diff --git a/_apps/miniflux.yaml b/_apps/miniflux.yaml new file mode 100644 index 0000000..e8476e5 --- /dev/null +++ b/_apps/miniflux.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: miniflux + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: miniflux + server: https://kubernetes.default.svc + project: apps + source: + path: miniflux + repoURL: https://git.tbrnt.ch/tobru/gitops-tbrnt.git + targetRevision: HEAD + directory: + recurse: true +--- +apiVersion: v1 +kind: Namespace +metadata: + name: miniflux diff --git a/miniflux/app/deployment.yaml b/miniflux/app/deployment.yaml new file mode 100644 index 0000000..ba253f9 --- /dev/null +++ b/miniflux/app/deployment.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: miniflux + name: miniflux +spec: + replicas: 1 + selector: + matchLabels: + app: minflux + strategy: + type: Recreate + template: + metadata: + labels: + app: minflux + spec: + containers: + - image: docker.io/miniflux/miniflux:2.0.32 + name: minflux + - secretRef: + name: miniflux + ports: + - containerPort: 8080 + livenessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 10 + readinessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 10 diff --git a/miniflux/app/ingress.yaml b/miniflux/app/ingress.yaml new file mode 100644 index 0000000..f5ad301 --- /dev/null +++ b/miniflux/app/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + ingress.kubernetes.io/ssl-redirect: "true" + name: miniflux +spec: + rules: + - host: miniflux.tbrnt.ch + http: + paths: + - path: / + backend: + service: + name: miniflux + port: + number: 8080 + pathType: Exact + tls: + - hosts: + - miniflux.tbrnt.ch + secretName: miniflux-tbrnt-ch-cert + diff --git a/miniflux/app/service.yaml b/miniflux/app/service.yaml new file mode 100644 index 0000000..8c8480d --- /dev/null +++ b/miniflux/app/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: miniflux + name: miniflux +spec: + ports: + - name: "8080" + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app: miniflux + type: ClusterIP diff --git a/miniflux/postgres/service.yaml b/miniflux/postgres/service.yaml new file mode 100644 index 0000000..25b970c --- /dev/null +++ b/miniflux/postgres/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: postgres + name: postgres +spec: + ports: + - name: "5432" + port: 5432 + protocol: TCP + targetPort: 5432 + selector: + app: postgres + type: ClusterIP diff --git a/miniflux/postgres/statefulset.yaml b/miniflux/postgres/statefulset.yaml new file mode 100644 index 0000000..29a504c --- /dev/null +++ b/miniflux/postgres/statefulset.yaml @@ -0,0 +1,65 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: postgres +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: postgres + serviceName: postgres + replicas: 1 + template: + metadata: + labels: + app: postgres + annotations: + k8up.syn.tools/backupcommand: /bin/bash -c 'PGPASSWORD=${POSTGRES_PASSWORD} pg_dump -U ${POSTGRES_USER} -Fc ${POSTGRES_DB}' + spec: + terminationGracePeriodSeconds: 10 + containers: + - name: postgres + image: docker.io/postgres:13.4 + imagePullPolicy: IfNotPresent + ports: + - name: postgres + containerPort: 5432 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 256Mi + env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: miniflux + key: DB_USER + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: miniflux + key: DB_PASS + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: miniflux + key: DB_NAME + - name: PGUSER + value: postgres + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + volumeMounts: + - mountPath: /var/lib/postgresql/data/pgdata + name: postgres + subPath: postgres-db + volumeClaimTemplates: + - metadata: + name: postgres + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi + diff --git a/miniflux/secret.yaml b/miniflux/secret.yaml new file mode 100644 index 0000000..9401f4c --- /dev/null +++ b/miniflux/secret.yaml @@ -0,0 +1,20 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: miniflux + namespace: miniflux +spec: + encryptedData: + DATABASE_URL: AgBTksj2BaB0DxhHAmv39TxKOhWPAJAfHyN0bYqzQ+7nY3pPMKOINc18HCiprfczwgh/7WhmQUaLbdqI6P/x8hqS8Wrq6raTQEgzazbXvEV5zGNBw1BvSCJak+dLzYehi8rP/B6Xo68nhlbiYtJoYaF/fDhBU9Yss937EQT8ZCUzM8MZCmFucPmA+ONGqeieSxGFuGJvFiytl1TecQ4xMFOC+dwzmokulrJaz2gmNDjbyBPCkmjVLYVBGIxQnq3vKk0bLSzx2lPVU+A9kdIJsmwnAj66j/KReRwLw0AXZa5tKsxfWXJ92rCiBMu9mnFoIJ6RhoneT5iw6W5JlsdySRplzM2y1UWFQz21alZW0MKsIH7qEMzDXKMWj6T2N393ZBI9VOoAWkr5OHWbLhRvUYw4z5VOcDyi6sYXddU8HIAb/GVIGeUHsecL4OqbU1+Xftj49Sm13aUm0XutYiMYG044/hiSGjohWJPFwrYQrh6UAWlYIcZdEEjhlLOa6liGSU0RtIOix3P6BiAZLCYWovKv6pljrZuEJylEyhMcPz4Ql5EZOcgx0oDmlzT77a6EmnYrLfZLDMZgW/XxaGWB9PGE/ZMhrms6KinsQb9jOfK8sG8t6P4IDTFaXPHjuWkUobjhAnLkWzZCECBPOXNrEBxw8AdgcmXtSNZ7WT01vXRS7YDdNu6Qbn6Dz7brI0FLP+tXUic7s51r9QBe4mrQmBnvYZkRybB78Oudjdi50KvgUpPx7716H6WNVmPSQyiGXnFPCDqwimFtT0wgKUuy/9sSQ/6ENinhd7bcF15i/fTw0Q== + DB_NAME: AgBWy87b31DXZmZ2OmDplJ/D5eJ8V/Az8qQ7Hza/k0x7uWOk8feP0S3/ckeVLUZSL5lql4LIC8a9A8LpufHgv9l35c1RSc52FrIPvddvnnWwU9cW63e+uVfqpEAxiBWV23d6d8/TCOuCrA0bt//qk/w8zjD1nMlNq8wD7IAtXVKm6Pi78ZyWPD2QGol02dKrJSgpC18S1QDF+BvKxWjkpPzEofxZZGd1CiZbgETdgdcMsXaFIH5EBzjjo3nrvR37s5ZCL6i7TWdBcQRP8SpnpEolHTV4yxoCBNGAq8MpKcDli+fVOe0w2aITHu03FXuFsRG8kjxzpk+TgepqRvvqRBBRZzYqaNXBqbCQgH8/A/nK2mmV7bPang4ZtQ+RMFztBxfIKrjdM2UtuoyNfFlrVujG0sA0pd2Tb3BHGwsQxA+jC2QggydS/MNhECmaIKb3md+tIW6jewyz0BwQshm2N1qKWexqh+hHAtQtVYOjlW6HyyzqaZlhzqZVy7zh+1apbdAEIG+F3gkMFo+uAKNjsuhX54h25khC9MyekfMVwV3SyuMaigKJzKntP+BRUyGd1F/oA/I31yzMAgzPLudArBL+jpJsKLA8pBCR8DxqtuGyJAcbyQNloyglQ1augAuFcjY9wVfJPkiews3AVe/Cfqz7o0DvGjycAI2f/jamO5b4rLSfD/8a3/bQGUYo/xRqhmFaD57ATF1QHA== + DB_PASS: AgBes17m5mxTD42oi+uaugg/7zaknDBJBy/37QjnpiZ1t6NQgzLvlfI8rw0eOP0DF+aKfxGoajRO/vgVPVAHZuqu7hEmScuUmpRg63NJV6TmZQdJFpUOlwxJDzS5kTYQ2AF1h/JcAJaEabcWridP7jin1o0RnzKLBeHdDjHGZsbdlvBv9/jtWd6xTcUIGvRg8noOQUcjbF5jomf4YMJcfF0HKmPuuwv36rZMGBncN382ExcJxFiStDu/QCz9bpWY8Ns1kpmZrSB8fAg1uqoFhgZCTmtn0HSyfvOGMIbeu9uoQjCUE5NH6tCpFYvgFEmjCCmqo9e/ZqTjxCzIa51GOktdjMuOMalApYnmg8+8VmRxjsaR6dAEMvWvELwrhGbzcMLOnPD2Nm5sOCrQDmnbcEtsjccrs2U0rwA5Er/q9ohMl5854nMRSpLn1xf6CvITSNgzLVHpQTmCSec0QMVk5Is61DjwWVkPYu45JTP1C4TMOberm35dwqR3tuFuz01w4JQ92tsri9u5yv1wVlLtx9unaLgSf68td2UgEtSyFOCCY+3jLUXfAfZxNMmbseC+vWuNHJ8JG/gDmzbsInwvOyJa+MgzAM+lwy4g9ULyNTT8HpR5akeluzQda2JNP2Dc1dBWOMqAFK09049C46MHvd+a5nzPMM1QQrZCUgK8mQGKcamfV8KHwtPtMidmNY8au+kcivxtl71CDYKODIlORfJ1ubYOeMPIVCRnRvsep0ryHg== + DB_USER: AgCqWSAXDppgU9RyZqUwvbzXst0DhNeu+F/ftUy16mQ4GErvcHDB7k+hIqR3CvNj2WrcT5IrbmXb6eRoD+KpIqkVN/9ofgZWzvIUw5tKVKyv6cuX0OI5hypWqGYaZany8+CwahQIg+H/iQZhHWw60GrukYYrrz/LRAE4CCVbjd/cfNTJitlUlVhvDKNa7K8vafS9pH9TBa2gENkdVgAlvEi+e6sCG0cZHi43d1x+oJxFkwAidY7ck9idHM2Jgdg8FCTQPLvv/jD0pnCTM6aIOXOljwZonyKyN4oKTx3iHQ3mbnHeFbprF6egPRxlN0fLSE3T7ISYPNuPThDOIxvdHMxxtzyCP9DOOK9qxcj33QNkaw9+WbX4qRDKWB5jThoDeMAlTr5citKsHorXGmRXv9JCiu+UzFRLTBC08yf4u4Px71rP+y5qzajh3BvF5WgoRrl8asg7skrKBN3/i0mtLbPxTxudbR5V/k9la0NsCcuqH98dHByzsmJunR74uZo1Q2HGcg4sN9/IAE4LH99JdrfbAW5fHy4zv1xsirWqi6cZlJoYOQW09l6ujWdhYC1tzGFvazqDc7fOsLyr2mlzIYpCA1c9HEkvB39ax2ms43+sbpAuC2gEPDQNP5ZMTM/m9GHo0xVrmGbnhq/2j7N1hBjXnuOQyg1shzHOCL/zPHuUpvmgOUhtXgEWFdDmIUcBEyIHLESYmAc+9g== + template: + metadata: + creationTimestamp: null + name: miniflux + namespace: miniflux + type: Opaque +status: {} +