feat(CN-5): move manifests to shared location

cnstr · Jul 16, 2024 · 137019e · 137019e
1 parent db2ff24
commit 137019e
Show file tree

Hide file tree

Showing 24 changed files with 545 additions and 0 deletions.
diff --git a/k8s/api/1-config.yaml b/k8s/api/1-config.yaml
@@ -0,0 +1,14 @@
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  name: vault-api-kv
+  namespace: canister
+spec:
+  destination:
+    create: true
+    name: api-kv
+  mount: kv
+  path: canister/api
+  refreshAfter: 30s
+  type: kv-v2
+  vaultAuthRef: vault-auth
diff --git a/k8s/api/2-deployment.yaml b/k8s/api/2-deployment.yaml
@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: api
+  namespace: canister
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: com.tale.canister.api
+  template:
+    metadata:
+      labels:
+        app: com.tale.canister.api
+    spec:
+      restartPolicy: Always
+      containers:
+      - name: api
+        image: ghcr.io/cnstr/api:latest
+        imagePullPolicy: Always
+        ports:
+        - name: api
+          containerPort: 3000
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        envFrom:
+        - secretRef:
+            name: api-kv
diff --git a/k8s/api/3-service.yaml b/k8s/api/3-service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: api
+  namespace: canister
+spec:
+  ports:
+    - port: 3000
+      targetPort: 3000
+  selector:
+    app: com.tale.canister.api
diff --git a/k8s/api/4-ingress.yaml b/k8s/api/4-ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: api
+  namespace: canister
+  annotations:
+    cert-manager.io/cluster-issuer: acme-prod
+
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: api.canister.me
+      http:
+        paths:
+          - pathType: Prefix
+            path: /v2
+            backend:
+              service:
+                name: api
+                port:
+                  number: 3000
+  tls:
+    - hosts:
+        - 'api.canister.me'
+      secretName: api-tls
diff --git a/k8s/clickhouse/1-config.yaml b/k8s/clickhouse/1-config.yaml
@@ -0,0 +1,14 @@
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  name: vault-clickhouse-kv
+  namespace: canister
+spec:
+  destination:
+    create: true
+    name: clickhouse-kv
+  mount: kv
+  path: canister/clickhouse
+  refreshAfter: 30s
+  type: kv-v2
+  vaultAuthRef: vault-auth
diff --git a/k8s/clickhouse/2-migration.yaml b/k8s/clickhouse/2-migration.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: clickhouse-migration
+  namespace: canister
+data:
+  migration.sql: |
+    CREATE TABLE IF NOT EXISTS canister.download_events (
+      package_id String,
+      package_version String,
+      package_author String,
+      package_maintainer String,
+      repository_uri String,
+      repository_suite String,
+      repository_component String,
+      client String,
+      client_version String,
+      jailbreak String,
+      jailbreak_version String,
+      distribution String,
+      distribution_version String,
+      client_architecture String,
+      client_bitness UInt32,
+      device String,
+      device_platform String,
+      device_version String,
+      database_uuid String,
+      timestamp String,
+      time DateTime
+    )
+    ENGINE = MergeTree()
+    ORDER BY (timestamp)
diff --git a/k8s/clickhouse/3-pvc.yaml b/k8s/clickhouse/3-pvc.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: clickhouse
+  namespace: canister
+spec:
+  storageClassName: openebs-hostpath
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 25Gi
diff --git a/k8s/clickhouse/4-deployment.yaml b/k8s/clickhouse/4-deployment.yaml
@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: clickhouse
+  namespace: canister
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: com.tale.canister.clickhouse
+  template:
+    metadata:
+      labels:
+        app: com.tale.canister.clickhouse
+    spec:
+      restartPolicy: Always
+      containers:
+      - name: clickhouse
+        image: clickhouse/clickhouse-server:latest
+        ports:
+        - name: clickhouse
+          containerPort: 8123
+        volumeMounts:
+        - name: migration
+          mountPath: /docker-entrypoint-initdb.d/
+        - name: data
+          mountPath: /var/lib/clickhouse
+        env:
+        - name: 'CLICKHOUSE_DEFAULT_ACCES_MANAGEMENT'
