE64 | base64 -d > ~/.kube/config - - pwd - - kubectl apply -Rf manifests/prometheus \ No newline at end of file + - envsubst < manifests/pleroma/templates/deployment.yaml | kubectl apply -f - \ No newline at end of file diff --git a/manifests/grafana/configmap.yaml b/manifests/grafana/configmap.yaml deleted file mode 100644 index c40067f..0000000 --- a/manifests/grafana/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: darkdork-dev - name: prometheus-config -data: - prometheus.yml: | - global: - scrape_interval: 15s - - scrape_configs: - - job_name: 'pleroma' - scheme: http - static_configs: - - targets: ['pleroma:4021'] \ No newline at end of file diff --git a/manifests/grafana/deployment.yaml b/manifests/grafana/deployment.yaml deleted file mode 100644 index 9327c57..0000000 --- a/manifests/grafana/deployment.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: grafana - namespace: darkdork-dev -spec: - replicas: 1 - selector: - matchLabels: - app: grafana - template: - metadata: - labels: - app: grafana - spec: - imagePullSecrets: - - name: registry-credentials - containers: - - name: grafana - image: grafana/grafana - imagePullPolicy: IfNotPresent - ports: - - containerPort: 3000 - env: - - name: GF_SERVER_ROOT_URL - value: http://darkdork.grafana.lan - volumeMounts: - - name: grafana-data - mountPath: /var/lib/grafana - volumes: - - name: grafana-data - persistentVolumeClaim: - claimName: grafana-pvc - securityContext: - runAsUser: 472 - runAsGroup: 0 - fsGroup: 0 ---- diff --git a/manifests/grafana/ingress.yaml b/manifests/grafana/ingress.yaml deleted file mode 100644 index 4ecc701..0000000 --- a/manifests/grafana/ingress.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: grafana - namespace: darkdork-dev -spec: - ingressClassName: nginx - rules: - - host: darkdork.grafana.lan - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: grafana - port: - number: 3000 ---- diff --git a/manifests/grafana/pvc.yaml b/manifests/grafana/pvc.yaml deleted file mode 100644 index 082c816..0000000 --- a/manifests/grafana/pvc.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: grafana-pvc - namespace: darkdork-dev - labels: - app: grafana -spec: - storageClassName: longhorn-single-replica-best-effort - accessModes: - - ReadWriteOnce - resources: - requests: - storage: - 10Gi ---- diff --git a/manifests/grafana/service.yaml b/manifests/grafana/service.yaml deleted file mode 100644 index d545d5c..0000000 --- a/manifests/grafana/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: grafana - namespace: darkdork-dev -spec: - ports: - - port: 3000 - name: grafana - targetPort: 3000 - protocol: TCP - selector: - app: grafana ---- diff --git a/manifests/pleroma/configmap.yaml b/manifests/pleroma/configmap.yaml index 031ec01..79c0bf7 100644 --- a/manifests/pleroma/configmap.yaml +++ b/manifests/pleroma/configmap.yaml @@ -35,13 +35,6 @@ data: disabled: false, manual_metrics_start_delay: :no_delay, drop_metrics_groups: [], - grafana: [ - host: System.get_env("GRAFANA_HOST", "http://localhost:3000"), - auth_token: System.get_env("GRAFANA_TOKEN"), - upload_dashboards_on_start: false, - folder_name: "BEAM", - annotate_app_lifecycle: true - ], metrics_server: [ port: 4021, path: "/metrics", diff --git a/manifests/pleroma/jobs.yaml b/manifests/pleroma/jobs.yaml new file mode 100644 index 0000000..1a62836 --- /dev/null +++ b/manifests/pleroma/jobs.yaml @@ -0,0 +1,40 @@ +# sX/vQ3gaDErEFr9wuYqlaJ/yWdswBMkY4wczeq6t3bEgwo2Ia+vHcN9pbf7dBjahEihjkZ7jS5W48DIfmOFsug== + +apiVersion: batch/v1 +kind: Job +metadata: + name: migrate + namespace: darkdork-dev +spec: + template: + spec: + imagePullSecrets: + - name: registry-credentials + containers: + - name: migrate + image: cr.forge.lan/darkdork-dev/pleroma:latest + command: [ "/bin/ash", "-c", "/opt/pleroma/bin/pleroma_ctl migrate" ] + env: + - name: DB_HOST + value: postgres + - name: DB_NAME + value: pleroma + - name: DB_USER + value: pleroma + - name: DB_PASS + valueFrom: + secretKeyRef: + name: postgres + key: postgres-password + volumeMounts: + - name: pleroma-config-volume + mountPath: /etc/pleroma/config.exs + subPath: config.exs + restartPolicy: Never + volumes: + - name: pleroma-config-volume + configMap: + name: pleroma-config + defaultMode: 0640 # Pleroma is picky about config file permissions. + securityContext: + fsGroup: 1000 # Ensures pleroma can still read the config file \ No newline at end of file diff --git a/manifests/pleroma/pvc.yaml b/manifests/pleroma/pvc.yaml index b055d27..591cdd9 100644 --- a/manifests/pleroma/pvc.yaml +++ b/manifests/pleroma/pvc.yaml @@ -8,7 +8,7 @@ metadata: app: pleroma spec: accessModes: ["ReadWriteOnce"] - storageClassName: longhorn-single-replica-best-effort + storageClassName: longhorn-single-replica resources: requests: storage: 2Gi \ No newline at end of file diff --git a/manifests/pleroma/service.yaml b/manifests/pleroma/service.yaml index 96bc549..28ea493 100644 --- a/manifests/pleroma/service.yaml +++ b/manifests/pleroma/service.yaml @@ -7,13 +7,8 @@ metadata: spec: ports: - port: 80 - name: http targetPort: 4000 protocol: TCP - - port: 4021 - name: prometheus - targetPort: 4021 - protocol: TCP selector: app: pleroma --- diff --git a/manifests/pleroma/templates/deployment.yaml b/manifests/pleroma/templates/deployment.yaml index b30d9d6..c994d73 100644 --- a/manifests/pleroma/templates/deployment.yaml +++ b/manifests/pleroma/templates/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: pleroma + name: pleromax namespace: darkdork-dev spec: replicas: 1 @@ -15,174 +15,166 @@ spec: app: pleroma spec: imagePullSecrets: - - name: registry-credentials + - name: registry-credentials initContainers: - - name: init - image: cr.forge.lan/darkdork-dev/pleroma:${CI_COMMIT_SHA} - imagePullPolicy: IfNotPresent - command: [ "sh", "-c", "mix ecto.migrate" ] - env: - - name: MIX_ENV - value: prod - - name: SIGNING_SALT - value: quYau0c - - name: DOMAIN - value: darkdork.dev - - name: INSTANCE_NAME - value: DarkDork.dev - - name: ADMIN_EMAIL - value: pwm@crlf.ninja - - name: NOTIFY_EMAIL - value: pleroma@crlf.ninja - - name: REGISTRATIONS_OPEN - value: "false" - - name: INVITES_ENABLED - value: "true" - - name: SECRET_KEY_BASE - valueFrom: - secretKeyRef: - name: pleroma - key: secret-key-base - - name: WEB_PUSH_PUBLIC_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: web-push-public-key - - name: WEB_PUSH_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: web-push-private-key - - name: DEFAULT_SIGNER - valueFrom: - secretKeyRef: - name: pleroma - key: default-signer - - name: MEDIA_URL - value: "https://media.darkdork.dev" - - name: S3_BUCKET - value: pleroma.darkdork.dev - - name: S3_ACCESS_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: minio-access-key - - name: S3_SECRET_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: minio-secret-key - - name: S3_SCHEME - value: "http://" - - name: S3_HOST - value: minio - - name: S3_PORT - value: "80" - - name: DB_HOST - value: postgres - - name: DB_NAME - value: pleroma - - name: DB_USER - value: pleroma - - name: DB_PASS - valueFrom: - secretKeyRef: - name: postgres - key: postgres-password - volumeMounts: - - name: pleroma-config-volume - mountPath: /pleroma/config/prod.secret.exs - subPath: prod.secret.exs + - name: init + image: cr.forge.lan/darkdork-dev/pleroma:${CI_COMMIT_SHA} + imagePullPolicy: IfNotPresent + command: [ "sh", "-c", "mix ecto.migrate" ] + env: + - name: MIX_ENV + value: prod + - name: SIGNING_SALT + value: quYau0c + - name: DOMAIN + value: darkdork.dev + - name: INSTANCE_NAME + value: DarkDork.dev + - name: ADMIN_EMAIL + value: pwm@crlf.ninja + - name: NOTIFY_EMAIL + value: pleroma@crlf.ninja + - name: REGISTRATIONS_OPEN + value: "false" + - name: INVITES_ENABLED + value: "true" + - name: SECRET_KEY_BASE + valueFrom: + secretKeyRef: + name: pleroma + key: secret-key-base + - name: WEB_PUSH_PUBLIC_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: web-push-public-key + - name: WEB_PUSH_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: web-push-private-key + - name: DEFAULT_SIGNER + valueFrom: + secretKeyRef: + name: pleroma + key: default-signer + - name: MEDIA_URL + value: "https://media.darkdork.dev" + - name: S3_BUCKET + value: pleroma.darkdork.dev + - name: S3_ACCESS_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: minio-access-key + - name: S3_SECRET_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: minio-secret-key + - name: S3_SCHEME + value: "http://" + - name: S3_HOST + value: minio + - name: S3_PORT + value: "80" + - name: DB_HOST + value: postgres + - name: DB_NAME + value: pleroma + - name: DB_USER + value: pleroma + - name: DB_PASS + valueFrom: + secretKeyRef: + name: postgres + key: postgres-password + volumeMounts: + - name: pleroma-config-volume + mountPath: /pleroma/config/prod.secret.exs + subPath: prod.secret.exs containers: - - name: pleroma - image: cr.forge.lan/darkdork-dev/pleroma:${CI_COMMIT_SHA} - imagePullPolicy: IfNotPresent - command: ["sh", "-c", "elixir --sname pleroma -S mix phx.server --no-compile"] - ports: - - containerPort: 4000 - - containerPort: 4021 - env: - - name: MIX_ENV - value: prod - - name: SIGNING_SALT - value: quYau0c - - name: DOMAIN - value: darkdork.dev - - name: INSTANCE_NAME - value: DarkDork.dev - - name: ADMIN_EMAIL - value: pwm@crlf.ninja - - name: NOTIFY_EMAIL - value: pleroma@crlf.ninja - - name: REGISTRATIONS_OPEN - value: "false" - - name: INVITES_ENABLED - value: "true" - - name: SECRET_KEY_BASE - valueFrom: - secretKeyRef: - name: pleroma - key: secret-key-base - - name: GRAFANA_HOST - value: darkdork.grafana.lan - - name: GRAFANA_TOKEN - valueFrom: - secretKeyRef: - name: pleroma - key: grafana-token - - name: WEB_PUSH_PUBLIC_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: web-push-public-key - - name: WEB_PUSH_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: web-push-private-key - - name: DEFAULT_SIGNER - valueFrom: - secretKeyRef: - name: pleroma - key: default-signer - - name: MEDIA_URL - value: "https://media.darkdork.dev" - - name: S3_BUCKET - value: pleroma.darkdork.dev - - name: S3_ACCESS_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: minio-access-key - - name: S3_SECRET_KEY - valueFrom: - secretKeyRef: - name: pleroma - key: minio-secret-key - - name: S3_SCHEME - value: "http://" - - name: S3_HOST - value: minio - - name: S3_PORT - value: "80" - - name: DB_HOST - value: postgres - - name: DB_NAME - value: pleroma - - name: DB_USER - value: pleroma - - name: DB_PASS - valueFrom: - secretKeyRef: - name: postgres - key: postgres-password - volumeMounts: - - name: pleroma-config-volume - mountPath: /pleroma/config/prod.secret.exs - subPath: prod.secret.exs - - name: pleroma-emoji-volume - mountPath: /static-files/emoji/ - subPath: emoji/ + - name: pleroma + image: cr.forge.lan/darkdork-dev/pleroma:${CI_COMMIT_SHA} + imagePullPolicy: IfNotPresent + command: ["sh", "-c", "elixir --sname pleroma -S mix phx.server --no-compile"] + ports: + - containerPort: 4000 + env: + - name: MIX_ENV + value: prod + - name: SIGNING_SALT + value: quYau0c + - name: DOMAIN + value: darkdork.dev + - name: INSTANCE_NAME + value: DarkDork.dev + - name: ADMIN_EMAIL + value: pwm@crlf.ninja + - name: NOTIFY_EMAIL + value: pleroma@crlf.ninja + - name: REGISTRATIONS_OPEN + value: "false" + - name: INVITES_ENABLED + value: "true" + - name: SECRET_KEY_BASE + valueFrom: + secretKeyRef: + name: pleroma + key: secret-key-base + - name: WEB_PUSH_PUBLIC_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: web-push-public-key + - name: WEB_PUSH_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: web-push-private-key + - name: DEFAULT_SIGNER + valueFrom: + secretKeyRef: + name: pleroma + key: default-signer + - name: MEDIA_URL + value: "https://media.darkdork.dev" + - name: S3_BUCKET + value: pleroma.darkdork.dev + - name: S3_ACCESS_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: minio-access-key + - name: S3_SECRET_KEY + valueFrom: + secretKeyRef: + name: pleroma + key: minio-secret-key + - name: S3_SCHEME + value: "http://" + - name: S3_HOST + value: minio + - name: S3_PORT + value: "80" + - name: DB_HOST + value: postgres + - name: DB_NAME + value: pleroma + - name: DB_USER + value: pleroma + - name: DB_PASS + valueFrom: + secretKeyRef: + name: postgres + key: postgres-password + volumeMounts: + - name: pleroma-config-volume + mountPath: /pleroma/config/prod.secret.exs + subPath: prod.secret.exs + - name: pleroma-emoji-volume + mountPath: /static-files/emoji/ + subPath: emoji/ volumes: - name: pleroma-config-volume configMap: diff --git a/manifests/postgres/pvc.yaml b/manifests/postgres/pvc.yaml index 932887e..c555668 100644 --- a/manifests/postgres/pvc.yaml +++ b/manifests/postgres/pvc.yaml @@ -1,3 +1,19 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: postgres-pvc + namespace: darkdork-dev + labels: + app: postgres +spec: + volumeName: pvc-43c3a05b-5556-4d7c-83e3-ee6436f1a48e + accessModes: ["ReadWriteOnce"] + storageClassName: longhorn-ssd + resources: + requests: + storage: 10Gi + --- apiVersion: v1 kind: PersistentVolumeClaim @@ -12,4 +28,18 @@ spec: resources: requests: storage: 15Gi + --- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: postgres-local-path-test-pvc + namespace: darkdork-dev + labels: + app: postgres +spec: + accessModes: ["ReadWriteOnce"] + storageClassName: local-path + resources: + requests: + storage: 10Gi \ No newline at end of file diff --git a/manifests/postgres/statefulset.yaml b/manifests/postgres/statefulset.yaml index 0b3edb5..8fe7c2e 100644 --- a/manifests/postgres/statefulset.yaml +++ b/manifests/postgres/statefulset.yaml @@ -114,6 +114,9 @@ spec: - name: postgres-config-volume configMap: name: postgres-config + - name: postgres-storage + persistentVolumeClaim: + claimName: postgres-pvc - name: postgres-local persistentVolumeClaim: claimName: postgres-local-pvc \ No newline at end of file diff --git a/manifests/prometheus/configmap.yaml b/manifests/prometheus/configmap.yaml deleted file mode 100644 index c40067f..0000000 --- a/manifests/prometheus/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: darkdork-dev - name: prometheus-config -data: - prometheus.yml: | - global: - scrape_interval: 15s - - scrape_configs: - - job_name: 'pleroma' - scheme: http - static_configs: - - targets: ['pleroma:4021'] \ No newline at end of file diff --git a/manifests/prometheus/deployment.yaml b/manifests/prometheus/deployment.yaml deleted file mode 100644 index 9e5c737..0000000 --- a/manifests/prometheus/deployment.yaml +++ /dev/null @@ -1,40 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: prometheus - namespace: darkdork-dev -spec: - replicas: 1 - selector: - matchLabels: - app: prometheus - template: - metadata: - labels: - app: prometheus - spec: - imagePullSecrets: - - name: registry-credentials - containers: - - name: prometheus - image: prom/prometheus - imagePullPolicy: IfNotPresent - ports: - - containerPort: 9090 - volumeMounts: - - name: prometheus-data - mountPath: /prometheus - - name: prometheus-config - mountPath: /etc/prometheus/prometheus.yml - subPath: prometheus.yml - volumes: - - name: prometheus-data - persistentVolumeClaim: - claimName: prometheus-pvc - - name: prometheus-config - configMap: - name: prometheus-config - securityContext: - fsGroup: 1000 ---- diff --git a/manifests/prometheus/ingress.yaml b/manifests/prometheus/ingress.yaml deleted file mode 100644 index 17ec259..0000000 --- a/manifests/prometheus/ingress.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: prometheus - namespace: darkdork-dev -spec: - ingressClassName: nginx - rules: - - host: darkdork.prometheus.lan - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: prometheus - port: - number: 9090 ---- diff --git a/manifests/prometheus/pvc.yaml b/manifests/prometheus/pvc.yaml deleted file mode 100644 index c3f7206..0000000 --- a/manifests/prometheus/pvc.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: prometheus-pvc - namespace: darkdork-dev - labels: - app: prometheus -spec: - storageClassName: longhorn-ssd - accessModes: - - ReadWriteOnce - resources: - requests: - storage: - 10Gi ---- diff --git a/manifests/prometheus/service.yaml b/manifests/prometheus/service.yaml deleted file mode 100644 index b2412de..0000000 --- a/manifests/prometheus/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: prometheus - namespace: darkdork-dev -spec: - ports: - - port: 9090 - name: prometheus - targetPort: 9090 - protocol: TCP - selector: - app: prometheus ----