+          value: '1'
+        envFrom:
+        - secretRef:
+            name: clickhouse-kv
+        readinessProbe:
+          httpGet:
+            path: /ping
+            port: 8123
+          initialDelaySeconds: 5
+          periodSeconds: 5
+        livenessProbe:
+          httpGet:
+            path: /ping
+            port: 8123
+          initialDelaySeconds: 5
+          periodSeconds: 5
+      volumes:
+      - name: migration
+        configMap:
+          name: clickhouse-migration
+          items:
+            - key: migration.sql
+              path: migration.sql
+      - name: data
+        persistentVolumeClaim:
+          claimName: clickhouse
diff --git a/k8s/clickhouse/5-service.yaml b/k8s/clickhouse/5-service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: clickhouse
+  namespace: canister
+spec:
+  ports:
+    - port: 8123
+      targetPort: 8123
+  selector:
+    app: com.tale.canister.clickhouse
diff --git a/k8s/core/1-config.yaml b/k8s/core/1-config.yaml
@@ -0,0 +1,14 @@
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  name: vault-core-kv
+  namespace: canister
+spec:
+  destination:
+    create: true
+    name: core-kv
+  mount: kv
+  path: canister/core
+  refreshAfter: 30s
+  type: kv-v2
+  vaultAuthRef: vault-auth
diff --git a/k8s/core/2-job.yaml b/k8s/core/2-job.yaml
@@ -0,0 +1,22 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: core
+  namespace: canister
+spec:
+  schedule: 0 * * * *
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 1
+  concurrencyPolicy: Replace
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          restartPolicy: OnFailure
+          containers:
+            - image: ghcr.io/cnstr/core:latest
+              imagePullPolicy: Always
+              name: core
+              envFrom:
+                - secretRef:
+                    name: core-kv
diff --git a/k8s/grafana/1-pvc.yaml b/k8s/grafana/1-pvc.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: grafana
+  namespace: canister
+spec:
+  storageClassName: openebs-hostpath
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1.5Gi
diff --git a/k8s/grafana/2-deployment.yaml b/k8s/grafana/2-deployment.yaml
@@ -0,0 +1,29 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: grafana
+  namespace: canister
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: com.tale.canister.grafana
+  template:
+    metadata:
+      labels:
+        app: com.tale.canister.grafana
+    spec:
+      restartPolicy: Always
+      containers:
+      - name: grafana
+        image: grafana/grafana:latest
+        ports:
+        - name: grafana
+          containerPort: 3000
+        volumeMounts:
+        - name: dashboards
+          mountPath: /var/lib/grafana
+      volumes:
+      - name: dashboards
+        persistentVolumeClaim:
+          claimName: grafana
diff --git a/k8s/grafana/3-service.yaml b/k8s/grafana/3-service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: grafana
+  namespace: canister
+spec:
+  ports:
+    - port: 3000
+      targetPort: 3000
+  selector:
+    app: com.tale.canister.grafana
diff --git a/k8s/grafana/4-ingress.yaml b/k8s/grafana/4-ingress.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: grafana
+  namespace: canister
+  annotations:
+    cert-manager.io/cluster-issuer: acme-prod
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: dash.canister.me
+      http:
+        paths:
+          - pathType: Prefix
+            path: /
+            backend:
+              service:
+                name: grafana
+                port:
+                  number: 3000
+  tls:
+    - hosts:
+        - 'dash.canister.me'
+      secretName: grafana-tls
diff --git a/k8s/typesense/1-config.yaml b/k8s/typesense/1-config.yaml
@@ -0,0 +1,14 @@
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  name: vault-typesense-kv
+  namespace: canister
+spec:
+  destination:
+    create: true
+    name: typesense-kv
+  mount: kv
+  path: canister/typesense
+  refreshAfter: 30s
+  type: kv-v2
+  vaultAuthRef: vault-auth
diff --git a/k8s/typesense/2-pvc.yaml b/k8s/typesense/2-pvc.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: typesense
+  namespace: canister
+spec:
+  storageClassName: openebs-hostpath
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi